EaseUS Todo HQ

I like this backup software and used the free version a few times before
I decided to pay for a licensed version when they offered a special
discount on it. Then I realized something I wasn't aware befo
EaseUS looks like a Chinese product because of the confirmation mail I
received from "CHENGDU YIWO Tech Development Co., Ltd." Am I wrong? Does
anybody know more about this company? I hesitate to use any software
that is developed in China or Russia, the home of many of the worst
hackers. And what would make the ideal Trojan Horse on a PC than a
backup software? I started to be suspicious when I saw that extreme long
period between executing the program and the pop-up of the GUI.
Could that time be used by the software to get a snapshot of the system
and "call home" with it? Tell me it ain't so and I am just paranoid.

cameo wrote on 8/21/2015 1:16 PM:
I like this backup software and used the free version a few times before I decided to pay for a licensed version when
they offered a special discount on it. Then I realized something I wasn't aware befo
EaseUS looks like a Chinese product because of the confirmation mail I received from "CHENGDU YIWO Tech Development Co.,
Ltd." Am I wrong? Does anybody know more about this company? I hesitate to use any software that is developed in China
or Russia, the home of many of the worst hackers. And what would make the ideal Trojan Horse on a PC than a backup
software? I started to be suspicious when I saw that extreme long period between executing the program and the pop-up of
the GUI.
Could that time be used by the software to get a snapshot of the system and "call home" with it? Tell me it ain't so and
I am just paranoid.


If you're looking for free, Macrium Reflect is good. I used EaseUS free and as much as it worked, I liked Macrium
better. However if I pay, I use Acronis True Image. I have 2013 &14 spread over 3 machines.

cameo wrote:

I like this backup software and used the free version a few times
before I decided to pay for a licensed version when they offered a
special discount on it. Then I realized something I wasn't aware
befo EaseUS looks like a Chinese product because of the
confirmation mail I received from "CHENGDU YIWO Tech Development Co.,
Ltd." Am I wrong? Does anybody know more about this company?

If you are afraid of any software that is distributed from countries
other than your own then you need to stop using computers. There are a
lot more countries than your own that develop software. It's not the
country you need to be concerned about. It's who produced the software
and that could be the USA, Germany, or even your own. Badware, spyware,
and malware comes from everywhere.

I hesitate to use any software that is developed in China or Russia,
the home of many of the worst hackers.

Those would be in the USA.

There's a web site for them (blackhats.com) end they even have annual
conventions in the USA and Europe and Pwn2Own contests. Haven't
bothered with learning to history of where they originally started but
looks to be global now. Same for CanSecWest and the Pwn2Own contests.

Easeus is a good company. Yes, they are Chineseware. So are other
products that I use. I also use Russianware, Australianware,
Americanware, Czechware, Germanware, Communityware, and even some
UnknownAuthorCountryware.

And what would make the ideal Trojan Horse on a PC than a backup
software?

That would be any executable you run on your computer.

I started to be suspicious when I saw that extreme long period between
executing the program and the pop-up of the GUI. Could that time be
used by the software to get a snapshot of the system and "call home"
with it? Tell me it ain't so and I am just paranoid.

You are paranoid. You are also lazy in that you don't do your own
online research to see if a product has established itself or to review
a company profile.

Go visit the alt.comp.os.windows-10 newsgroup. Other countries are
concerned about their privacy laws getting violated by Microsoft. Users
are concerned about their privacy and personal data getting collected by
Microsoft. There are new tools showing up to more easily configure
Windows 10 so users are more secure. Users have been adding some
Microsoft sites to their 'hosts' file to thwart tracking yet Microsoft
has hardcoded the IP addresses of many of their sites into Windows so
their is no DNS lookup so there is no check of the 'hosts' file (i.e.,
all DNS lookup is bypassed) since Windows XP (don't know about Win2000).
Yet I bet you trust Microsoft.

The only way to be safe[er] is to be an educated user. That requires
proactive research: learn before using.

Paul wrote:

cameo wrote:
I like this backup software and used the free version a few times before
I decided to pay for a licensed version when they offered a special
discount on it. Then I realized something I wasn't aware befo
EaseUS looks like a Chinese product because of the confirmation mail I
received from "CHENGDU YIWO Tech Development Co., Ltd." Am I wrong? Does
anybody know more about this company? I hesitate to use any software
that is developed in China or Russia, the home of many of the worst
hackers. And what would make the ideal Trojan Horse on a PC than a
backup software? I started to be suspicious when I saw that extreme long
period between executing the program and the pop-up of the GUI.
Could that time be used by the software to get a snapshot of the system
and "call home" with it? Tell me it ain't so and I am just paranoid.

Details are in Wikipedia. 200 employees.

https://en.wikipedia.org/wiki/EaseUS

It's a little late to be asking the question now,
if you've already installed the software.

I have two "freebie" programs fro EaseUS. One
had OpenCandy (a delivery vehicle for adware),

OpenCandy is not a delivery vehicle for adware. It is, as you say,
adware itself. If you research what is OpenCandy, it is a means to
advertize other software. Rather than include bundleware with a program
(which *is* delivery of other software which may or may not itself be
adware), OpenCandy does not include the bundleware but offers to
download it for you *if and only if* YOU decide. It allows the sofware
author to recoup some of their costs by advertizing other software.
This really isn't something new with freeware as many if not most
freeware includes bundleware or offers it via link as with OpenCandy.

OpenCandy only runs when the installer runs. It is a lib that is
attached to the installer code so it only runs during the install.
After the install completes, OpenCandy isn't around anymore (except in
the case the installer crashed or did not perform proper post-cleanup).
In case OpenCandy's lib gets left behind (worthless unless called by the
installer), they even provide a clean-up tool to eliminate the unusable
file space consumed by their dev plug-in.

Those claiming OpenCandy is malware are running around with deliberate
blindfolds (they refuse to learn what is OpenCandy) yelling "the sky is
falling, the sky is falling". OpenCandy is not worse (or, conversely,
is just as bad) than bundleware included with software, some of which
may come from the author themself of the program you want to install.
Only boobs select the default or typical install choice. Always, when
available, use the custom install choice and even then make damn sure to
actually read the dialogs presented by the installer program. Usually
bundleware is opted in by default so the user needs to opt out of that
crap. Same for OpenCandy: read the installer dialogs and do NOT select
any of the offered crapware.

OpenCandy eliminates bloating the size of the installer by not including
the bundleware with the installer. There is the size of the OpenCandy
library file that the installer calls for what is currently offered as
the "bundle" but it's pretty small compared to bundleware for actual
programs included with the installer. OpenCandy is a plug-in to the
installer. Are you always running the installer?

Just go read http://opencandy.com/faqs/. If you don't believe them to
be truthful then go do your own independent research on how OpenCandy
works, run your own network monitors to see where OpenCandy connects
during an install (at the point, usually at the end, in the install
where the installer program calls the OpenCandy plug-in) and then watch
after the install for similar connections (which won't happen unless you
are again running another installer that incorporates the OpenCandy
plug-in).

Fearmongering about OpenCandy reminds of every few years someone again
writes up about the evil of Flash cookies despite Flash itself lets you
configure it NOT to allow the creation of .sol cookie files and you can
disable or prompt for use of local storage when a site requests it. If
you use cookie cleaners then make sure not to delete the settings.sol
cookie file (i.e., don't go wiping all .sol files) because that is where
your settings are retained so Flash can comply to your choices. I had
to tell the CCleaner author to stop deleting this cookie so Flash would
actually obey my settings for Flash.

When the installer calls the OpenCandy, just say no to the offers. Same
goes for when software (not always freeware) comes with bundleware
(usually opted in): just say no. You actually have to read the
installer dialogs to say no. Opting in, by default, denigrates the
bundleware or offers to foistware. This bundling issue would not be a
problem if installers always opted out by default. I've seen some of
those but so few and infrequently that I can't remember which ones opted
out by default.

"We guarantee that all app recommendations are optional and you may
choose to accept, decline, or uninstall any app at any time."

I'm not sure how they can guarantee an install of an accidentally
(usually lazily) accepted offer. It's not their software that got
installed as the offer. Accept and decline are the only actions they
can guarantee that users will have a choice. They question is whether
they default to opt-in or opt-out. As I recall from some dev
discussion, defaulting to opt-in or opt-out was the installer program
author's choice.

To clarify, only the installer program is adware if it incorporates the
plug-in to call the OpenCandy lib. The main program is not necessarily
adware (that it is adware is independent of whether OpenCandy was used
or not when its installer ran). So you get a bloated installer that
includes the bundleware or you get a smaller installer that phones home
to determine what are the offers du jour. By the way, OpenCandy isn't
the only one that reduces the size of the installer by not including the
bundleware but only offering it to you. All those installers that push
Google Chrome do not include the installer for that program. They
provide the web installer to reduce size. So the authors shoving Google
Chrome in your face are including someone else's web installer.

Even if OpenCandy is included in an installer, and if you are deathly
afraid that you will not choose a custom install or cannot say no to the
offers of bundleware (installed separately), you can easily disable
OpenCandy. Just don't let your computer connect to OpenCandy's servers.
You can add entries in your 'hosts' file. If the OpenCandy plug-in
called by the installer cannot connect to the servers then it cannot
present any offers from there. You can use the /NOCANDY command-line
switch when you run the OpenCandy-enabled installer but I have seen
where the author ****ed up and didn't use the command-line arguments to
prevent it from calling the OpenCandy lib. If you block *.opencandy.com
in your firewall then you never have to be concerned whether or not a
program's installer used OpenCandy. This info comes from OpenCandy
themself.

If you want to complain about the use of OpenCandy then complain to the
author of the program's installer that uses the OpenCandy plug-in. In
the same vein, complain to the author about bundleware if the author
made it foistware by opting in to all that crap. A restaurant manager
won't know about bad food or bad service unless you tell him.

From what I've seen of OpenCandy, so far, it is no worse (and actually
better) than authors that bloat their installers with bundleware and
especially have it opted in by default. After all, bundleware is also
advertizing another product to receive monetary reward to offset the
author's costs. I have not done a survey but it seems from personal
experience that most installers are adware.

On 8/21/15 1:49 PM, VanguardLH wrote:
cameo wrote:

snip

I also use Russianware, Australianware,
Americanware, Czechware, Germanware, Communityware, and even some
UnknownAuthorCountryware.

How about Tupperware???????? G

Sorry, VanguardLK, I just couldn't resist that! LOL

snip

The only way to be safe[er] is to be an educated user. That requires
proactive research: learn before using.

Agreed. One of the possible outcomes could be switching to Mac or some
flavor of Linux. Not touting either over Windows, just don't discard
either out of hand. It all depends on how you use your system.



--
Ken
Mac OS X 10.8.5
Firefox 36.0.4
Thunderbird 31.5
"My brain is like lightning, a quick flash
and it's gone!"

cameo wrote on 08/21/2015 1:16 PM:
I like this backup software and used the free version a few times before
I decided to pay for a licensed version when they offered a special
discount on it. Then I realized something I wasn't aware befo
EaseUS looks like a Chinese product because of the confirmation mail I
received from "CHENGDU YIWO Tech Development Co., Ltd." Am I wrong? Does
anybody know more about this company? I hesitate to use any software
that is developed in China or Russia, the home of many of the worst
hackers. And what would make the ideal Trojan Horse on a PC than a
backup software? I started to be suspicious when I saw that extreme long
period between executing the program and the pop-up of the GUI.
Could that time be used by the software to get a snapshot of the system
and "call home" with it? Tell me it ain't so and I am just paranoid.



CHENGDU Yiwo Tech Development Co., Ltd. (" Yiwo ")
Address: 12 F, Building 1, Idealism Center, No. 38 Tian Yi Street,
Hi-tech Zone, Chengdu, Sichuan Province, China

Any information sent to Yiwo, with the exception of credit card numbers,
will be deemed NOT CONFIDENTIAL. You grant Yiwo an unrestricted,
irrevocable license to display, use, modify, perform, reproduce,
transmit, and distribute any information you send Yiwo, for any and all
commercial and non-commercial purposes.

You also agree that Yiwo is free to use any ideas, concepts, or
techniques that you send Yiwo for any purpose, including, but not
limited to, developing, manufacturing, and marketing products that
incorporate such ideas, concepts, or techniques.



--
...winston
msft mvp windows experience

On Fri, 21 Aug 2015 17:01:51 -0600 "Ken Springer"
wrote in article mr8aks$3ro$1
@news.albasani.net
Agreed. One of the possible outcomes could be switching to Mac or some
flavor of Linux.

Those systems are far from invulnerable. Look at the weekly CERT bulletin
for proof.

On 8/21/2015 12:16 PM, cameo wrote:
I like this backup software and used the free version a few times before
I decided to pay for a licensed version when they offered a special
discount on it. Then I realized something I wasn't aware befo
EaseUS looks like a Chinese product because of the confirmation mail I
received from "CHENGDU YIWO Tech Development Co., Ltd." Am I wrong? Does
anybody know more about this company? I hesitate to use any software
that is developed in China or Russia, the home of many of the worst
hackers. And what would make the ideal Trojan Horse on a PC than a
backup software? I started to be suspicious when I saw that extreme long
period between executing the program and the pop-up of the GUI.
Could that time be used by the software to get a snapshot of the system
and "call home" with it? Tell me it ain't so and I am just paranoid.


I used their "Partiton Master" to partition my hard drive ---it
worked fine

VanguardLH wrote on 08/21/2015 16:32 ET :
Paul wrote:

cameo wrote:
I like this backup software and used the free version a few times before
I decided to pay for a licensed version when they offered a special
discount on it. Then I realized something I wasn't aware befo
EaseUS looks like a Chinese product because of the confirmation mail I
received from "CHENGDU YIWO Tech Development Co., Ltd." Am I wrong?
Does
anybody know more about this company? I hesitate to use any software
that is developed in China or Russia, the home of many of the worst
hackers. And what would make the ideal Trojan Horse on a PC than a
backup software? I started to be suspicious when I saw that extreme long
period between executing the program and the pop-up of the GUI.
Could that time be used by the software to get a snapshot of the system
and "call home" with it? Tell me it ain't so and I am just
paranoid.



Details are in Wikipedia. 200 employees.

https://en.wikipedia.org/wiki/EaseUS

It's a little late to be asking the question now,
if you've already installed the software.

I have two "freebie" programs fro EaseUS. One
had OpenCandy (a delivery vehicle for adware),



OpenCandy is not a delivery vehicle for adware. It is, as you say,
adware itself. If you research what is OpenCandy, it is a means to
advertize other software. Rather than include bundleware with a program
(which *is* delivery of other software which may or may not itself be
adware), OpenCandy does not include the bundleware but offers to
download it for you *if and only if* YOU decide. It allows the sofware
author to recoup some of their costs by advertizing other software.
This really isn't something new with freeware as many if not most
freeware includes bundleware or offers it via link as with OpenCandy.

OpenCandy only runs when the installer runs. It is a lib that is
attached to the installer code so it only runs during the install.
After the install completes, OpenCandy isn't around anymore (except in
the case the installer crashed or did not perform proper post-cleanup).
In case OpenCandy's lib gets left behind (worthless unless called by the
installer), they even provide a clean-up tool to eliminate the unusable
file space consumed by their dev plug-in.

Those claiming OpenCandy is malware are running around with deliberate
blindfolds (they refuse to learn what is OpenCandy) yelling "the sky is
falling, the sky is falling". OpenCandy is not worse (or, conversely,
is just as bad) than bundleware included with software, some of which
may come from the author themself of the program you want to install.
Only boobs select the default or typical install choice. Always, when
available, use the custom install choice and even then make damn sure to
actually read the dialogs presented by the installer program. Usually
bundleware is opted in by default so the user needs to opt out of that
crap. Same for OpenCandy: read the installer dialogs and do NOT select
any of the offered crapware.

OpenCandy eliminates bloating the size of the installer by not including
the bundleware with the installer. There is the size of the OpenCandy
library file that the installer calls for what is currently offered as
the "bundle" but it's pretty small compared to bundleware for actual
programs included with the installer. OpenCandy is a plug-in to the
installer. Are you always running the installer?

Just go read http://opencandy.com/faqs/. If you don't believe them to
be truthful then go do your own independent research on how OpenCandy
works, run your own network monitors to see where OpenCandy connects
during an install (at the point, usually at the end, in the install
where the installer program calls the OpenCandy plug-in) and then watch
after the install for similar connections (which won't happen unless you
are again running another installer that incorporates the OpenCandy
plug-in).

Fearmongering about OpenCandy reminds of every few years someone again
writes up about the evil of Flash cookies despite Flash itself lets you
configure it NOT to allow the creation of .sol cookie files and you can
disable or prompt for use of local storage when a site requests it. If
you use cookie cleaners then make sure not to delete the settings.sol
cookie file (i.e., don't go wiping all .sol files) because that is where
your settings are retained so Flash can comply to your choices. I had
to tell the CCleaner author to stop deleting this cookie so Flash would
actually obey my settings for Flash.

When the installer calls the OpenCandy, just say no to the offers. Same
goes for when software (not always freeware) comes with bundleware
(usually opted in): just say no. You actually have to read the
installer dialogs to say no. Opting in, by default, denigrates the
bundleware or offers to foistware. This bundling issue would not be a
problem if installers always opted out by default. I've seen some of
those but so few and infrequently that I can't remember which ones opted
out by default.

"We guarantee that all app recommendations are optional and you may
choose to accept, decline, or uninstall any app at any time."

I'm not sure how they can guarantee an install of an accidentally
(usually lazily) accepted offer. It's not their software that got
installed as the offer. Accept and decline are the only actions they
can guarantee that users will have a choice. They question is whether
they default to opt-in or opt-out. As I recall from some dev
discussion, defaulting to opt-in or opt-out was the installer program
author's choice.

To clarify, only the installer program is adware if it incorporates the
plug-in to call the OpenCandy lib. The main program is not necessarily
adware (that it is adware is independent of whether OpenCandy was used
or not when its installer ran). So you get a bloated installer that
includes the bundleware or you get a smaller installer that phones home
to determine what are the offers du jour. By the way, OpenCandy isn't
the only one that reduces the size of the installer by not including the
bundleware but only offering it to you. All those installers that push
Google Chrome do not include the installer for that program. They
provide the web installer to reduce size. So the authors shoving Google
Chrome in your face are including someone else's web installer.

Even if OpenCandy is included in an installer, and if you are deathly
afraid that you will not choose a custom install or cannot say no to the
offers of bundleware (installed separately), you can easily disable
OpenCandy. Just don't let your computer connect to OpenCandy's servers.
You can add entries in your 'hosts' file. If the OpenCandy plug-in
called by the installer cannot connect to the servers then it cannot
present any offers from there. You can use the /NOCANDY command-line
switch when you run the OpenCandy-enabled installer but I have seen
where the author ****ed up and didn't use the command-line arguments to
prevent it from calling the OpenCandy lib. If you block *.opencandy.com
in your firewall then you never have to be concerned whether or not a
program's installer used OpenCandy. This info comes from OpenCandy
themself.

If you want to complain about the use of OpenCandy then complain to the
author of the program's installer that uses the OpenCandy plug-in. In
the same vein, complain to the author about bundleware if the author
made it foistware by opting in to all that crap. A restaurant manager
won't know about bad food or bad service unless you tell him.

From what I've seen of OpenCandy, so far, it is no worse (and actually
better) than authors that bloat their installers with bundleware and
especially have it opted in by default. After all, bundleware is also
advertizing another product to receive monetary reward to offset the
author's costs. I have not done a survey but it seems from personal
experience that most installers are adware.

Yesterday, I downloaded and installed EaseUS Partition Master. Nice software.
Since then my + - 1 Mbps bandwidth was its peak, + - 140 KB/s.
My connection isn´t symettrical, so, the download bandwidh is higher than
the upload bandwidth. This peak of 140 KB/s is the maximum *download* bandwidth
(usually this level is recorded when I´m using Netflix).
I´ve found that some application had 11 open connections to 69.16.175.10
at port 80.
I killed the EaseUS installer task, which was still active after the
installation, and the bandwith returned to normal. I didn´t restarted the
machine yet.
There´s no a website answering at port 80 in 69.16.175.10. I googled
around and discovered that this IP is suspicious.
Whatever they did, they were *uploading* something to my computer.
Just in case, I adjusted Avast firewall to ask about all traffic by EaseUS
software. I started the partition manager again and the bandwidth usage
remained
low.

cameo wrote on 8/21/2015 1:16 PM:
I like this backup software and used the free version a few times before I decided to pay for a licensed version when
they offered a special discount on it. Then I realized something I wasn't aware befo
EaseUS looks like a Chinese product because of the confirmation mail I received from "CHENGDU YIWO Tech Development Co.,
Ltd." Am I wrong? Does anybody know more about this company? I hesitate to use any software that is developed in China
or Russia, the home of many of the worst hackers. And what would make the ideal Trojan Horse on a PC than a backup
software? I started to be suspicious when I saw that extreme long period between executing the program and the pop-up of
the GUI.
Could that time be used by the software to get a snapshot of the system and "call home" with it? Tell me it ain't so and
I am just paranoid.


Backup software should allow you to make a boot recovery CD. I've used Macrium. With the boot CD, you could unplug
the Ethernet cable, boot and make your backups if you think the program is phoning home. Doesn't solve the paranoid
aspect of it, rather just confirms you're paranoid :-)