AxCrypt. It's Good And Bad News.



Last week I recommended that you take a look at Cryptainer if you need a replacement for the now-defunct TrueCrypt encryption product.  A handful of people have suggested that another free program, AxCrypt, is also a suitable replacement, and I promised to take a look at it.  So here goes.

AxCrypt is free, and you can download it from (but carry on reading first).  It's a 3.3 MB download. and should install on all recent versions of Windows.

Unlike TrueCrypt, which creates virtual encrypted drives, AxCrypt works on individual files.  If you want to encrypt multiple files, you'll need to do them one at a time, or add them to a zip file and then encrypt the zip.  Which, if you've got lots of files but only a handful of them are confidential, actually works very well.  Just right-click a confidential file, choose the Encrypt option, and you're done.  To open the file with whatever app it's associated with, double-click it as normal, and enter the password when prompted. 

However, while AxCrypt provides useful features, it fails one of the key tests here at Gizmo's.  According to VirusTotal it's not malware-free, and is actually picked up by 7 of VT's 54 separate scanning engines.  In all cases, this is because it uses the OpenCandy system, which attempts to get you to install other programs at the same time (for which the makers of AxCrypt receive a small payment).  For this reason alone, I can't recommend that you use the standard, installable version of AxCrypt.

However, on the same download page mentioned above, there's also a portable version.  The good news is that this doesn't use OpenCandy. The bad news is that it isn't quite as usable.  You don't get "encrypt" and "decrypt" buttons added to all of your Windows Explorer menus.  Instead, you have to run AxCrypt, which brings up its own Explorer-like interface, and do everything from there.  And because there's nothing installed on your PC, the encrypted files (which have a .axx extension) confuse Windows to the point where it doesn't know how to open them.  So double-clicking an encrypted file won't work.  You'll need to open it in AxCrypt, decrypt it, then open it in your required application.

AxCrypt2Go, as the portable version is called, provides a useful function, but sadly it's nowhere near as usable as the OpenCandy-infected installable version.  Which means, when I get around to abandoning TrueCrypt, I'll probably be sticking with Cryptainer.




Please rate this article: 

Your rating: None
Average: 3.4 (29 votes)


WAIT! The solution to the OpenCandy issue is simple. Download the .exe. Open the file with 7-zip. Just extract the .msi file - none of the other files. MSI is Microsoft's built-in package installer technology. Right click on the .msi, chose Install, and you're fine. You will not be prompted for the optional installs like OpenCandy, because they are not in the .msi package. The are embedded in the setup.exe (archive) separately. Upload the .msi to VirusTotal and see for yourself. you do not need to run the setup.exe to install AxCrypt. Just use the .msi.

BTW, AxCrypt is awesome. And you can encrypt many files or even a folder all at once.

I've had my own experiences with OC and I think much depends on where you download it from. I've downloaded AxCrypt from and not had a problem with it wanting to install other crap. I've used it for quite a while and like it very much and my scanners haven't picked up any issues with it (one of which is Malwarebytes as mentioned). That said, I suspect if a person downloaded it from cnet, through yahoo, etc - they'd probably pick up the crap mentioned by others here during the install.

There is another alternative to Truecrypt. Its called Veracrypt and is based on Truecrypt. Major advantage: It adds enhanced security to the algorithms used for system and partitions encryption making it immune to new developments in brute-force attacks. The container format is not compatible to truecrypt.

I thought Rob down under, and several of us a few months ago starting calling it Crapware. There's Shareware, Freeware, Public Domain, Commercial or Boxware, and Crapware.

There's nothing wrong with a developer offering it as Shareware with a time bomb in it after 90 days from Installing. Jim Button made a good living with PCFile.

Crapware will never succeed anywhere.

Any type of adware, Is malware. Developers need to stop including this kind of garbage in their software. It is not needed nor wanted. Gizmos provides a great service and is trying to protect us from the junk. You guys need to stop bashing the staff at Gizmos, they are only trying to help us and many people don't want to go through all the garbage to install something. It should be a straight forward install, not use the Command promp, not opening the file to pick out the adware exe, or anything of that sort. They, ( Devs ) shouldn't be so hungry they resort to adding crap in their programs just to make a buck.

I'll second that mouse53, with 1 clarification, I do understand that freeware creators need, want or hope to make money on their software and I will help them when I can.

It always seemed simple to me, IF an adware or toolbar developer is truly proud of their software, all they have to do is add a little blurb during the freeware installation telling you it is available and what it does and then have an UNchecked box where I can opt-in if I am interested.
Having a hidden or difficult to find box that is already checked and I HAVE to opt-out to avoid is underhanded no matter how you look at it.
IMHO That includes Adobe w/McAfee.

I also appreciate Gizmos giving me a heads-up when a program is infected with un-necessary and probably unwanted add-ons.

I agree with most commenters here: calling Axcrypt "OpenCandy-infected" is unfair, just like calling Gizmo "Adwords-infected".

With the slight difference that opting out of OpenCandy in AxCrypt (or not installing from the beginning) is so easy that I'm surprised the author of this article was not able to do it, while opting out from Google Retargeting is a bit more complex. Furthermore, I've not seen any "Warning, you'll be tracked by BigG because we earn money on you via AW" when opening this page, so just to apply your line of reasoning you didn't give the option to opt-out, while AxCrypt does. :-)

Many of these comments leave me to believe that a lot of people think Open Candy is optional. In my experience it isn't.

I recently installed IMGBurn. I did not select any optional software during the install process, and yet Malwarebytes detected Open Candy on my fresh OS install.

This constitutes an unwanted intrusion IMO. I was lead to believe I was installing IMGBurn and nothing else, and yet that crap was installed too. The sooner the majority labels it as unacceptable, the sooner devs stop including it in their installers.

What happens with an installer that includes Open Candy is that when the installation runs, a dll file is executed, usually "OCSetupHlp.dll" in my experience and it is this that MBAM and some other anti-malwares will detect as a PUP. Also most third-party firewalls will pick it up if configured to make executables ask before connecting to the internet.

The dll file is extracted to, and run from, the system temp directory and connects to the internet to show you the various bundled offers. If you decline all the extras then the dll is deleted after the installer finishes and nothing is left on your system except the program you wanted.

You can read about this in more detail on the OpenCandy website and observe the process for yourself with basic system monitoring freeware and/or a sandbox/virtualised OS.

>> I did not select any optional software during the install process
Afaik, with OpenCandy, you should UNselect any optional software

I have used AxCrypt for some time now and have nothing but good things to report about it. It is excellent software, is dead simple to use, and does what it says it will do. When I had a question about something, I emailed the developer and got a prompt and informative answer.

As to OpenCandy (OC), it is of course appropriate for Gizmo's to note in any review that OC will appear during the installation process and to inform potentially unaware readers as to what OC is and how to avoid installing something they may not want. However, the AxCrypt developer is very open and honest about why he includes OC and provides clear and easy instructions for installing AxCrypt without OC.

By way of comparison, look at how Adobe tries to trick the unaware into installing McAfee Security Scan Plus during Adobe Flash Player updates. Is the Adobe update process "McAfee-infected?"

Instead of calling any program "OpenCandy-infected," it might be better if Gizmo's were to have a standard advisory note which could be inserted into the review of any software which contains OC. That brief note could then refer those readers who are unfamiliar with OC to a Gizmo's reference page which explains OC in more detail and explains how to avoid installing OC software if you don't want it.

I really appreciate all the hard work that Rob and the other Gizmo's reviewers put into researching and presenting free software choices, and I highly value the reviews in Gizmo's, but I have to say that using the term "OpenCandy-infected" for AxCrypt is unfair and unjustly maligns an elegantly simple and useful program which is well-designed, safe to install, and works well. Based on my personal experience, I recommend AxCrypt highly.

I second that.
Rather than call Open Candy "malware", it should be classified as a "PUP", or "Potentially Unwanted Program", as some anti-virus/anti-spyware programs typically will do.

Rob, give this a several files inside a single folder. Now encrypt that folder. All files in that folder should be encrypted. At least it works for me. I also installed the non-OpenCandy version simply by registering for free with a throw-away email address. You actually gave a great write up of AxCrypt compared to TrueCrypt a couple years ago here at Gizmos.

>> For this reason alone, I can't recommend that you use the standard, installable version of AxCrypt.
Thanks for at least sharing this great working freeware with us!
I hope the fact that a freeware program includes OpenCandy will NEVER be a reason not to even mention it here!
For me, OpenCandy is no issue given it is dead simple to workaround/opt out.
Just use your brains and read the text of the different installation windows carefully when you install ANYTHING.

"For me, OpenCandy is no issue given it is dead simple to workaround/opt out."

Yeah, but for how long... THAT is the question. I've had open candy sneak on my machine due to the opt out box being out of view... yeah, that is sneaky.

It would be interesting to see how successful a website would be if they offered only CANDYWARE programs. Just Sayin' YMMV

You make it sound like OpenCandy is some sort of malware, it is not. It's adware, and last time I checked it's completely optional.

It's not unreasonable for developers to try earn some money by including something like OpenCandy which is as far as I can tell is completely harmless. If you don't like the included application(s), then choose not to install them, it's as simple as that.

I'm really getting tired of people whining about OpenCandy.

The staff at Gizmo's attempts to be thorough when providing product reviews so let's applaud the effort and not complain when they mention items such as Open Candy. I use a program called "Unchecky" which runs in the background to deal with this type of garbage.

Just FYI, when I hover my mouse over the link for, I get a yellow WOT warning. Caveat emptor.

That's interesting because both WOT and my Avast Online Security plugin are green and indicate no risk for the Unchecky site. The program has worked well for me with no problems.

I'm afraid I've noticed a certain degree of bias against OpenCandy on several occasions from some Gizmo's staff/users, so how can I not complain when they demonize "OpenCandy" and use terms such as "OpenCandy-infected".

Also, the author goes as far was stating that he cannot recommend the installable version just because it comes with OpenCandy? That's not fair in my opinion.

OpenCandy is not malware and I've never faced any problems with it, I always just unchecked it and installed the application normally.

There are far worse adwares out there, some cleverly hidden that the user could miss it and other don't even give you a choice.

I tend to agree with that...

I followed the link from drh2020 ( The author is very clear about what he is doing and why, he's not trying to sneak anything past the user.

He also provides a clear explanation of how to install the program without the additional "features" (by explaining a command line install, or for those who don't know what that means he explains what to do to decline them)

There's even the option to download an "uncontaminated" version, but that does require a free registration -- with a working email address

I'd say on balance this is acceptable. He is open and clear on how gets some income to make a free program I want to use, and allows me to opt out if I wish.

For those who're interested in getting a full setup with no OpenCandy, open the Windows Command Prompt from the folder containing the setup file and run it with a /nocandy switch, e.g. AxCrypt-1.7.3156.0-Setup.exe /nocandy It works like a charm for me. To open the Windows Command Prompt from the folder containing the setup file, see this tip.

I have just downloaded the free VSEncryptor from LOKIBIT. The file is 2.24 MB (2.7 MB for Windows 64-bit) and it's clean according to avast! AntiVirus and Malwarebytes Anti-Malware. It can encrypt text and files and supports 21(!) encryption algorithms. It's worth a try.

I am pretty sure you can do a custom install and omit open candy.


"For those of you who want to remove OpenCandy: Extract the Axcrypt Installer with OpenCandy Offer using 7-Zip. Open the folder and delete $PLUGINSDIR. This should remove the OpenCandy junk from the installer."
- found on:

Also, check this out:

Alas, someone made a good program and crapped on it with OpenCandy.

Maybe one day authors will stop all this sneaky stuff and produce good stuff like PCFile and PC Write. If it's good, people will register...eventually.