There was an interesting problem with the recent OpenCandy integration: Microsoft Security Essentials started flagging the Sigil Windows installers as containing adware. From discussions with the OC people, this appeared to be because the MS people didn’t like that OC was storing a certain key in the registry and then transmitting it to the OC servers. The key acted exactly like a browser cookie, and pretty much every website you’ve ever visited stores one on your computer. Other AV vendors and security researchers agreed with the OC folks that this is just fine and doesn’t constitute “adware” behavior, but the MS folks disagreed.
So after two weeks of back-and-forth, the OC folks have decided to remove this specific behavior from their SDK. For their part, MS has agreed that the new OC plugin isn’t adware even by their definition, so installers using it will not throw warnings.
I have just uploaded Sigil 0.3.4b for Windows to the downloads area, and it contains this new version of the plugin. MSE has no complaints about the new installers.
Sigil itself remains unchanged in this version, so if you have 0.3.4 installed, there is no reason to update.