I don’t believe in “one strike and you’re out”. CCleaner remains a valuable tool for your computer maintenance needs…
… regardless of what is being said by some click-bait headlines.
Become a Patron of Ask Leo! and go ad-free!
It’s a company’s worst nightmare. I’m constantly telling people to download software from the official download site to avoid unexpected add-ons in the form of PUPs and malware. When the official site itself is compromised, even that advice doesn’t help.
Avast (the new owners of Piriform’s CCleaner) has updated the product to remove the malware, and current downloads are safe. They’re also in the process of determining the exact scope of the attack, who was vulnerable and to what degree, and what safeguards they need to avoid this type of thing happening again.
Initial indications are that while the malware has affected over two million machines, it’s effectively been neutered. The malware itself did nothing malicious, other than act as a gateway for the potential backdoor installation of additional malware. The command-and-control servers used to make that delivery have been taken down. The current understanding is that this was a targeted attack on “select large technology and telecommunication companies”, according to Avast. Consumer machines were characterized as “uninteresting” to the malware.
What seems to have gone well
In my opinion, Avast has done a good job of publicly reporting the issues, and continuing to report on the progress of their investigation.
Of course this should never have happened, but as I’ve said before: there’s no such thing as perfect security. What’s arguably at least as important as good security is the quality, speed, and honesty in response to security issues that are discovered.
So far, Avast appears to be handling it well.
I wish I could say the same for some of their competitors.
In recent days, I’ve seen at least two cases of companies I would characterize as being in competition with either Avast or CCleaner publishing headlines and “analysis” I can only characterize as hyperbole. Rather than addressing the specific issues encountered, and perhaps contrasting their own product in comparison, they seem to be using this event as an excuse to use the worst possible terms and impacts to characterize CCleaner (or Avast) as no longer trustworthy and something that should be immediately abandoned.
I don’t agree. Not at all. So much so that my opinion of those other products has been somewhat diminished.
The worst-case scenario
One thing I’ve seen referenced is what I often refer to as the “nuclear option” when it comes to malware.
Specifically, some competitors have recommended that you completely reformat your machine and reinstall Windows from scratch if you happened to install the affected version of CCleaner.
In an absolute sense, that option is valid. Once you have malware on your machine, you have no idea what it might have done. But that’s true for any and all malware, at any time and from any source. Why they happened to make that recommendation in response to this specific situation becomes highly suspect if they’re not making it any other time.
At a more practical level, it’s gross overkill, and in my opinion, unwarranted.
At worst, you might restore from a backup image taken prior to CCleaner’s installation. Honestly, even that is overkill, and not something I recommend or will do myself.
What I recommend
My response to this is pretty simple, actually:
- Update your copy of CCleaner, if you plan to use it, or simply uninstall your current copy. You can always reinstall later when you need the tool again.
- Run up-to-date anti-malware scans. Your automated scans and updates may be enough, but to be on the safe side, have your security tool run a complete scan manually.
- Stay alert to more news. If something more troubling is discovered, then take action in proportion to its severity. Right now, I’m not expecting anything major at all.
Most of all, I’m not recommending that you abandon CCleaner. It remains a good and useful tool.
As long as Avast’s response continues to be appropriate, I see no reason to bail.