Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

What the CCleaner Hack Means to You

//
How about a word on CCleaner. Do you still recommend?

I do.

I don’t believe in “one strike and you’re out”. CCleaner remains a valuable tool for your computer maintenance needs…

… regardless of what is being said by some click-bait headlines.

Become a Patron of Ask Leo! and go ad-free!

What happened

For one month, downloads of CCleaner version 5.33.6162 included malicious software.

It’s a company’s worst nightmare. I’m constantly telling people to download software from the official download site to avoid unexpected add-ons in the form of PUPs and malware. When the official site itself is compromised, even that advice doesn’t help.

Avast (the new owners of Piriform’s CCleaner) has updated the product to remove the malware, and current downloads are safe. They’re also in the process of determining the exact scope of the attack, who was vulnerable and to what degree, and what safeguards they need to avoid this type of thing happening again.

Initial indications are that while the malware has affected over two million machines, it’s effectively been neutered. The malware itself did nothing malicious, other than act as a gateway for the potential backdoor installation of additional malware. The command-and-control servers used to make that delivery have been taken down. The current understanding is that this was a targeted attack on “select large technology and telecommunication companies”, according to Avast. Consumer machines were characterized as “uninteresting” to the malware.

What seems to have gone well

CCleanerIn my opinion, Avast has done a good job of publicly reporting the issues, and continuing to report on the progress of their investigation.

Of course this should never have happened, but as I’ve said before: there’s no such thing as perfect security. What’s arguably at least as important as good security is the quality, speed, and honesty in response to security issues that are discovered.

So far, Avast appears to be handling it well.

Disappointing headlines

I wish I could say the same for some of their competitors.

In recent days, I’ve seen at least two cases of companies I would characterize as being in competition with either Avast or CCleaner publishing headlines and “analysis” I can only characterize as hyperbole. Rather than addressing the specific issues encountered, and perhaps contrasting their own product in comparison, they seem to be using this event as an excuse to use the worst possible terms and impacts to characterize CCleaner (or Avast) as no longer trustworthy and something that should be immediately abandoned.

I don’t agree. Not at all. So much so that my opinion of those other products has been somewhat diminished.

The worst-case scenario

One thing I’ve seen referenced is what I often refer to as the “nuclear option” when it comes to malware.

Specifically, some competitors have recommended that you completely reformat your machine and reinstall Windows from scratch if you happened to install the affected version of CCleaner.

In an absolute sense, that option is valid. Once you have malware on your machine, you have no idea what it might have done. But that’s true for any and all malware, at any time and from any source. Why they happened to make that recommendation in response to this specific situation becomes highly suspect if they’re not making it any other time.

At a more practical level, it’s gross overkill, and in my opinion, unwarranted.

At worst, you might restore from a backup image taken prior to CCleaner’s installation. Honestly, even that is overkill, and not something I recommend or will do myself.

What I recommend

My response to this is pretty simple, actually:

  • Update your copy of CCleaner, if you plan to use it, or simply uninstall your current copy. You can always reinstall later when you need the tool again.
  • Run up-to-date anti-malware scans. Your automated scans and updates may be enough, but to be on the safe side, have your security tool run a complete scan manually.
  • Stay alert to more news. If something more troubling is discovered, then take action in proportion to its severity. Right now, I’m not expecting anything major at all.

Most of all, I’m not recommending that you abandon CCleaner. It remains a good and useful tool.

As long as Avast’s response continues to be appropriate, I see no reason to bail.

Podcast audio

Play

25 comments on “What the CCleaner Hack Means to You”

  1. Only the 32 bit version was affected, and most newer machines are running 64 bit versions of Windows. Nevertheless I’m still going to uninstall the affected version & reinstall the latest version.

  2. Hi Leo,
    I agree with your review.
    I own a small computer repair business in which for the past 5-years I have placed CCleaner on all computers, and will continue to do so. I also place AVAST.

    Note: I started receiving your messages 2-3 months ago and am very pleased with your information…thank you.

    Regards,
    Charlie
    Park Computer
    {email address removed}

  3. Apparently only the 32-bit version was affected, although the exe file is the same. After version 5.33 there have been a few problems: 1) Avast Free is offered as an optional download — so be careful to uncheck “Avast Free,” 2) when a new version is released, the program tries to download rather than taking you to their site. Don’t click “yes,” go to Piriform’s site to download.

  4. Yup they say only the 32 bit was affected, and not android or 64 bit ones, but i come belive my android version was affected as it was acting up horrible, every time i opened it it would pop open other apps with it mainly my banking app, and bills file folder, i noticed the behavior and removed it ASAP. i also don’t use ccleaner anymore i don’t trust them anymore and i never liked avast once i learned off this and that they went to avast company i removed it also. i know use REVO uninstaller pro as it has a cleaner just like ccleaner.

  5. Hi Leo,
    Being used to reading your so valuable posts already for a good while, my impression was that you were in general not so much recommending
    the usage of the various “cleaner” tools, because, to put it shortly, they might usually cause more damage than benefit,
    both as a result of possible malware contained, and as a result of not always recognizing correctly the registry content and deleting entries
    that might be later discovered as missing and causing problems to the various installed software.

    I personally try to stay away from them …
    One simple reason is that, practically whenever I perform a Google search looking for a solution to a very specific problem,
    there is always a “set” of those “solve everything” tools (and I think CCleaner used to be among them) that suggest themselves
    as the ideal two-click solution for any issue … and I am at least doubtful of such capabilities …

    If there is indeed a justified need for “cleaning up” a machine, I would expect Microsoft to have its own dedicated tools for performing such operations,
    and, yes … have those tools included as utilities in the OS pack itself, I think that the Windows OS in any of its versions in use today is a “mature enough”
    operating system for not having to rely on 3rd party tools for doing simple and common maintenance actions.

    Thanks a lot once again for your excellent, highly useful and educating posts 🙂

    • CCleaner does a more thorough job of cleaning your computer than Windows built-in cleaning utility. For example it can clear your browsers’ history files and more. Of course, you can clean those in your browsers, but CCleaner does it all in one run of the program.

      • ‘Of course, you can clean those in your browsers, but CCleaner does it all in one run of the program.’ – Or you can not ‘clean’ them at all. Some people seem to think ‘cleaning’ is necessary routine maintenance that’ll help make their computer snappier. Of course, it isn’t. In fact, ‘cleaning’ may well make your computer less snappy.

    • It’s good to have a cautious approach. That’s Leo’s approach on registry cleaners. But CCleaner is more than a registry cleaner. What I like about CCleaner is that I get to control what it cleans. I’ve tried some others who take the approach of “trust me; I know what needs cleaning.” I don’t use those any more. I prefer CCleaner since I can control what it does and doesn’t do. So don’t run the registry cleaner if you don’t want, but use it to automate clearing your browser cache, while it’s also cleaning up something else.

    • Indeed, Microsoft does have a built in disk cleaning utility. The issue is that it only cleans Microsoft programs. CCleaner – which is decidedly not a “solve everything” program – will also clean data left by other popular programs as well, for example Chrome and Firefox browsers among many other things. It’s not something that everyone needs, or that every one needs frequently, but it’s still a useful program.

  6. I use CCleaner to stop links for sites I have previously looked at coming up on a different site.

    For example, I am looking on Amazon for SD cards. When I to go Google, that Amazon product might appear on the side of a page. This kind of activity can be very troublesome if you are looking for health-related items.

    CCleaner gets rid of those. I use it regularly and do not always update but not that far behind either.

    Thanks, Leo, for taking the response of Avast and evaluating what they did to correct the problem.

  7. Got this and had to take my computer to shop for a complete reinstall of windows. First time in 25 years I was unable to repair myself. Locked up my computer and USB ports. Guess if their own website can not put out a good version. I will try somebody else. I have also been using their product and recommended for at least 15 years. I am sure they will not pay me for repairs.

  8. Leo, a couple of questions:
    1 Why does CCleaner actually need frequent updates? It’s used for cleaning disks and the registry:- surely that design doesn’t change
    2 I have an older version, 5.31.6105, (from Q3 2017) – Is there any benefit in ever updating that ?
    3 Does anyone know _how_ hackers got into the CCleaner servers, and what Avast has done to stop it happening again?

    • Search the web. Your questions are all over the place.
      1) Take a look at CCleaner’s version release notes: http://www.piriform.com/ccleaner/version-history.
      You’ll see that you could ignore most updates and maintain the same functionality.
      In the case of CCleaner most updates are to keep up with ever-changing browser functionality.
      One reason browsers keep changing is to keep up with changes in how websites hide traces of your browsing activity.
      See the eternal circle?

      2) Updates to products that work on your current system are actually a source of unexpected problems.
      In the case of CCleaner, had people disabled automatic updates they would not have this particular problem.
      Know why you’re updating and know why the software vendor wants you to update.

      3) Piriform explains the problem, but doesn’t offer a “solution”: https://www.piriform.com/news/blog/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users

      The Talso site, which discovered the problem, has a good technical description also:
      http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html
      They say the problem occurred because of hackers “compromised a portion of CCleaner’s development or build environment”
      Wow, it’s too scary to speculate about how this could have happened.

      Finally, Talos says that simply uninstalling the affected version of CCleaner will not remove the malware.
      You would need to run scans (assuming your scanner has been updated to include the malware signature) or do what Leo calls the nuclear option.

  9. When I start CCleaner it checks for updates and if I say I want to update, they advertise about the paid upgrade. Fair enough. But then the link to download the newest version points back to Download.com. I don’t trust anything on Download.com. How do we know that the Download.com version has not been compromised?

    However, if you use the download link in the fine print at the bottom of the page, it downloads from Piriform.

  10. ‘Most of all, I’m not recommending that you abandon CCleaner.’

    I’d agree with you if CCleaner were actually necessary. While it may be useful in a limited number of scenarios, it’s mostly not needed. Bottom line: the less unnecessary apps you have installed, the less scope there is for something to go awry.

    • I agree. So a huge, cluttered Registry is bad. How bad? Does a Registry search take an extra few milliseconds? Big deal.
      Is my disk hideously fragmented? So does reading a fragmented file take 10 extra milliseconds? 50? So what. (And my disk is only 7% fragmented. It can stay that way.)
      What if I have a jillion obsolete and unused files? How can I tell if I don’t go looking for them? Ignore.
      The only use for CCleaner that I can see is that it can overwrite unused disk blocks. Do I have deleted pornography that I don’t want anyone to find? Nope. Interesting deleted financial records? Nope. Threats to “national security”? Nope. Ignore again.
      All I ever do to protect my precious personal info on the main disk (C:) is copy to an external disk (USB), and then shred the file on C with axcrypt. (The latest free axcrypt doesn’t shred; you have to buy the fancy version. I’ll stick with the old version.)

    • To follow on your thought to which I totally agree, my question is : What is it that CCleaner does better over Windows’ built-in Disk Cleanup?. I started using the latter even a week before the big announcement about the hack. My problem with CCleaner started when, for along while, it started giving me notifications in the system tray area like the following: “Click here to free up 255 GB of disk space”. Come on! I don’t even have that much on my occupied space on the hard disk whose total capacity is 1TB with 619 GB free out of 865 GB. You do the math. I don’t browse that much. I don’t have a ton of documents or junk files to that amount on my PC.

      On a side note, I totally respect Leo’s opinion to keep on recommending CCleaner, but my gut feelings and personal judgement made me get rid of CCleaner. I am going to stick to Windows’ Disk Cleanup tool and I feel that I am safer this way…

      • A ditto to what Ray said. It’s not that difficult to understand (look up) what CCleaner does and compare it with Windows Disk Cleanup (which doesn’t do much of anything significant). The original purpose of CCleaner was not to clean up garbage on the hard drive or the Registry, but to delete web surfing traces. Unfortunately it’s not too effective on that count because there are lots of places web surfing data are hidden and these places are always changing. But as a centralized tool to consolidate various clean-up tasks, CCleaner is good because it saves time. If you want to get real sophisticated with CCleaner you can script it to search and clean up custom areas of your machine. I agree that freeing disk space or “cleaning” the Registry are not significant features. Also, CCleaner or other similar tools can’t really make your computer run faster or “better” to the extent that you can notice (let alone measure). One interesting use of CCleaner is to find duplicate files on your drive, which is useful if you’re a disorganized person and have lots of large movies and picture files. Another nice feature is to show various startup and scheduled tasks for Windows and all browsers, all in one place. These features may not be vitally important, but nice to have.

        • Actually one feature I’ve come to appreciate it CCleaner’s uninstaller: it lists programs that are not as easily accessible through other interfaces, including several of Windows 10’s built-in apps.

  11. I guess I’m fortunate in not liking the C Cleaner interface in new editions for a long time now. I use an older copy on my (Windows XP) machine and turned off update notifications.

  12. Hi, Affen, you should update to latest to have the latest security. The program is often updating to include new issues. Or otherwise use alternative programs

  13. I think a bit of advice about what to do if your data was compromised should be given to the readers. {link removed}

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.