[German]It seems that Piriform’s CCleaner will be forced to be updates from old version 5.38 to version 5.46 – and the telemetry settings are switches on by default.
About the CCleaner and the trouble it caused, I’ve published a lot of articles here in the blog. Since security provider AVAST took over developer Piriform in 2017, the mishaps have been increasing.
The Telemetry thing and version 5.46
With the CCleaner version 5.45, Piriform had upgraded its telemetry data collection (see AVAST CCleaner 5.45 and Telemetry). After a big outcry among the users, Piriform decided to completely withdraw version 5.45 of the CCleaner at the beginning of August 2018.
After the complete revision the CCleaner version 5.46 was released at the end of August 2018. The users should be able to adjust if and what the CCleaner does. I had summarized my thoughts in the article CCleaner V 5.46 with improved data settings and assumed that (according to my blog posts) nobody actually lets the software on his systems anymore.
Automatic update to v5.46
This night, several e-mails arrived from German blog reader Georg S., who drew my attention to another ccleaner story. Georg S. wrote in his first mail:
just now I had to find out on 3 computers with Windows 7 Ultimate 64 bit that CCleaner Slim version 5.38 has been updated yesterday (2018-09-10) automatically to v5.46.
I had definitely deselected the option for automatic updates. If Avast did this systematically, then the data sniffing has reached a new peak.
In version 5.46 Slim (Settings –> Privacy) the function “Help improve CCleaner by sending anonymous usage” was activated. In the Control Panel (Programs and Functions), I have sorted the installed software updates by date. I discovered that CCleaner 5.46 has been installed.
Georg has send me the above screenshot from Control panel showing the installed update. In another mail the blog reader wrote:
also my Win 10 home tablet is affected by the “misery”. I installed CCleaner v5.38 over v5.46 (works fine), made the usual settings and didn’t have to delete an ominous “Avast-Pirifom” cookie, but on all Win 7 PCs.
I will now observe the behavior of CCleaner to possibly be able to reproduce the behavior.
So all 4 computers were/are affected!
Today I will restore the Win 7 images from September 1st and install yesterday’s Windows and missing software updates.
Of course it’s a very unpleasant behavior – of course I don’t notice it, because I don’t let this software on my systems. Later Georg S. added the following:
meanwhile I restored the image from 2018-09-01 on one of the affected Win 7-PCs and CCleaner was updated from 5.38 Slim to 5.46 again, although the option for automatic updates was deselected.
Again at 5.46 the data transfer is activated without any query. Thus the “silent” update is automatically activated by Avast – an absolute No Go.
I will reinstall the image and uninstall CCleaner 5.38 immediately!
I have used CCleaner to comfortably “clean up” the registry under a user interface, which is sometimes difficult to find under Win 7 itself.
Shortly after publishing the German edition of this blog post, I got confirmation from another blog reader, that it wasn’t a single incident. So I don’t need to add further comments to my article – it’s now up to you, to judge, whether you trust CCleaner anymore. It’s the old thing: If you are using snake oil, your hands get dirthy with that.
Addendum: CCleaner security issues
Due to the fact, that some CCleaner lovers are take my (German) blog post about that tool to personally, I let execute the portable version of CCleaner within my security test bed. This test bed shows, whether a program is vulnerable for DLL hijacking or other things. Here is a screenshot:
One DLL hijacking mine after the other went up during executing CCleaner (portable edition, the installable version has even more issues). The problem is that CCleaner can be hijacked by malware with very simple means. In order to uninstall something in Windows (always used as an argument why some users need the tool), CCleaner needs administrator rights. But then malware can piggyback via DLL hijacking to gain administrator privileges. Some background information about the security problems with DLL hijacking including information about the testbed can be found here.
CCleaner has been infected with malware
CCleaner comes mit AVAST PUP
AVAST CCleaner 5.45 and the telemetry thing
CCleaner 5.45 pulled and other peculiarities
CCleaner V 5.46 with improved data settings