CCleaner Updates Itself Without Notifying Users

Sep 21, 2018
2
0
10
Do not delete the update.exe, just rename it .xxx and rename back if you want to update. Deleting and reloading is a waste of time plus the new update will (probably) have the new update.exe, which needs to be renamed.
 

stdragon

Admirable


That's a bit harsh. But, I can't disagree that they've been rather shady with how they are handling security and not being up-front with their intentions of the software already installed. So while not malware, it's definitely become adware for sure.

Personally, if I'm going to use CCleaner, it's to install with customization, run the program to do the job, then shortly thereafter I uninstall it. Essentially, I just use it as a one-off temporary utility if needed.
 

humorific

Reputable
Dec 23, 2014
32
0
4,530
My solution is to enter windows firewall rules to block all network access for the updater and all executables. It should need any of it to do its job
 

Christopher1

Distinguished
Aug 29, 2006
666
3
19,015
My solution is to just realize that these things are getting harsh with the auto-updating to fix flaws and to stop wigging out when they simply autoupdate. Now if they autoupdate and put something malicious on your system?

Then we have a problem!
 

ravewulf

Distinguished
Oct 20, 2008
972
33
19,010
I stuck with the last update of version 4 because I didn't like the UI changes in v5. It may not be the latest and greatest under the hood but it still does what I need it to do.
 

popatim

Titan
Moderator
So how was deleting the CCUpdate executable and stopping the update task confirmed as a fix for this issue?

Seems easy enough to have a C&C routine built right into the main app.

Shame on Piriform for not understanding that No means No. Having a way to force an update opens a doorway for hackers to force one too once they analyze how this was done.

This makes me wonder what else they are secretly doing...
And who else is doing crap like this...
 

Karadjgne

Titan
Ambassador
I got a notification for update to that version, most times I ignore those updates since many are purely cosmetic and don't really change much from prior versions. This time I accepted it, it's been a year or so, so I figured it was time.
Win10Pro, If that helps.

Makin a mountain out of a few grains of sand. Not even a mole hill. It's CCleaner. You either use it or you don't. If you don't, there's nothing to upgrade, it's not malware that's suddenly going to install and make you use it unawares. If you do use it, you have given Avast permission to be installed. Nice little 'I Agree' button. It's CCleaner. It's not going to ask you to verify every single thing it does. Can I have permission to look at your files. Can I have permission to open this browser history. Can I have permission to decide if this is junk or not. WTH. You agreed to let it do its thing. If that means it auto updates to be in better compliance with the rules, so what. If it auto updates to something that worked better, did a better job, protected you better, saved your ash then you'd not say a thing but thanks. You said 'I Agree', you are trusting piriform to do the right thing. In this case, it's doing the right thing for itself, not necessarily for you. Get over it.
 
Sep 21, 2018
2
0
10
That is over the top. I have used CC for years and what it does for Cleaning, Registry, and Startup have been fantastic. For example, every time I install software, I check Startup to see if and what malware has been added. Many to most do and I disable some to most startup processes. So CC helps a lot with anti-malware and invasion of privacy & cookies. When Avast bought Piriform I was cautious and I now see that they/executives/mgmt/... have failed users in stupid, insensitive to customer needs ways this year. So when my paid subscription comes up for renewal in 9 months, I will take a hard look at their behavior and if Avast has become a first-class software company or slipped down into the swamp with tracking, sending back/selling my personal data, etc. I am hoping Avast gets its act and policies together asap. Hoping. But they are not malware (yet).

 

Pixdawg

Reputable
Jun 11, 2014
22
0
4,510
@KARADJGNE Obviously doesn't understand the concepts of ownership and privacy. The maker of the software obviously has major ethical issues.

To a large extent I agree with @ANGHELLIC--if you're using this and are aware of what it did a couple years ago, and of this episode, then if you use CCleaner you get what you asked for. That said--I most certainly would never buy anything from that company and I now have little or no faith in Avast as a company. But then, I never much liked their AV product anyway.
 

techy1966

Reputable
Jul 31, 2015
149
3
4,685
Hmmm...not sure I just checked mine and it is still at 5.44 but it did offer to update to the latest version 5.47 which I declined to do and it did not bother me again by asking. I did not know Avast was the owner of the software now.

I did find a short while ago when working on a a customers system that had Windows XP (yes I gave them warnings not a very good idea to have it on the internet.) Anyways what I found was their AVG Free after they updated to the newest version of the program started acting weird on the XP machine and was using 50% of the CPU at all times even though it was not doing anything.

I uninstalled it and installed Avast and the first thing I noticed was that every in stall screen and even the program looked pretty much like AVG Free and low and behold the same exact 50% CPU usage at all times causing the system to go into slow mo mode. This had me to conclude AVG & Avast are now owned by the same company and share the same software stack.

If anyone interested what I did to get the system working was to just install the version that wa son the system before the customer hit the update my AVG software button and then it worked as it should and it auto updated it's def files and worked fine.

I strongly urged them to not use the XP on the internet because of it being a non supported OS but they said they would be careful but we all know how that will all turn out. I did my best to make the machine as safe as possible I installed several programs (free ones) and taught them how to use them to help keep the system clean and safe and less chance of it having to come back in a week for me to clean again. If they follow through and use the software they should be fine if not the computer will be back on my bench.
 

Sam Hain

Honorable
Apr 21, 2013
366
0
10,960
Am using it on my laptop and have been doing so since 2016 without any issues. No auto-update without my knowledge here occurred...

In fact, I rec'd an e-mail about the update and proceeded with doing so "manually" and it worked just fine/as advertised.

To each their own.
 

Karadjgne

Titan
Ambassador
Just wanted to add this. It's a quote directly from the ccleaner free EULA that every user accepts with the 'I Agree' button, but almost never actually reads.
3. UPDATES.

Vendor, from time to time during the Subscription Period and without your separate permission or consent, may from time to time deploy an upgrade or update of, or replacement for, any Solution (“Update”), and as a result of any such deployment you may not be able to use the applicable Solution or Device (or certain functions of the Device) until any such Update is fully installed or activated. Each Update will be deemed to form a part of the “Solution” for all purposes under this Agreement. Updates may include both additions to, and removals of, any particular features or functionality offered by a Solution or may replace it entirely, and Vendor will determine the content, features and functionality of the updated Solution in its sole discretion. Vendor is not required to offer you the option to decline or delay Updates, but in any event you may need to download and permit installation or activation of all available Updates to obtain maximum benefit from the Solution. Vendor may stop providing support for a Solution until you have accepted and installed or activated all Updates. Vendor in its sole discretion will determine when and if Updates are appropriate and has no obligation to make any Updates available to you. Vendor in its sole discretion may stop providing Updates for any version of the Solution other than the most current version, or Updates supporting use of the Solution in connection with any versions of operating systems, email programs, browser programs and other software with which the Solution is designed to operate.

In a nutshell, you give permission upon acceptance to allow piriform to update their software, without further permission from the user, if they deem it necessary. Which they did. And some users objected to, but never actually read what they agreed to.
Avast did nothing wrong, broke no rules or agreements, got nothing to do with "Ownership" or "Privacy" rules and regulations. Boils down to lack of End User education and foresight into reading their rights and responsibilities as set forth by the software. You want it, you accept it, live with the results. Got no room to object later when things don't go your way exactly.

@pixdawg
@KARADJGNE Obviously doesn't understand the concepts of ownership and privacy. The maker of the software obviously has major ethical issues. 
I understand ownership (it's software owned and leased by Piriform solely, the end user has zero ownership of anything except the rights of subscription) and Privacy (got nothing to do with anything, Piriform updated their own software, not something else, under agreement from the End User). Might want to look into that before commenting.
 


Someone should drive this into the heads at M$.... Win10 Auto-Updates... forced for everybody if they set the critical level high enough.... Home users? any level.... and using torrent-like (if not torrent under the hood) methods for updates.... There's a risk there if they can spoof the checksums/CRCs/Hashes used for data validation. Even worse if they are using something like MD5 or older for the data validation.

It's one thing if we're informed about updates available (and we can ignore). It's another if the auto-update process can be hijacked for nefarious reasons. (Yeah, when it comes to Windows, we need the security fixes... but I'd rather something a little more secure.)

Now, more specifically to CCleaner, I usually avoid as registry cleaners have a rep for doing more harm than good. So, this doesn't directly affect me. That doesn't mean that it can't be abused or hijacked... and silent updates are practically a good breeding ground for malicious updates. But face it, silent updates are getting more common, slowly, as time goes on and the end user is further subjected to lack of ownership of any element of software.
 

cletus_slackjawd

Distinguished
Dec 26, 2006
347
0
18,790
Don't see what the fuss is about. OF COURSE they should notify customers of the change but it is what it is. Lots of paranoid folks here. If you we are so worried about backdoor baddies getting installed go for a Linux distro instead of windows? Can't go through life being afraid of everything.
 


Linux isn't immune. For about 3 (minor) versions An encryption option was available that was created by the NSA. It was initially rejected because the NSA was not forthcoming about its intricacies, but it made it in anyhow. Point being: Linux isn't as fireproof as you want to believe. If its popularity was bigger, you'd also have a heck of a lot more to worry about in malware... It still exists, but not to the extent of Windows... Also, sorry, Linux doesn't offer everything for everyone, especially not at the level Windows does... many things are rather crude in some cases, other cases, lacking required features.

As to your statement about not going through life being afraid of everything... I agree... but it doesn't mean bury your head in the sand because risks are lower or left unseen that way. That's the other extreme and its just as bad.

The thing here was an update happened and it caught people off guard, not knowing exactly, considering the rep of CCleaner, if there was something to worry about in the update. Updates like this isn't the norm for CCleaner.