What should Avast do with CCleaner backdoor?

What should Avast do to satisfy people affected by the CCleaner Trojan infection.

  • Nothing. Avast is just the owner.

    Votes: 22 25.6%

  • Provide a specific removal tool, because Talos (security experts) advise image recovery

    Votes: 48 55.8%

  • Provide a give away or discount for the Avast paid version

    Votes: 12 14.0%

  • Provide a give away or discount for the CCleaner paid version

    Votes: 22 25.6%

  • Other please specify

    Votes: 14 16.3%
  • Total voters
    86
  • Poll closed .
After reading Avast's statement and time line release, I'm fully confident they were in no way responsible for this infection of CCleaner users. Once aware they took any and all actions to mitigate the infection and most importantly to keep future versions of CCleaner from being infected by putting them under their internal Avast IT structure.

Avast dindu nuffin wron!!!!
 
  • Like
Reactions: brambedkar59, frogboy, Syafiq and 3 others
First thanks for the responses and opinions


I feel pitty for Avast. This incident will reduce the trust some people have in Piriform and or Avast.

Even when it would not be necessary, I think they should release a specific removal tool. Somehow a specific removal tool provides a better feeling than telling me they 'think' second stage attack never succeeded, so a simple update I should be fine.

When trust has been hurt, text like we think and we are pretty sure just are not convincing.

To be honest this incident also shows how many average secured companies are vulnerable to this sort of attacks (backdoor piggy backing on signed software with average and lacking security).
 
  • Like
Reactions: brambedkar59, Parsh, Fuzzfas and 5 others
Blaming avast! for it just makes you look like an idiot so I suggest people not to do that. The hack of Piriform was on the way before AVAST purchased it. Especially since Piriform was never a security focused company, it was just a small software studio that started with a "tweak/cleaner" utility and grew over time.

However, this incident raised an important issue of trusting digital signatures entirely. Most AV solutions entirely skip ALL security checks if valid digital signature is found. Which was also the case in CCleaner's case. For example, Comodo trusts signed files entirely, making such files bypass their "containment sandbox" feature entirely. This just shows how their "perfect" containment system is really "perfect". And same goes for the rest, avast! included. avast! also checks digital signatures to avoid false positives and if valid, it'll not perform further file checks. And I think that's a mistake. Signatures should provide a guidance and not an absolute declaration of clean or malicious.
 
  • Like
Reactions: brambedkar59, Andrew999, frogboy and 6 others
I don't think I have seen anyone say anything like this on any of these threads so I will say it... The attack was real and thankfully no real harm was done, however despite CCleaner becoming compromised, that does not make the product bad for people to use. Skilled black-hats will intentionally target businesses with a lot of clients so they can make it worth their while (especially for the risk they take if they get caught), so it is not surprising that Piriform was a target considering they had well over 2 million active users across both home and business individuals.

Other vendors have been compromised in the past, even security vendors. Maybe not the same way CCleaner became compromised, but this is the real world where the threat is real. For example, Kaspersky have found an infection internally before (not within their deployed software releases but on their own systems, I think it was 2015 or 2016).

I am sure that Piriform will take more precaution in the future with assessing new software releases before deploying them via an update, and re-assess their security practices to prevent something like this happening again to the best of their ability. :)

You can use security tools to restrict what operations a program can perform as well, so you could keep using the updated clean version of CCleaner whilst having it under restrictions so it cannot do anything out of the ordinary without a configuration change/user acceptance.
 
  • Like
Reactions: brambedkar59, frogboy, askmark and 5 others
I Myself think I paniced removing Ccleaner and Avast from my home systems soon as I learned of this issue, When really Avast I realize has done everything possible to take care of this issue. I do tend to panic a lot, Even removed Avast from Galaxy S7 Phone lol, guess i'll probably be reinstalling at some point soon.. As things happen, and this issue was taken care of looks like quickly
 
  • Like
Reactions: Sunshine-boy, roger_m, Xsjx and 1 other person
RejZoR said:
Blaming avast! for it just makes you look like an idiot so I suggest people not to do that. The hack of Piriform was on the way before AVAST purchased it. Especially since Piriform was never a security focused company, it was just a small software studio that started with a "tweak/cleaner" utility and grew over time.

However, this incident raised an important issue of trusting digital signatures entirely. Most AV solutions entirely skip ALL security checks if valid digital signature is found. Which was also the case in CCleaner's case. For example, Comodo trusts signed files entirely, making such files bypass their "containment sandbox" feature entirely. This just shows how their "perfect" containment system is really "perfect". And same goes for the rest, avast! included. avast! also checks digital signatures to avoid false positives and if valid, it'll not perform further file checks. And I think that's a mistake. Signatures should provide a guidance and not an absolute declaration of clean or malicious.
Click to expand...

Rejzor! Long time no see! I 've read you got banned from Wilders some time ago! I see you are still a loyal Avast fan! Good to see a familiar "face" again.

Heh, i use CCleaner, but luckily, being more on the paranoid side, i never autoupdate anything and i always read changelogs to see if something important is done. I had stuck with v5.32.6129. Good point on Comodo's reliance on certificates though.

Of course another major failure here is on the part of traditional antiviruses, where despite all the heuristics, behaviour blockers, clouds, etc, couldn't see anything wrong for so long...
 
Last edited:
  • Like
Reactions: brambedkar59
  • Like
Reactions: frogboy
RejZoR said:
Blaming avast! for it just makes you look like an idiot so I suggest people not to do that.
Click to expand...

When you own a dog and it bytes someone, the owner is responsible. When your kid throws a rock through someone's window, the parent is responsible. When a company goes out of business and becomes insolvent the creditors always transfer their claims to the company owning the company that became bankrupt. So what is so stupid when people look at the parent company (Avast) for compensation or infection curation.
 
Last edited:
  • Like
Reactions: AlanOstaszewski, Sunshine-boy and Fuzzfas
The real problem is how could a third party change the code of CCleaner and still get it signed?

The bigger problem is that Piriform probably is not the only mediocre secured company. Because a chain is as strong as the weakest link, this places a big question mark to the signature based trust model.
 
  • Like
Reactions: Sunshine-boy, paulderdash and Fuzzfas
paulderdash said:
And jumping to CCleaner alternatives does not decrease one's risk. Possibly the opposite.
Click to expand...

Agree on both statements now Avast has moved development platform security of Piriform to their infrastructure (assuming Avast's development infrastructure is well protected).
 
  • Like
Reactions: mlnevese and Sunshine-boy
I'm really disappointed about Avast and for the most about Piriform. It can't be that because of stupidity other companies need to fix the mistakes of Piriform. I hope that many people and companies learned from the big mistakes. I can't say more about this. This was my last time using products of them.
 
  • Like
Reactions: Sunshine-boy
Installing a security software on a computer needs huge trusting. There is nothing worse than compromiting a AV. Avast was advertising its AV in the last days as the CCleaner backdoor remover. WTF?!
That is for example a thing that AV tests aren't comparing: Trust.
Defender would score better than Avast :D
 
  • Like
Reactions: Sunshine-boy
You must log in or register to reply here.

You may also like...