What should Avast do with CCleaner backdoor?

What should Avast do to satisfy people affected by the CCleaner Trojan infection.

  • Nothing. Avast is just the owner.

    Votes: 22 25.6%
  • Provide a specific removal tool, because Talos (security experts) advise image recovery

    Votes: 48 55.8%
  • Provide a give away or discount for the Avast paid version

    Votes: 12 14.0%
  • Provide a give away or discount for the CCleaner paid version

    Votes: 22 25.6%
  • Other please specify

    Votes: 14 16.3%

  • Total voters
    86
  • Poll closed .

Windows Defender Shill

Level 7
Verified
Well-known
Apr 28, 2017
326
After reading Avast's statement and time line release, I'm fully confident they were in no way responsible for this infection of CCleaner users. Once aware they took any and all actions to mitigate the infection and most importantly to keep future versions of CCleaner from being infected by putting them under their internal Avast IT structure.

Avast dindu nuffin wron!!!!
 

Windows_Security

Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
First thanks for the responses and opinions


I feel pitty for Avast. This incident will reduce the trust some people have in Piriform and or Avast.

Even when it would not be necessary, I think they should release a specific removal tool. Somehow a specific removal tool provides a better feeling than telling me they 'think' second stage attack never succeeded, so a simple update I should be fine.

When trust has been hurt, text like we think and we are pretty sure just are not convincing.

To be honest this incident also shows how many average secured companies are vulnerable to this sort of attacks (backdoor piggy backing on signed software with average and lacking security).
 

RejZoR

Level 15
Verified
Top Poster
Well-known
Nov 26, 2016
699
Blaming avast! for it just makes you look like an idiot so I suggest people not to do that. The hack of Piriform was on the way before AVAST purchased it. Especially since Piriform was never a security focused company, it was just a small software studio that started with a "tweak/cleaner" utility and grew over time.

However, this incident raised an important issue of trusting digital signatures entirely. Most AV solutions entirely skip ALL security checks if valid digital signature is found. Which was also the case in CCleaner's case. For example, Comodo trusts signed files entirely, making such files bypass their "containment sandbox" feature entirely. This just shows how their "perfect" containment system is really "perfect". And same goes for the rest, avast! included. avast! also checks digital signatures to avoid false positives and if valid, it'll not perform further file checks. And I think that's a mistake. Signatures should provide a guidance and not an absolute declaration of clean or malicious.
 
D

Deleted member 65228

I don't think I have seen anyone say anything like this on any of these threads so I will say it... The attack was real and thankfully no real harm was done, however despite CCleaner becoming compromised, that does not make the product bad for people to use. Skilled black-hats will intentionally target businesses with a lot of clients so they can make it worth their while (especially for the risk they take if they get caught), so it is not surprising that Piriform was a target considering they had well over 2 million active users across both home and business individuals.

Other vendors have been compromised in the past, even security vendors. Maybe not the same way CCleaner became compromised, but this is the real world where the threat is real. For example, Kaspersky have found an infection internally before (not within their deployed software releases but on their own systems, I think it was 2015 or 2016).

I am sure that Piriform will take more precaution in the future with assessing new software releases before deploying them via an update, and re-assess their security practices to prevent something like this happening again to the best of their ability. :)

You can use security tools to restrict what operations a program can perform as well, so you could keep using the updated clean version of CCleaner whilst having it under restrictions so it cannot do anything out of the ordinary without a configuration change/user acceptance.
 

Bikeman0I17

Level 1
Verified
Sep 22, 2017
48
I Myself think I paniced removing Ccleaner and Avast from my home systems soon as I learned of this issue, When really Avast I realize has done everything possible to take care of this issue. I do tend to panic a lot, Even removed Avast from Galaxy S7 Phone lol, guess i'll probably be reinstalling at some point soon.. As things happen, and this issue was taken care of looks like quickly
 

Fuzzfas

Level 3
Verified
Well-known
Jan 8, 2013
109
Blaming avast! for it just makes you look like an idiot so I suggest people not to do that. The hack of Piriform was on the way before AVAST purchased it. Especially since Piriform was never a security focused company, it was just a small software studio that started with a "tweak/cleaner" utility and grew over time.

However, this incident raised an important issue of trusting digital signatures entirely. Most AV solutions entirely skip ALL security checks if valid digital signature is found. Which was also the case in CCleaner's case. For example, Comodo trusts signed files entirely, making such files bypass their "containment sandbox" feature entirely. This just shows how their "perfect" containment system is really "perfect". And same goes for the rest, avast! included. avast! also checks digital signatures to avoid false positives and if valid, it'll not perform further file checks. And I think that's a mistake. Signatures should provide a guidance and not an absolute declaration of clean or malicious.

Rejzor! Long time no see! I 've read you got banned from Wilders some time ago! I see you are still a loyal Avast fan! Good to see a familiar "face" again.

Heh, i use CCleaner, but luckily, being more on the paranoid side, i never autoupdate anything and i always read changelogs to see if something important is done. I had stuck with v5.32.6129. Good point on Comodo's reliance on certificates though.

Of course another major failure here is on the part of traditional antiviruses, where despite all the heuristics, behaviour blockers, clouds, etc, couldn't see anything wrong for so long...
 
Last edited:
  • Like
Reactions: brambedkar59

Windows_Security

Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
Blaming avast! for it just makes you look like an idiot so I suggest people not to do that.

When you own a dog and it bytes someone, the owner is responsible. When your kid throws a rock through someone's window, the parent is responsible. When a company goes out of business and becomes insolvent the creditors always transfer their claims to the company owning the company that became bankrupt. So what is so stupid when people look at the parent company (Avast) for compensation or infection curation.
 
Last edited:

Windows_Security

Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
The real problem is how could a third party change the code of CCleaner and still get it signed?

The bigger problem is that Piriform probably is not the only mediocre secured company. Because a chain is as strong as the weakest link, this places a big question mark to the signature based trust model.
 

AlanOstaszewski

Level 16
Verified
Top Poster
Malware Hunter
Jul 27, 2017
775
I'm really disappointed about Avast and for the most about Piriform. It can't be that because of stupidity other companies need to fix the mistakes of Piriform. I hope that many people and companies learned from the big mistakes. I can't say more about this. This was my last time using products of them.
 
  • Like
Reactions: Sunshine-boy

AlanOstaszewski

Level 16
Verified
Top Poster
Malware Hunter
Jul 27, 2017
775
Installing a security software on a computer needs huge trusting. There is nothing worse than compromiting a AV. Avast was advertising its AV in the last days as the CCleaner backdoor remover. WTF?!
That is for example a thing that AV tests aren't comparing: Trust.
Defender would score better than Avast :D
 
  • Like
Reactions: Sunshine-boy

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top