Linked by Thom Holwerda on Tue 19th Sep 2017 09:58 UTC
Privacy, Security, Encryption

Talos recently observed a case where the download servers used by software vendor to distribute a legitimate software package were leveraged to deliver malware to unsuspecting victims. For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner. CCleaner boasted over 2 billion total downloads by November of 2016 with a growth rate of 5 million additional users per week. Given the potential damage that could be caused by a network of infected computers even a tiny fraction of this size we decided to move quickly. On September 13, 2017 Cisco Talos immediately notified Avast of our findings so that they could initiate appropriate response activities. The following sections will discuss the specific details regarding this attack.

Don't use registry cleaners. They serve no purpose.

Thread beginning with comment 649016
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: CCleaner is great
by Bill Shooter of Bul on Tue 19th Sep 2017 18:44 UTC in reply to "RE[2]: CCleaner is great"
Bill Shooter of Bul
Member since:

No, the real problem with the registry, IMHO, isn't that its a single place for programs to store data. That's kind of defensible, if there was a better way for the system to automatically deal with the occasional corruption that happens due to old/bad disks and or cosmic rays.

The real problem with the registry is the way COM objects are stored/registered in there. Thats where I've always had problems with it.

Long story short, they're kind of nested and self referential. And if important webs of those break, those lead to issues described here that are so difficult to fix, people want an application to automatically fix for them. If it was just a storage space for hierarchical name value pairs related to application settings, there wouldn't really be a need for something like CC Cleaner.

Not sure I understand your points about linux. There are tools and technologies to prevent issues with third party installs (which like every other OS, should not be installed from untrusted sources). Havne't used desktop Ubuntu in a while, but Fedora updates are automatic prompts by default in the workstation version. They can be easily automated.

PS. If you want to pick on Desktop Linux Security, Pick on Xorg. Its terrible.

Reply Parent Score: 3

RE[4]: CCleaner is great
by zima on Wed 20th Sep 2017 17:36 in reply to "RE[3]: CCleaner is great"
zima Member since:

PS. If you want to pick on Desktop Linux Security, Pick on Xorg. Its terrible.

? & does that carry over to Wayland?

Reply Parent Score: 2