Web lists-archives.com

Re: PSA: CCleaner recently compromised




Am 25.04.2018 um 08:04 schrieb Ron Hunter:
On 4/24/2018 9:36 AM, Tanstaafl wrote:
On Mon Apr 23 2018 15:36:35 GMT-0400 (Eastern Standard Time), rebro
<rebro@domain.invalid> wrote:
Am 23.04.2018 um 20:34 schrieb Sailfish:
REF:
https://www.wired.com/story/inside-the-unnerving-supply-chain-attack-that-corrupted-ccleaner/


[excerpt quote=\"
In September, security researchers at Cisco Talos and Morphisec made a
worst nightmare-type disclosure: the ubiquitous computer cleanup tool
CCleaner had been compromised by hackers for more than a month. The
software updates users were downloading from CCleaner owner Avast—a
security company itself—had been tainted with a malware backdoor. The
incident exposed millions of computers and reinforced the threat of
so-called digital supply chain attacks, situations where trusted, widely
distributed software is actually infected by malicious code.
\" /]

Your excerpt does not mention that from the beginning on it was quite
clear that 64-bit systems were not in danger of being affected.

Or that it was 7+ MONTHS ago (in other words, old news).

I stopped updating this software after it changed after an update, and began deleting more than I had set up in earlier versions.   The updated version deleted some application registration information, rendering the software unusable.  I reverted to the earlier version, and have stopped updating it.  Shame on THEM!


Sorry Ron, the updated version hasn't deleted anything without your consent and - in the case of registry entries - without offering to backup the registry before altering it. It is, of course, in your responsibility to apply the suggested measures. BTW, I have been constantly using CCleaner since it was first published and never experienced such drastic and erratic changes from version to version as you describe. There should have been some additional complication in your case.
_______________________________________________
general mailing list
general@xxxxxxxxxxxxxxxxx
https://lists.mozilla.org/listinfo/general