The popular PC cleaner CCleaner contained a backdoor, which affected millions of users
Experts in enterprise network security reported changes in CCleaner version 5.45, with new functions for monitoring and data collection. It seems that the software owned by Avast, available in Piriform, is facing new criticism, this time due to changes in software in the latest version, CCleaner v5.45. In this new version, there is a changelog that says that have been added more detailed reports for bug fixing and product upgrades.
However, enterprise network security specialists are concerned that this statement only aims to cover up an alleged intention to collect data. The newly added monitoring elements are called “Active monitoring” and “Heartbeat”, and they appear to be sending user data to the CCleaner servers. Data includes use analysis and continuous scanning of systems to alert users when trash files are discovered.
Piriform claims that “hearbeat” only sends non-personally identifiable usage information to improve the software, and adds that by collecting it they can quickly detect bugs, identify problematic points in the user interface design, and also understand which areas of functionality should be improved. What generates suspicion is that it is extremely difficult to opt out of participating in these new features.
Users can opt to disable system data collection in the “Options” menu. However, the features will be re-enabled the next time the program starts. Closing the program has also been more challenging: the “X” icon now only functions to minimize the program. The only way to stop the program is by forcing its close.
Experts in enterprise network security from the International Institute of Cyber Security mention that CCleaner users have expressed their discontent with these new measures, considering them a war declaration against user’s privacy.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.