![]() ![]()
#PROGRAMS LIKE CCLEANER FOR CHROMEBOOK SOFTWARE#With that type of response I won't ever support the use of Avast or Piriform software in the foreseeable future.Start Your Free Software Development Course They aren't taking any responsibility for what's a pretty massive breach on there end. It's pretty obvious they just got damn lucky the new version doesn't have the malware, probably because it got built on different machine from the affected release. On the other hand Piriform's statement makes it seem like they figured it out and eliminated the problem and released an update. They spell out what happened and what they know and don't know and try to avoid assigning blame. ![]() Talos makes it pretty clear that there was a serious problem on Piriform's end (how do you build and send something out when the source obviously doesn't match what is in your release branch?). It's clear that this malware was intended to allow another large scale botnet and that there were several breakdowns in the software development process that allowed this to happen. My respect and trust in a company depends on how they handle an incident like this. #PROGRAMS LIKE CCLEANER FOR CHROMEBOOK UPDATE#Users of CCleaner 5.33 are urged to immediately update (opens in new tab) to the latest CCleaner 5.34 version. Previous research has showed that the overwhelming majority of security bugs would be rendered useless if people would use Standard/Limited accounts instead of Administrator accounts by default. #PROGRAMS LIKE CCLEANER FOR CHROMEBOOK PC#Talos added that right now very few antivirus programs can even catch the CCleaner malware: only one antivirus engine out of 64 was able to detect it (ClamAV).įinally, it’s always a good idea to use a Standard/Limited account on your Windows PC by default, as opposed to using an Administrator account. Talos also showed that anti-exploit technology can be quite useful in situations where antivirus software cannot, as Malwarebytes has also said in the past. Additionally, if updates are automatic, the damage could be much larger, as we saw with the NotPetya attack.Īutomatic updates may still be a net win for users because of how many patches to exploitable bugs could reach users faster than otherwise, but it also means that developers of software with automatic updates should take the security of their update servers that much more seriously. What we can learn from this situation is that attackers seem to be increasingly targeting developers of popular software as a way to more easily infect millions of users at once. Other factors limiting the potential impact were the fact that the malware was only bundled with the 32-bit version of the software, as well as the malware only activating on Windows accounts with administrator privileges. If they were, we may have seen orders of magnitude more users being infected. However, there are a few factors that limited the number of infections, one of which is that for users of the free version of CCleaner, updates are not automatic. Potential ImpactĬCleaner had 130 million active users at the time of the Avast acquisition, and it continues to gain millions of users every week. The Talos team believes it may have more to do with an attacker compromising Avast’s development and signing process for the CCleaner application and recommended that this certificate be immediately revoked and untrusted going forward. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |