Open source software tends to be regarded as more secure than proprietary software, simply because third-parties can easily have a look at what the software is doing.
Today, technical folks and security pros are talking about a discovery by Cisco Talos, the software giant’s threat intelligence team. It found that CCleaner had been infected with malware, so that users who downloaded version 5.33 would have received a payload that made malicious calls to a third-party server. “Affected systems need to be restored to a state before August 15, 2017 or reinstalled. Users should also update to the latest available version of CCleaner to avoid infection,” Talos wrote.
CCleaner deletes unneeded files on computers and mobile devices. It is a product of Piriform, a company acquired this year by Avast. CCleaner is a freemium-model, with more features available to companies that make a one-time payment for the software. Piriform posted on its blog that it believes the threat to users has been neutralized. It encourages all users to update to the most recent version, however.
For those who have lost faith in CCleaner and want to try a product that lets users see what’s going on under the hood, consider BleachBit.
First created as a Linux utility in 2008, BleachBit has been regularly updated ever since. Version 1.17 Beta went live in February. BleachBit was trusted by the Hillary Clinton team to wipe old emails, according to the House Committee that investigated the digital controversy, Politico reported. BleachBit doesn’t stop at deleting files. It overwrites the space where the files previously sat. It’s the digital equivalent of “shredding” a paper document.
It will work best for users that go into its “preferences” and select the option to download and update “winapp2.” That helps it find more parts of computers that tend to accumulate clutter.
BleachBit is maintained by its creator, Andrew Ziem, so its user experience will probably leave something to be desired versus CCleaner, which has a whole team behind it. On the other hand, as a popular piece of open source software (under a GNU free software license), there’s the potential for security researchers to have a look at it’s codebase. Talos only spotted the problem with the software because it had advanced tools loaded on its machines looking for strange behavior.
Closed-source software often has fancy security teams that can protect them, so trust in such companies isn’t entirely misplaced. As for the malware CCleaner distributed, it gathered a lot of basic information about each infected computer. Talos reported that it didn’t seem to bother with computers installing the software at anything less than administrator level privileges. Thus far, no one has reported on the motive for the attack.
At this stage, we don’t want to speculate how the unauthorized code appeared in the CCleaner software, where the attack originated from, how long it was being prepared and who stood behind it. The investigation is still ongoing.