Updates 10/24/17 - CCleaner

I updated to CC 5.36.6278 yesterday. This morning it launched the Emergency Updater on its own from behind the scenes. My firewall caught and blocked it...

So what does this new thingy do and why would I want to let it run whenever it wants? And what defines an "Emergency"?

Didn't see anywhere inside CC's settings options to turn it off but I found a new CC entry in Task Scheduler and disabled it.

Thanks for the info.

So something else is going to be phoning home every day. Do we know what "else" it might be doing/sharing?

By the time they detect the next round of hacked code, it will probably already be too late since the malware that's delivered probably won't get removed when they release an emergency update. So this just sounds like a "feel good" ploy from Piriform.

I'm going to leave the updater disabled, for now....

Ron,

You might recall that CCleaner was recently "compromised"   http://en.community.dell.com/support-forums/virus-spyware/f/3522/t/20020759

The point of this new "emergency" updater, which runs independently of the CCleaner program, is that, SHOULD there ever arise another "anomalous" situation, they will be able to automatically push-through a fix/correction as soon as they become aware of the problem (and produce corrected code), without having to rely on  forums or web-articles to advise the public of the NEED to do so.

Hopefully, they will rarely (if ever) have to do so...

It's certainly your call... if you don't want things "phoning home" every day, then yes, you can disable the updater task... and then take responsibility for manually updating as you deem appropriate.

Keep in mind that CCleaner/Piriform is now owned by avast... so anyone who trusts avast for security shouldn't have a problem with Piriform's intent.

Programs like Chrome (and Chromium-based browsers) are notorious for always updating themselves... and Microsoft certainly would prefer that users have Windows update automatically.

I understand where you're coming from... I've "locked" my CCleaner at v5.08 ; and my Auslogics Disk Defrag at v4.4.1  (since most "improvements" have been focusing on Win10, which I'm not using).

I do, however, manually update just about all of my other programs.

If I'd let CC update itself regularly, I would have had the problem with the malware that got embedded in it. I was several versions behind the hacked version and avoided the whole mess.

I've turned off auto-updating for everything, including Windows Update, on this Win 7 PC. I'll let somebody else beta-test all these updates first.

Unfortunately, I can only delay WU updates on my Win 10 lappy, but that's better than letting them throw stuff at me when I'm not looking which doesn't work right and/or causes other problems. :emotion-5:

My thoughts:

1) CCleaner is a utility, not a security app. Its updates are optional. If it ain't broke, don't fix it. I'm freezing my CC at the current version, until such time as the changelog indicates some useful improvement that I want, or fixes a glitch I have.
2) The concept of an automatic "emergency updater" is a new one. I won't be using it (since I see no need to get this newest version).
3) Avast is certainly a reputable company. Despite this, the recent update fiasco with CC is on them. It implies no nefarious intent. Updates carry unknown risks and bugs, even from the best of sources. I have always disabled automatic software updates for everything (except AVs) for this reason. My philosophy has been to let the masses test new software releases (which often find bugs that beta-tests did not), and manually install them only after a trouble-free interval.

Win XP was probably the last OS that I felt I had control over, as far as installing software(upgrades/updates) went, now that Win 7 bundles its updates. And Win 10 is worse, where one can only defer updates/upgrades. And MS blurs the distinction between updates and upgrades.

That said, I note that my Win 10 Pro laptop allows me to defer "feature updates" (which seems to mean non-security improvements, such as the Creator Update) for up to one year. I can defer "quality updates" (which seem to mean security patches) for up to 30 days. In practice I think this  is sufficient to avoid the significant bugs, which hopefully are discovered/corrected within the first few weeks.