At the beginning of this week, it was reported that award-winning, hugely popular computer cleaning software CCleaner had been bundled with malware for almost a month with its official installer.
Shortly after, it was revealed that the incident wasn't caused by mismanagement at the Piriform, company behind the software, but a "sophisticated" hack that had managed to gain access to Piriform's ... [ read the full article ]
Please read the original article before posting your comments.
Quote: ...wasn't caused by mismanagement at the Piriform, company behind the software, but a "sophisticated" hack that had managed to gain access to Piriform's development environment
To me, there's not much distinction between these two situations. Ultimately, the company that owns the infrastructure that's breached is responsible, and I don't see how a company that has good controls could allow their development environment (or indeed any environment) to be compromised.
I thought this article was an ad for the product, then realized...
What can they mean, "targeted"?
It was delivered almost as a broadcast. Maybe it wasn't interested in the majority of its victims, but it certainly wasn't targeted. The secondary delivery was targeted.
Let's see if "purposeful" or "selectively active" might be better?
I've wiped my PCs clean down to the hardware, restored from a late July backup, and uninstalled everything from Avast and Piriform from my computers -- I will never use them again, they have lost a paying customer for life. I don't care who the hacker was or what they were after, they got through. Avast is a company supposedly DESIGNED to prevent this. I doubt Avast will ever recover completely from this in the public's eye, nor do they deserve to.
I'm with Webroot and Bitdefender now, so we'll see.
Quote: ...wasn't caused by mismanagement at the Piriform, company behind the software, but a "sophisticated" hack that had managed to gain access to Piriform's development environment
To me, there's not much distinction between these two situations. Ultimately, the company that owns the infrastructure that's breached is responsible, and I don't see how a company that has good controls could allow their development environment (or indeed any environment) to be compromised.
Agree 100%!
To have their development environment hacked, that's pretty fucking deep into critical systems and infrastructure...how could they not notice that their installer had gained some weight somehow? Are they that lax that the extra few 100kb, or whatever, went unnoticed?
Pretty poor internal auditing...
Thanks to all for the "YOU DON'T WANT IT!"...I currently have Malwarebytes and was impressed by using Avast to get rid of some nasties on a friends' system. I was seriously considering moving to Avast, and I am embarrassed to say because it was effective, and because of the beautiful user interface and myriad of other helper apps included. I am staying with Malwarebytes--not as pretty, but at least it does no harm!
