Instead of having a built-in updater, why not a direct download link?
(I know DDLs are bad, but what the hell?)
With a little tweaks to the idea, it might be a good IMO.
That text could easily be overlooked.
I know what you are getting at ishan.
Me personally though, I like to see where and what I'm downloading.
Instead of having a built-in updater, why not a direct download link?
(I know DDLs are bad, but what the hell?)
"Here is a pop-up with a friendly warning that I have 173 infections and should click HERE
I must obey because CCleaner was better when I clicked it's HERE yesterday" ! ! !
A novice might have a friend install CCleaner, and should be encouraged to practice safe computing.
His computer is already at risk from his ignorance, CCleaner should not compound the problem.
Regards
Alan
Hm, did not see that coming. A suggestion's a suggestion
...
I like to see where and what I'm downloading.
That text could easily be overlooked.
Yes, it could. But the update text already built into CCleaner could be overlooked as well.
So far as being afraid you cannot see what you are downloading, then why are you worried? Don't most "updaters" for programs show the name of the EXE or file being downloaded, in addition to a progress bar? If CCleaner.exe is infected when you click the download update button, might it not also be infected if you click the normal way of updating?
The internet IS still the internet, right? If they still want you to download so you can have the toolbar option, why not just build that into the updater so the user can keep it checked if they want it, or uncheck it?
Am I missing anything here?
Thanks!
So far as being afraid you cannot see what you are downloading, then why are you worried? Don't most "updaters" for programs show the name of the EXE or file being downloaded, in addition to a progress bar? If CCleaner.exe is infected when you click the download update button, might it not also be infected if you click the normal way of updating?
Some of us are serious at protecting ourselves, our computers, our information,
and this requires Due Diligence.
If we have with Due Diligence authorised our software to auto-update, then it may happen at an inconvenient time, but we have previously evaluated and accepted the risks.
If I am required to click a link,
that tells me that some external entity wants to do something that would be blocked by my default security.
It might be obtaining my full authority for :-
making my life better;
recruiting me into a Botnet;
installing a keylogger;
installing Explorer.exe.
Just because you read Explorer.exe on the label does not mean you get Explorer.exe when you open the can.
Years ago I read that a new breed of pop-up had a "click to cancel" which would steal my full authority to unleash what it came to deliver.
I immediately recognised that it could also steal my authority if I clicked the red 'X' in the top right corner.
I have never been click happy since.
For a year or so I worried about an imaginary threat, but suddenly it was no longer imaginary.
"Click to Update CCleaner" is possibly safe today, but for how much longer ?
Regards
Alan
CCleaner can make it as secure as possible, linking it to Piriform or FileHippo only, I mean, c'mon!
Some of us are serious at protecting ourselves, our computers, our information,
and this requires Due Diligence.
If we have with Due Diligence authorised our software to auto-update, then it may happen at an inconvenient time, but we have previously evaluated and accepted the risks.
If I am required to click a link,
that tells me that some external entity wants to do something that would be blocked by my default security.
It might be obtaining my full authority for :-
making my life better;
recruiting me into a Botnet;
installing a keylogger;
installing Explorer.exe.
Just because you read Explorer.exe on the label does not mean you get Explorer.exe when you open the can.
Years ago I read that a new breed of pop-up had a "click to cancel" which would steal my full authority to unleash what it came to deliver.
I immediately recognised that it could also steal my authority if I clicked the red 'X' in the top right corner.
I have never been click happy since.
For a year or so I worried about an imaginary threat, but suddenly it was no longer imaginary.
"Click to Update CCleaner" is possibly safe today, but for how much longer ?
Regards
Alan
"And the sky could well fall in tomorrow, killing us all... More proof less than nothing is needed?
Not to be mean, yawn, but aren't they hosted on relatively safe servers? Besides, you should know not to use IE by now! Put on your protection while surfing the web! Use Firefox!
MrDon there is nothing wrong with a person preferring to go to the website direct in order to download an update for a program.
I do this myself so that I can look around the site and make sure nothing untoward is happening there, and to pick up any info about other products and services that the vendor provides which I would miss if I just updated automatically..
I always use Firefox.
One of my reasons for switching away from Scottish Power was that on-line accounting required I.E.
When My bank or credit card company advise me of an update to my account,
I naturally use what I have already bookmarked,
no way will I click on any convenient link in an email to visit my bank or register to collect my lottery winnings.
I do not know how to judge what servers are safe and what are insecure.
I do not know how any SQL injection attack is done,
I just know that servers for good can be subverted to evil.
Regards
Alan
I always use Firefox.
One of my reasons for switching away from Scottish Power was that on-line accounting required I.E.
When My bank or credit card company advise me of an update to my account,
I naturally use what I have already bookmarked,
no way will I click on any convenient link in an email to visit my bank or register to collect my lottery winnings.
I do not know how to judge what servers are safe and what are insecure.
I do not know how any SQL injection attack is done,
I just know that servers for good can be subverted to evil.
Regards
Alan
Allan, if you are getting "update" messages concerning your bank account, it is where someone mass emailed a lot of people the same thing. They are hoping you click it, enter your information so that you can have your account emptied into theirs.
DO NOT EVER click account details online.
This trick relies on tricking the user into divulging details. This has nothing to do, however, with filehippo or other places. Personal email? Yes! People try to trick you into things all the time. Scammers/spammers. The key here is, to flag them as spam & delete them always.
Allan, if you are getting "update" messages concerning your bank account, it is where someone mass emailed a lot of people the same thing. They are hoping you click it, enter your information so that you can have your account emptied into theirs.
DO NOT EVER click account details online.
This trick relies on tricking the user into divulging details. This has nothing to do, however, with filehippo or other places. Personal email? Yes! People try to trick you into things all the time. Scammers/spammers. The key here is, to flag them as spam & delete them always.
To stop this from devolving into something it's not. I don't think Alan_B was talking about getting a Phising scam email. Please keep this thread on topic, Thanks
As for the security issues involving auto-updating software I don't think it would be any different than antivirus auto updating. I definitely wouldn't think twice about letting CCleaner automatically update itself since it's a very trustworthy program, but with that said I like to have installers stored on my hard disk.
Nergal
You are correct, thanks.
Andavari
If I want an update to the latest CC then I will allow it to happen automatically,
and I would expect CC to ensure that it was getting the code from the correct server
(preferably a known IP address rather than an internet NAME that could be misdirected via a poisoned DNS)
and it should get a known file name and place it in a known place.
I would hope that if an internet interception caused CC to think an update was available,
then CC should NOT be deceived into fetching from a malware site any file (regardless of whether the file name was correct),
and even if it was so deceived I would hope that CC would remain in control of where in the system it deposited/installed that file, and what access authority it might bestow upon it.
If an internet interception caused CC to display a link that an update was available,
I would be afraid that my click on the link might give my authority to be taken to a place I do not wish and be given something I do not want and have it buried in the heart of my machine.
I am concerned about vulnerabilities that :-
are known today ; or
will become known tomorrow after inflicting widespread damage.
There was a time when the ultimate danger was an email with a BAT attachment with the command "Format C:\"
I do not know what tomorrow's new danger will be, I just know it will be ! !
My sanity is not endangered by my concerns because I have partition images to restore normality,
but I prefer to also keep ahead of the enemy and not fall victim to any malware.
Regards
Alan
If you have a good antivirus and firewall you dont have to worry about such things . I think you all are a bit paranoid about the "builtin updater". A website like piriform isnt going to be hacked just out of nowhere and it is not easy.
A website like piriform isnt going to be hacked just out of nowhere and it is not easy.
I accept that such hacking is not easy for one with your level of competence,
and I for one have neither the ability nor desire to hack Piriform.
I do not know how to mount an SQL injection attack,
but there are people with special skills who could.
Banking and Credit card handling sites get hacked.
I have good A.V. and Firewall - much good may it do me with a "zero day" attack for which there is no signature.
Then I benefit from the "Behavior Blocking" capability of Comodo.
I also have back-up disc partition images I can restore if the system goes belly up.
Malware has never caused me to resort to an image,
but it is nice to know I can recover in 6 minutes when all else fails.
Alan
P.S.
Tomorrow's threat arrived a few weeks ago.
.dll-file vulnerabilities.
To be precise, the vulnerability has been present for ages,
but only recently have the "good guys" identified a gaping hole in Windows security.
Interesting details in
http://windowssecrets.com/comp/100909
Alan
I accept that such hacking is not easy for one with your level of competence,and I for one have neither the ability nor desire to hack Piriform.
What makes you think I don't have the skills to do something like that?
P.s. A "free" firewall is not the solution I think. There are paid ones that are much better than comodo and can handle pretty much everything. Without having to click on "accept" or "block" each time a new program runs..