Jump to content

Recuva always calls home


chrissmith

Recommended Posts

Can someone tell me why this program always calls home when you launch it? The reason I ask is that on all my computers, the program won't launch until the program "times out", or "gives up" trying to access the internet. It can't make it through my firewall, so it just hangs until it gives up, and then it finally launches.

 

I have Recuva options set to NOT check for updates, so I have no idea why it constantly has to seek out the Piriform website. Both CurrPorts and TCPView confirms Recuva trying to access (although, no Remote Address is given).

 

I have installed/uninstalled numerous versions of Recuva and all act the same. I have also run the program in "debug" mode and it also acts the same although it does launch a "check for updates error" window sooner than in non-debug mode.

 

Can someone explain why the program calls home, or how to disable it constantly checking for updates regardless of the option settings?

 

I love the program, but uhhhh... frustrating as all heck, as you might gather!

 

Thanks,

Chris

Link to comment
Share on other sites

yes, I´ve also noticed that.

 

but i have luckily a firewall ;)

Versions of CCleaner Cloud; Introduction Ccleaner Cloud;

Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free

 

Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard"

Link to comment
Share on other sites

  • Moderators

are you running recuva 64bit?. If so I believe this is being looked into

 

ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION

DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF.

Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark)

ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T.

CCLEANER, RECUVA, DEFRAGGLER AND SPECCY DOCUMENTATION CAN BE FOUND AT  https://support.piriform.com/hc/en-us and  https://www.ccleaner.com/docs

Pro users file a PRIORITY SUPPORT request at https://support.piriform.com/hc/en-us/requests/new

link to WINAPP2.INI explanation

Link to comment
Share on other sites

also speccy trying to make phone calls home without updatesearch, but in contrast to recuva runs speccy without internetpermission. :)

Versions of CCleaner Cloud; Introduction Ccleaner Cloud;

Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free

 

Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard"

Link to comment
Share on other sites

I allowed internet access to Recuva and monitored who exactly it calls. It calls Verisign. Looks like the "check for updates error" is not really said error but a guise in lieu of stating that contact to Verisign had been denied. In any case, after it talks to Verisign, the program runs as expected and no longer delays as it opens or attempts to call again. Since I can't find any new registry entries under any Recuva/Piriform keys, I suspect a change has happened somewhere else in the registry or elsewhere in the system.

 

Note that prior to allowing access, even a portable Recuva app run off a USB drive would cause the same delay and subsequent call. Once internet access had been allowed for the computer installed app (not for the USB app), the delay never happened again even when the app was run from the USB drive. I found this interesting. Yup, I would have to surmise that something definitely gets written to the system once Verisign has been contacted.

 

I hold a Tech badge on a well known self-help computer forum (under a different user name) and undisclosed internet contact by applications are generally viewed as not very nice (to put it nicely!). Not accusing Recuva of being underhanded, but nowhere in the EULA or Privacy statement is it stated that a 3rd party will be contacted when the app is first launched. The only mention of Verisign I see is their badge... unless I missed something somewhere. I am unsure of the exact relationship Piriform has with Verisign, but disclosing that contact would be made either with them, or through them, would have been nice to know... then, I wouldn't have spent all that time trying to figure out why I was getting that bogus check for updates error.

Link to comment
Share on other sites

  • Moderators

I highly doubt it's as nefarious as you make it but I'll check?

 

ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION

DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF.

Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark)

ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T.

CCLEANER, RECUVA, DEFRAGGLER AND SPECCY DOCUMENTATION CAN BE FOUND AT  https://support.piriform.com/hc/en-us and  https://www.ccleaner.com/docs

Pro users file a PRIORITY SUPPORT request at https://support.piriform.com/hc/en-us/requests/new

link to WINAPP2.INI explanation

Link to comment
Share on other sites

If I wanted to make it sound "nefarious" I would have used another word describing what I described "nicely". I've been using CCleaner since 2005 (or thereabouts) so I'm aware of the good people behind it. All I'm doing is reporting what I found. Please understand that security and privacy are pet peeves of mine and undisclosed contact with any website, server, etc gets my attention very quickly. Beyond that, the fact that I installed/reinstalled various versions of the Recuva application, numerous times, on several machines, all with the same result, threw me for a very long time before I even joined this forum and posted my inquiry.

 

hazelnut may be onto something with the cert. Still, I don't see any reason Verisign has to be contacted during an install... much less later, after installation is completed... it would be too late by then, correct? Many (many) apps on my desktop have never been allowed internet access and none of them have ever attempted to continually verify their cert during or after an install. A lot of them use Verisign so I don't know what's going on with Recuva. When I think about it, I don't know of a single app I use that has done this.

 

In any case, my major gripes are with non-disclosure of contact and the fact that a "check for updates error" was displayed rather than what was really going on... if in fact it was a "cert verification error", or something. People should be notified (via EULA maybe) so they know what to expect.

Link to comment
Share on other sites

  • 3 weeks later...

hazelnut... 22 days and no response from the devs?

 

I just installed Recuva on a brand new reload of an older T42 Thinkpad getting it ready for my friends daughter. Recuva did the same thing and tried to access the web and would always stall until I granted it. Now it loads fast.

 

Is Piriform monitoring/counting it's users? Looks that way to me. Of course without a response from the devs, what would you have me think? What information is being sent to Verisign? What information is being collected?

 

I'll say it now, this is bordering spyware.

Link to comment
Share on other sites

Chris, I agree with you there.

 

I love the apps, but nothing peeves me more than apps making undisclosed connections to the internet.

 

I use apps portably a lot, & I can't afford to have every app checking for a web connection.

 

* Although you can use a registry compare function to locate the registry key that gets added, or even via hunch to locate the settings, then export the key for re-entry before launching the app to ensure it doesn't repeat the action, I think that is far too much trouble.

 

Would be more better (Did I just say more better? :)) if the apps simply did not connect at all.

Link to comment
Share on other sites

Thanks for the support Super Fast. I was beginning to think someone was going to label me a troll soon.

 

I tried running the app as a portable but it didn't matter. The app won't run correctly until the "computer" it's been run on has reported to Verisign.

 

I run a lot of apps on my various computers and this is the only one that "breaks" if it doesn't call out. Very unsettling and not good practice.

 

The devs need to answer this inquiry as it's a possible privacy issue.

Link to comment
Share on other sites

  • Moderators

There's this in the docs for CCleaner, but not for Recuva. I'm sure that they share some code...

 

'When you try to run CCleaner, you see a warning dialog box from ZoneAlarm firewall.

ZoneAlarm is a common security program. It checks for suspicious program behavior and alerts you if an unknown program starts to ask for access to system files or the Internet.

If you run CCleaner for the first time when you have ZoneAlarm installed on your computer, you may see an alert from ZoneAlarm. You may also see an alert when CCleaner checks for an update. Click Allow in the alert to let CCleaner continue.

To avoid seeing any more alerts from ZoneAlarm about CCleaner, select Apply this setting to all suspicious behaviors exhibited by this application, and then click Allow.

Note: CCleaner contains no spyware or adware.'

 

I read that as CC attempting some connection to the internet on first start. Maybe Recuva does the same, and it's something we have to live with when using Piriform's products. Don't say why, I don't know.

 

P.S. The devs don't offer any support here. They may occasionally respond, but if you insist on support you have to pay for it.

Link to comment
Share on other sites

Hello Augeas,

I understand how ZA works.??I run it and it's the program that flagged Recuva.

 

If a user "unchecks" check for update in the program options, then Recuva should "not" check for an update and should not require internet access.??Don't you agree?

 

The problem is that regardless of how the options are set, Recuva attempts internet access directly after first being run.??The troublesome part is that Recuva is not actually contacting Piriform for an update, but rather Verisign for an undisclosed reason.??This in itself is very suspicious and leads me to think information is being collected.

 

Here is what I did...

1) I installed Recuva and launched it.??It remained broken (slow to load) until I allowed it internet access.??I traced it and it contacted Verisign.??After contacting Verisign, the program hence forth loads faster because it no longer attempts internet access.??Note that the options for updates were disabled.

 

2) I then allowed Recuva to check for an update and traced it.??Not surprisingly, it contacted the Piriform website.??It didn't contact Verisign like it did the first time.

 

Your remedy of allowing CCleaner or Recuva through a firewall simply to "avoid seeing any more alerts" is not a good answer to the problem that privacy issues may be present.

 

Your answer to "pay for it" is not good either to skirt this issue.

 

Whether the moderators here, or the devs want to hear it or not, if there is undisclosed information being collected from users, it's considered Spyware by many in the community.??

 

All Piriform needs to do is disclose what information may be collected (EULA), and then let people decide for themselves if they want to use the program and allow that collection.??

 

I realize I'm coming across strongly here.??But this is a privacy issue and Piriform should be concerned enough to address it.??After all, there's nothing to hide, right?

Link to comment
Share on other sites

  • Moderators

No one is skirting any issues here Chris.

 

We have offered what info we can as fellow users.

 

This forum is run by moderators who are users like yourself.

 

Piriform devs do read the posts and sometimes comment.

 

If you want to talk to Piriform directly about this because you feel unhappy about your issue then you would have to buy support which entitles you to direct contact with them.

 

This is not stating a get out, just a fact.

Link to comment
Share on other sites

Whether the moderators here, or the devs want to hear it or not, if there is undisclosed information being collected from users, it's considered Spyware by many in the community.

 

All Piriform needs to do is disclose what information may be collected (EULA), and then let people decide for themselves if they want to use the program and allow that collection.

 

I realize I'm coming across strongly here. But this is a privacy issue and Piriform should be concerned enough to address it. After all, there's nothing to hide, right?

If you think your privacy is being invaded via untrustworthy behavior that depends upon Verisign collecting your data,

perhaps you should refrain from any financial transactions that also involve Verisign authentication,

and also perhaps complain to Symantec which bought out Verisign.

Link to comment
Share on other sites

Alan_B

 

You are either missing the entire issue or you can't understand it. Why do you believe in any way that financial transactions dealing with Verisign has anything to do with what the real issue is? Why even suggest I complain to Symantec? Do you even realize how silly that sounds? Whether it be Verisign, Google, Timbuctoo, or Venus ... it doesn't matter who Recuva is calling.

 

The issue is Recuva is calling out to an "undisclosed" entity without notification to it's users. Beyond that, if contact fails, not only is the program's operation hindered, but the error that is displayed to the user is a "Check for Updates" error, even when the update option is disabled. The mere fact that the displayed error is obviously a deception when Recuva cannot contact Verisign does not bode well with me.

 

In the future, try to keep the real issue in mind.

Link to comment
Share on other sites

hazelnut,

Being a moderator yourself, I'm sure you're able to contact the devs. Well, maybe not. However, since they don't visit too often and only sometimes comment, I'll try to keep the topic on top of the forum so they can see it.

Link to comment
Share on other sites

Alan_B

 

You are either missing the entire issue or you can't understand it. Why do you believe in any way that financial transactions dealing with Verisign has anything to do with what the real issue is? Why even suggest I complain to Symantec? Do you even realize how silly that sounds? Whether it be Verisign, Google, Timbuctoo, or Venus ... it doesn't matter who Recuva is calling.

 

The issue is Recuva is calling out to an "undisclosed" entity without notification to it's users. Beyond that, if contact fails, not only is the program's operation hindered, but the error that is displayed to the user is a "Check for Updates" error, even when the update option is disabled. The mere fact that the displayed error is obviously a deception when Recuva cannot contact Verisign does not bode well with me.

 

In the future, try to keep the real issue in mind.

But you said this was a privacy issue, which I interpret as meaning that Piriform is using using Verisign as a "middleman" to extract your information.

I do agree with you that it would be silly for organizations such as Verisign and Symantec to risk their reputation.

 

I would react like you when finding that software dialed out, and I too would identify what it was connecting to,

but I would abandon my fears immediately I found that the connection was to an independent site that Microsoft and I and my bank and credit card companies trust.

 

Please be careful to avoid libel.

I doubt that you can prove intentional deception from a "Check for Updates" error.

 

Recuva has a digital certificate issued by Verisign.

It would not surprise me if my system wanted to check the validity.

 

In post #6 you state

"I suspect a change has happened somewhere else in the registry or elsewhere in the system."

I know for certain that if my malware protection is concerned about the safety of a new application it will not permit execution until it is satisfied,

after which it will indeed update the registry to identify this as safe and it will not delay execution again until the application is updated and needs revalidation.

Are you certain that your protection does not do something similar ?

 

I too would like to know why Recuva contacts Verisign,

but it is not something I am concerned by.

 

Alan

Edited by Alan_B
Link to comment
Share on other sites

Alan_B

 

I'm not really worried about the fact that Recuva contacts Verisign or the possible information that is being collected. They know all about me already. It's the fact that it's "undisclosed" contact and lack of information of what is being collected that's troublesome.

 

I don't suspect Piriform of spying, per se, but the way Recuva goes about it's business, anyone who deals with spyware (and I do) will surely think this is "unusual" behavior simply because it's not stated anywhere.

 

Anyone who has been on the internet for any amount of time has surely been exposed to the privacy issues surrounding the many software companies, websites, and places like Facebook. Privacy is a serious issue that should concern everyone.

 

As I mentioned in post #17...

"All Piriform needs to do is disclose what information may be collected (EULA), and then let people decide for themselves if they want to use the program and allow that collection."

 

What's so difficult about this? I can't imagine.

 

Anyways Alan, I don't expect anything to come of this thread. It'll probably just fade away... and that's really too bad. It's already been almost a month, 3 moderators have visited, and not a single dev? You would think moderators have no contact with them.

 

Thanks for participating.

 

Moderators can close this thread if they wish. I'll do my own independent analysis of what's really going on. Perhaps nothing!

Link to comment
Share on other sites

I have just downloaded the latest (last year's) Portable version of Recuva version1.42.0.544, modified ‎01 ‎December ‎2011, ‏‎12:34:50

I disconnected the Internet and disabled my A.V. and Behavior Blocking protection.

I used 7Zip to extract Recuva to a new and unused path.

I launched Regshot and that monitored activity during my use of Recuva.

 

RegShot first shot.

 

Recuva Use :-

I clicked NEXT on the Wizard

I checked Other (show all files)

I selected specific location C:\ProgramData

I chose to NOT enable deep scan

I clicked start

After the Analyse stage I closed Recuva

 

At no time did Recuva give any indication that an Update Check was even an option.

Only if I avoid the Wizard do I get to see an option for checking updates.

 

RegShot second shot

Regshot Compare

 

The RegShot compare found only 2 registry keys and 3 files were modified.

All the changes have the stench of Microsoft doing whatever they do when we are not looking (and even when we do look)

The comparison is a 1018 KB text file which appears to show just a few bytes differences within

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009\Counter:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage\Counter:

 

I show below the reported changes, but I have greatly abbreviated the registry values.

Regshot 1.8.2

Comments:

Datetime:2012/4/26 14:37:47 , 2012/4/26 14:40:17

Computer:ALAN-DESKTOP , ALAN-DESKTOP

Username:Alan , Alan

 

----------------------------------

Values modified:2

----------------------------------

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009\Counter: 31 00 31 38 34 37 00 32 00 53 79 73 74 65 6D 00 34 00 4D

65 6D 6F 72 79 00 36 00 25 20 50 72 6F 63 65 73 73 6F 72 20 54 69 6D 65 00 31 30 00 46 69 6C 65 20 52 65 61 64 20 4F 70 65 72

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009\Counter: 31 00 31 38 34 37 00 32 00 53 79 73 74 65 6D 00 34 00 4D

65 6D 6F 72 79 00 36 00 25 20 50 72 6F 63 65 73 73 6F 72 20 54 69 6D 65 00 31 30 00 46 69 6C 65 20 52 65 61 64 20 4F 70 65 72

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage\Counter: 31 00 31 38 34 37 00 32 00 53 79 73 74 65 6D 00 34 00 4D 65 6D 6F 72 79 00 36 00 25 20 50 72 6F 63 65 73 73 6F 72 20 54 69 6D 65 00 31 30 00 46 69 6C 65 20 52 65 61 64 20

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage\Counter: 31 00 31 38 34 37 00 32 00 53 79 73 74 65 6D 00 34 00 4D 65 6D 6F 72 79 00 36 00 25 20 50 72 6F 63 65 73 73 6F 72 20 54 69 6D 65 00 31 30 00 46 69 6C 65 20 52 65 61 64 20

----------------------------------

Files [attributes?] modified:3

----------------------------------

C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6defdc492a3bff1d.customDestinations-ms

C:\Users\Alan\NTUSER.DAT

C:\Users\Alan\ntuser.dat.LOG1

 

----------------------------------

Total changes:5

----------------------------------

 

I then ran Recuva and skipped the Wizard and saw that the Check Updates box was checked,

but when I did a Scan there was again no attempt to update.

 

Then I clicked on the blue link on bottom right and that launched my "Default Browser" which attempted to connect to

http://www.piriform....4-bit%29&l=1033

That was blocked because the Internet was disconnected.

I clicked the browser retry and again it failed.

I closed the browser and saw no evidence of any "Check for Updates" Error, and then I clicked SCAN and it proceeded without trouble.

The only browser attempt was to Piriform, but none to Verisign.

 

I cannot see anything suspicious with the Portable version of Recuva.

 

I never use Installed software if Portable is available because Installation = Registry problems.

And it pains me to see that running a portable application on a non-system secondary HDD causes a 1 MB change to counters in

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\

 

I suspect you only see connections to Verisign because Microsoft is your "Big Brother" and feels responsible for software that is installed and registered,

and perhaps this is adequate cause to check that any certificate is still valid and has not been revoked.

 

Perhaps you should look at your Windows Installation EULA.

I remember when a security update tried to foist SilverLIght on me,

I chose to forbid the download and it semi-complied,

but it still installed the SilverLight EULA which gave it limitless rights for Microsoft and all its nameless partners and affiliates the rights to share all information that they might glean from the Internet.

 

Conclusion :-

Portable is good. It reduces the extent of Microsoft's interference.

 

Alan

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.