Fired for installing CCleaner! Please advise!

[BrianH123]

I'm writing on behalf of a friend who was fired today because he installed CCleaner. His employer's crack security team considers it "malware". My friend has just seven days to appeal his termination. I would be extremely grateful for any advice from Piriform employees and customers on how my friend might go about appealing his termination.

 

Below is an exact quote from my friend's termination notice. The only change I made was to replace my friend's name with underscores. I didn't alter any punctuation, grammar, or capitalization:

 

Clear evidence was found that ______ violated Information Systems & Digital Usage Policies. Cyberreason information found and reporting, when cross-referenced to the Kronos and video informed us of the suspicious activity and MalWare loaded by ____. It is for this reason ____ is being terminated effective 6/5/2015.

 

"CCleaner" was mentioned verbally as the "malware" in question. I don't think he has that in writing, unfortunately.

 

Please volunteer any information and suggestions on how we might go about convincing the appeal board and/or the security department (who will probably be consulted by the appeal board) that CCleaner is not "malware". Are there endorsements from respected authorities we can use? Would Piriform like to give this employer a call? (Probably not, but I thought I'd ask.) Does CCleaner pose a risk to the logical integrity of the registry? (That wouldn't make it malware, of course. The only reason I ask is to try to discern why an IT department might not want it installed.) Please don't feel limited to these questions and volunteer any advice that could be helpful.

 

If my friend doesn't get his job back, we intend to publicize this as widely as possible, including the employer's name. The firing was flawed on several procedural grounds as well, which I haven't gone into but which even more ridiculous than the factual issue.

 

[Winapp2.ini]

I don't think anyone you'll hear from on the forum is qualified to give you legal advice in this regard.

 

To answer the technical question of whether or not CCleaner can pose a risk, the answer is yes. Anything that can modify the registry can break it, if used incorrectly. CCleaner is much "safer" than most other registry cleaners in this regard, but it has been known to bork a system every once-in-a-while (though this is most often the result of overzealous cleaning)

[hazelnut]

Also if the employer has a rule against employees installing software, especially one which can wipe out tracks of internet usage in company time, then he is unlikely to succeed in his appeal.

[Nergal]

The computer is the purview of their employer and thus the only advice that is possible is "Next time read the employee manual".

[Andavari]

Moved to "The Lounge".

 

An employer has the right to scold anyone who doesn't ask permission to install software, which is why it's always better to ask first instead of assuming. Harsh lesson learned I'd say.

[mta]

I've worked in 7 IT Departments and 6 of them have had their PC's locked down so employees could not install software.

The one that did allow that ran nightly scans to check what software (if any) had changed and what sites you visited.

 

In other words, I've never seen an employer trust an employee when using their computers.

 

I got out of 'working for the man' before the wifi, Facebook, personal emails, etc systems all took off so I hate to think what IT Departments think of those 'avenues of attack'.

 

With Unions, workplace agreements, unfair dismissal laws and all that raft of employee rights, for the company to do what they did, they must have had a very good - and legit - reason.

(barring being complete scumbags of course)

[Nergal]

 

 I got out of 'working for the man' before the wifi, Facebook, personal emails, etc systems all took off so I hate to think what IT Departments think of those 'avenues of attack'. 

Don't forget BYOD (bring your own device), everyone having mobiles and Netflix (and it's ilk).

[BrianH123]

Forgive me, but if the policy is: “Don’t install software without permission”, why didn’t my friend’s termination notice say the reason for his termination was “____ installed software without permission”? Instead, the termination notice accused my friend of “suspicious activity” and “loading MalWare” [sic]. Is there anyone here who believes that CCleaner is “malware”? I’m a 47-years-old computer programmer who started programming professionally when he was 15. I don’t use registry cleaners, but the idea that anyone in the IT field could consider a registry cleaner “malware” is ludicrous. If language is to mean anything, we need to distinguish between software that is intended to do harm (ransom-ware, click-fraud clients, botnet clients, rootkits, viruses, etc.) from a utility that if misused can cause damage. Just googling “malware” brings up a definition that any literate person can see not include registry cleaners.

 

In my original post I alluded to “procedural problems” with the firing, but I left those out in an attempt to get people’s opinion on the employer's factual claim that CCleaner is “malware”. But here are some of procedural problems:

 

1. CCleaner was already installed on my friend’s computer when he went to work for this company two years ago.

 

2. Seven weeks ago, his computer was wiped clean and upgraded from Windows XP to Windows 7. CCleaner was not reinstalled. Nor was anyone told not to install it.

 

3. As far as I know, there is no prohibition against installing software on the company’s computers. What is prohibited is installing software that is prohibited. And the way they prohibit software is by putting a firewall block on the site that hosts the software.

 

4. Three weeks ago, my friend went to the Piriform website and downloaded CCleaner. There was no firewall block in place. There was no notice that this was prohibited software.

 

5. Some time after my friend installed CCleaner, the IT department decided it didn’t want people installing CCleaner. It didn’t inform anyone of that. It just blocked the Piriform website.

 

6. Some time after the IT department blocked the Piriform website, CCleaner performed an automatic check for an upgrade. (Thanks, Piriform.) The automatic check (not initiated by my friend) was blocked by the firewall. The IT department was alerted when the block occurred. At that point my friend was accused of “suspicious activity” and loading “MalWare”.

 

If it’s a firable offense to attempt to contact a website that’s on the block list (even though the block list isn’t published in advance), then it’s CCleaner that should be fired, not my friend because it was CCleaner that attempted to contact the website when it did its automatic check. Piriform, I hope you give CCleaner a generous severance package.

 

Just to be perfectly clear, I can understand why an IT department wouldn't want to allow users to install a registry cleaner. If I were running their IT department, I'd probably prohibit it too. But I wouldn't call it "malware" and I wouldn't recommend firing someone who installed it if they installed it before I prohibited it.

[mta]

Here's my 2 cents worth;

 

No, CCleaner from Piriform is NOT malware.

But no-one can always guarantee that, Piriform may get hacked, or you can download a program called CCleaner from any site that 'claims' to be the real deal, and in fact this has happened.

So this would be the default, safe approach of any half decent IT department.

 

And as to 'my friend', 'he said', 'they said'; all we are hearing is your side of the story which is only his side of the story.  Until we hear the whole story (their side, and that's not going to happen) then we aren't getting the entire facts.  Just to play Devil's Advocate, for all we know the program he downloaded and installed was malware wrapped up in software called CCleaner.

 

I don't mean to be rude here, but this is really pointless as far as resolution goes.  Fair enough, get it off your chest and all, but really, nothing said here is going to help your friend.

None as us are lawyers, we are all just forum volunteers with no official connection to Piriform.

I strongly doubt anyone with direct Piriform connections will chime in, it's just not something they do very often.  They would have seen this by now so if they want to reply they will.

 

There aren't too many reasons to use CCleaner; the main ones would have to be; trying to speed up a slow PC and to remove browsing tracks.

Given the PC is in a business environment, if the PC was slow, you call the IT nerds in to fix it, so the safe assumption is he wanted to clean up his cookies/history of web surfing.

I'm not suggesting he was surfing 'those sites' (we don't know), it may have been as innocent as removing web banking site passwords and such.

 

And the whole 'stand up for you rights' and 'become sheep'...  couldn't agree with you more, and it starts with ourselves!

It's always someone else's fault.

Let's be cruelly honest - there is only one person to blame here.  There was no issue until CCleaner was installed.  (The whole that's a sackable offence is another story)

Only one person is responsible for that.

At some point 'my friend' needs to take ownership of that.

 

OK, that's off my chest - I'm done.

 

And on a more light-hearted track, Welcome to the forums @BrianH123, please don't take any malice from my comments as none was intended.

[hazelnut]

Just to add that when your friend installed Ccleaner he would have been given choices as to what settings he wanted Ccleaner to have.

 

One of the tickbox settings is for Ccleaner to automatically check for updates. So unfortunately it is hardly Piriform's fault that your friend left this ticked.

 

But enough said on this matter now.

 

 

Like mta, I'd like to say 'welcome to the forums'.

[Derek891]

Hello BrianH123 and welcome to the forum. The best advice I can give you is to tell your friend to hire an attorney who specializes in unfair/unjust terminations and makes it perfectly clear to the company that he has done so during his appeal process. This puts the ball in their court. If they have the slightest doubt that they weren't 100% justified in firing him, or if they don't want to face the time and the money involved with a legal action, they could very well drop the whole thing.

[trium]

I believe in a company is in principle prohibited everything that is not allowed.

 

So also install third-party software on company computers, except a piece of software is explicitly permitted.

 

also an it-department will take ensure that a employee can not install third-party software --> in this case that's in fact by gross negligence on the part of the company.

[BrianH123]

Thank you Hazelnut, Derek891, and Trium for the constructive responses. We are consulting an employment lawyer. I'm basically here seeking the answer to an IT-related, non-legal question:

 

       What is a good source of information to show a firing appeals board or an IT department to "prove" (inductively) that CCleaner is not malware?

 

I may have confused people here by raising legal issues in my posts. I did that because I thought the firing was so egregious it might motivate a compassionate person to answer my non-legal question. But I'm just here for the answer to the IT-related, non-legal question in bold above. This question is just a small part of the case, and this forum is not the only place I'm consulting for the answer (thank God, given some of the responses I've received). For anyone whom I've distracted by mentioning the firing, just pretend that a firing isn't involved. Just assume that you need to prove to a technologically unsophisticated person in authority that CCleaner is not "malware". What would be a good way to do that?

 

MTA, I really feel I need to respond to your post. I'll try to keep it brief. Any time you find yourself starting a paragraph with "Not intending to be rude here", pause for a second and think if perhaps you might be intending to do just that but just wishing to inoculate yourself from the accusation. I have five days to get a letter written to appeal this firing, and you're muddying the waters here with accusations of deceit on my part, attempts to play "Devil's Advocate", and raising of possibilities that aren't consistent with the facts. (For example, you raised the possibility that my friend downloaded malware packaged as CCleaner. But as I mentioned in my post, he was caught by a firewall block on Piriform.com.) There's no question that my friend was fired because the "security team" believed (or at least pretended to) that CCleaner, as downloaded from Piriform.com, is malware. And he was told that in person when he was terminated. But for anyone who doesn't want to accept the facts of the firing as I've relayed them but has useful information anyway, please just pretend that a firing didn't happen and consider the question as rephrased in the second bold sentence above.

[Nergal]

I think, while ccleaner is not at all malware, it can exhibit actions akin to malware in a corporate environment. While, on the face of it, you are correct in thinking that the eployeer is using the term incorrectly in their (most likely boilerplate) letter of termination I don't believe it is enough to amount to a suit of wrongful termination* (at least not in the United States). However, without the full text of the corporate "Information Systems & Digital Usage Policies" we cannot specifically speak on whether the act of loading (or in the case of the portable version running) ccleaner violated said policy.

As many have stated, in most job environments having ccleaner would amount to justified termination.

 

*I understand that there is probably much more to the story, to which we aren't privy, however a judge does not care. Because (according to the letter) they can prove, through video and (what I assume is a timecard/login-journaling software) Kronos, that your friend downloaded and/or ran software not expressly authorized by corporate policy and/or Information Systems supervisor a judge will, likely, find no fault in the firing.

 

[login123]

Brian, your friends best recourse is to let his lawyer handle any communications with Piriform and his employer. 

I can say with some authority that the most common mistake people make when facing administrative, civil, or criminal charges is talking too much. 

 

edit: 

No offense meant, not trying to be brusque, just saying. 

[Andavari]

I find the whole thing very interesting because we are constantly telling people new to the forums that CCleaner is not an anti-malware to the point many months ago I made a locked pinned topic about it (seems to be a little buzz on the Internet that it's anti-malware). Now some business/IT department is accusing it of being a malware and even firing someone over installing when clearly it is NOT malware.

 

The various anti-virus/anti-malware products that scan and do not produce false positives against CCleaner's installer/files (products such as ESET produce false positives against CCleaner) can validate it isn't malware simply by uploading CCleaner to online scanners such as; Jotti, VirusTotal. Metascan Online, etc. I don't think the business/IT department could simply go 100% by the anti-virus/anti-malware they have installed since the fact is any anti-virus/anti-malware can give a false positive, i.e.; inaccurately/falsely indicating the presence of virus/malware when one does not exist.

Edited June 9, 2015 by Andavari

[trium]

Now some business/IT department is accusing it of being a malware and even firing someone over installing when clearly it is NOT malware.

 

something like that i have heard from a microsoft support employee ...

 

"something like CCleaner had no business being on a microsoft computer and would do more harm than good ..." i can even imagine why given the close cooperation with such light-shy rabble/scum as NasSA and Co. --> private data is indeed worth gold (internet traces, search terms entered, document use...etc.) the same is true for companies - after deleting the "private data" activity can no longer be traced.

[amcgall]

As a retired HR Manager I will tell you that if the company policy says you are NOT to install any software on company owned computers then your friend is at fault.  This is assuming the policy is in writing.  Like in a written company policy i.e. employee handbook.

 

The company I worked for had this policy and we strictly enforced it.  I was also the company's IT Manager.  I saw to it that software installation was not possible by setting the user policy in Windows server to prevent it.  On a laptop is a different problem as it's not practical to prevent software installing on a laptop.

 

If your friend worked at my company we would probably give him/her a written warning and fire only after the 2nd offense.  Unless the software being installed was definitely malware or spyware that the employee was installing for nefarious purposes.  Then we would fire immediately after the first offense.

[Tasgandy]

My experience some 9 years prior to my retirement was basically in a similar working environment as amcgall (I was a Branch Network Administrator / Client Network Consultant). We were only able to install software on our laptops, never able to install software on employee desktops or showroom PC. In Australia we were some 1,730 employees with many offices and a very large WAN. 

 

However in the case of breaching any of the Companies written policies that we all signed and had our own copy, we would normally be given three written warning notices prior to dismissal, unless otherwise stated in the Company policy manual.

 

Whilst there is always two sides to every story I'm with you BrianH123 it all seems somewhat "heavy handed" from the details given so far.

 

My only wish is that "cool heads" will result in an amicable solution that see's your friend not lose his job especially being so close to Christmas time.

 

I wish you both "good luck"

[Augeas]

Well, it was over six months ago and under US administration so I don't think we should carry on wasting too many brain cells on this speculation.

[Andavari]

This is 6 months old! Although I doubt the employee would really want to work for the employer after the ordeal, I know I wouldn't.

[login123]

Well, it was over six months ago and under US administration so I don't think we should carry on wasting too many brain cells on this speculation.

 

Quite right, Augeas, and forgive me for beating this dead horse.  

 

But for the dear reader who may chance upon this mendacious topic in the future, consider:   

- All we really know about the situation is what BrianH123 wrote.  That could be wrong.   

- BrianH123 may know only what his friend told him.  Which could be wrong.

- Neither the true behavior of CCleaner nor the motivation of the "friend" that matters a whit.

- If the company policy says do not install software, and you do anyway, you take your chances.  

 

The kindest and most effective policy would what amcgall suggested, lock the computers so that the employee can not tinker with them.