Ccleaner update installed on my PC without my consent.

[Charming_Music9520]

Had installed old version 5.73 and every update setting switched off since long time.

Today somehow there was installed latest version 6.11 without any prompt / consent. After booting the pc, a full screen CCleaner notification about it appeared.

Why is that?

[nukecad]

There is a system in place to periodically update outdated/obsolete versions of CCleaner.

CCleaner versions 5.## have reached End-of-Life and so are currently being updated to the latest version, v6.11.
https://support.piriform.com/hc/en-us/articles/13760826790669-End-of-Life-of-CCleaner-for-Windows-v5

In particular you should note that CCleaner versions below v5.92 no longer clear cookies effectively, because the major browsers have changed how they handle and store cookies.

You need to keep your CCleaner up to date for it to be effective. Browsers, apps, and Windows change all the time so the cleaning has to change to keep up.

As you were using a very old version of CCleaner you should have been getting notifications that this update would happen soon.
(I have not seen the notifications myself but believe that they would have also told you how to prevent the automatic update if you really wanted to).

This week versions 5.36 to 5.73 that are still in use will be automatically updated to v6.11.
Next week it is intended that versions 5.74 to 6.0 will also be automatically updated to v6.11

As noted - These automatic updates of outdated versions can be prevented by more advanced users, who realise that by doing so their old CCleaner version is unsupported and will not be cleaning things properly.

PS. As moderators we were last week given a 'heads up' that these updates would be happening this week and next.

Quote

After several months of alerts to impacted users, next week this target range will be extended to CCleaner 5.36-5.73 and then up to CCleaner 6.00 the week afterwards to help out those who remain stuck on outdated versions and have not been able to update themselves.

 

[Charming_Music9520]

There was no notification that an update would happen.

All automatic update settings in CCleaner were switched off - due to reasons.

Unacceptable. Uninstalled.

[Dave CCleaner]

There had been several notifications of this, although if you'd blocked CCleaner notifications or hadn't used CCleaner for the past year or so you may not have seen them.  I would assume the latter if you had not noticed that your copy of CCleaner had not been working for the past 16 months or so.  If the update reminded you that you may have old software running on your computer that you are no longer using, I hope you took the opportunity to use CCleaner's software removal tool (Tools > Uninstall) to remove any other unused software at the same time.

CCleaner has a monthly release cycle to keep up to date with changes in where operating systems, browsers, etc store their temp files.  Some of our users may have very good reasons not prefer not to be updated every month and prefer to manually update less frequently and at a time of their choosing.  That's great for us if some people do that - saves us money.  But once you get to 3-6 months out of date you're bound to start seeing some performance degradation. Getting as far as 12 months out of date with any software and you've probably got yourself a security issue.

If you had been actively using a copy of CCleaner that was 2.5 years out of date, I would encourage you to try running a cleanup using the latest version - you'll find that it removes substantially more junk.

[Charming_Music9520]

As already explained, there was absolutely no notification of this.

Automatically installing updates without prior notificaton and without consent and when installing updates it is clearly switched off in CCleaner is totally unacceptable.

And thanks, I already have removed the junk.

If you are afraid that your software could break systems, simply disable it. But do not play nanny games on your users.

[pio]

Absolutely unacceptable to do these forced updates and also display a full screen for Chrome installation...

If i think about it, i guess this whole "to your security benefit" bull, is just a gimmick to hack install some Chrome browsers on people's devices.

I know you need money and try to sell your Pro version, but still not cool what u doing. Maybe Google gives you enough to cover the loses of potential pro users.

This was the one piece of software that i would recommend to anyone and installed on every pc i get my hands on, but i guess bleachbit will do the job as well.

[umarthdc]

Forcing updates is unacceptable.

What I did is uninstall it, reinstall an older version, start it and turn off autoupdates immediately.

Then I disabled the ccleaner_emergency_update task from startup and deleted the ccupdate611_free.exe file from the installation folder in Program Files/CCleaner.

That did it for now.

[Dave CCleaner]

On 12/05/2023 at 13:12, pio said:

Absolutely unacceptable to do these forced updates

If you don't want CCleaner to automatically update, you can switch off automatic updates.  This only gets overridden for emergency security updates or (as is presently the case) the End of Life of CCleaner 5.x - the likes of which you wouldn't be seeing again until about a year after the release of CCleaner 7 (which itself is probably at least a year away).

On 13/05/2023 at 00:07, umarthdc said:

What I did is uninstall it, reinstall an older version, start it and turn off autoupdates immediately.

Then I disabled the ccleaner_emergency_update task from startup

Note that if the older version you installed was CCleaner 5.x then yes you have prevented any updates with those steps.  Although a) if you're on CCleaner 5.88 or below, you'll need to be using a third party source of cleaning rules such as winapp2 for it to keep functioning and b) given that CCleaner 5.x has been End of Lifed, you may start to see some unhandled errors and bits of the infrastructure get switched off.

If the older version that you installed was CCleaner 6.0x then you weren't going to see an override update again until mid-2025 at the earliest, so disabling or removing the emergency updater probably wasn't necessary in that regard.  Unless there's a Windows vulnerability that we need to do a security update for between now and then - in which case you should keep an eye on the https://www.ccleaner.com/ccleaner/version-history after each release to see if need to do a prompt manual update.

On 12/05/2023 at 13:12, pio said:

Absolutely unacceptable to do these forced updates and also display a full screen for Chrome installation...

If you haven't used CCleaner for a while, you may have missed the news that you can switch off the "this update brought to you by" messages under Options > Privacy > Offers in CCleaner.

On 12/05/2023 at 13:12, pio said:

If i think about it, i guess this whole "to your security benefit" bull, is just a gimmick to hack install some Chrome browsers on people's devices.

Not really.  The 2010-2019 approach of forcing everyone to do manual updates every month was far more lucrative - since users had to navigate through multiple "buy me" screens on the website and then view website banner ads in order to get their free update, which would then show a small, banner sized offer for a browser or AV in the installer that some folks would accidentally accept - unless you bought CCleaner Professional that included the automatic updates as a paid feature.  With automatic updates part of the free version since 2020 those steps are removed, the updates are optional, as are the sponsored messages, and the sponsored offers can't be missed and accidentally accepted any more, eg:

[The_Tinkerer]

Found this thread via Google

I had rebooted the PC, noticed that desktop was taking too long to come up, when it did, I was greeted with this CCleaner Update screen.

I was astonished. I had all updates turned off. I had CCleaner.exe, CCleaner64.exe, CCUpdate.exe, and even uninst.exe blocked in Windows Firewall... both inbound and outbound.

Yet somehow, you were able to CIRCUMVENT Windows Firewall, and run something on my system, without my awareness or permission, to update the copy of the program that I SPECIFICALLY WANTED to be on my system.

The is 100% COMPLETELY UNACCEPTABLE.

What if a bad actor at your company or an unauthorized user gets the ability to do what you just did, to run ANYTHING that they wanted? This is a MAJOR SECURITY RISK!!

Besides that, you don't seem to be getting it. It DOES NOT MATTER if it's "End of Life". OBVIOUSLY, if I needed to contact Piriform for support or anything like that, I would NOT EXPECT ANY for an older version. I would in fact ONLY EXPECT IT for the most recent version, so then ***I MYSELF*** would choose whether or not to update it.

This is **MY** hardware, it's **MY** Internet connection, **I PAID** for them, and **I** am the user, so therefore, **I** and **ONLY I** get to decide what runs on it or not, what gets changed or not, or what gets updated or not.

Users such as myself who understand what "User" means have enough problems constantly fighting with software providers who have this "software as a service" mentality who want to take control away from the  user, including WINDOWS ITSELF, to the point of having to spend HOURS to DAYS changing and modifying the operating system to make sure that it NEVER does anything the USER does not want it to without the user's knowledge or consent.

I had always thought of CCleaner as a very pro user application, but that hasn't been the case for a while, and now we all know that it is VERY MUCH not the case.

Because Piriform somehow CIRCUMVENTED Windows Firewall and run something without any knowledge or awareness from the user, I would classify this software as a MAJOR SECURITY RISK from this point forward. I will have to find something else to use.

Edited June 3, 2023 by The_Tinkerer

[The_Tinkerer]

The only thing I can *think* of, is that there is a "CCleaner Update" task in Task Scheduler that is set to run "at system startup", and I *may* have left this enabled... so perhaps Windows Firewall rules don't take effect until *after* scheduled tasks run that are set to run "at system startup". I did have another computer where I had the same executables blocked for both Inbound and Outbound in Windows Firewall, **and** the above mentioned Task Scheduler rule disabled. When I restarted that computer, the CCleaner auto update didn't happen. But, I can't be certain that this is what happened on the first computer, since it's now too late as CCleaner updated without permission, without prompting, and without informing.

Edited June 3, 2023 by The_Tinkerer

[thany2]

Automatic updates must be opt-in only.

Software must NEVER update itself without the user's consent, for security reasons. Any fully automatic updates that I haven't priorly approved, I would consider NOT secure, regardless of your impending endless explanation why I should consider it secure anyway. You cannot convince me.

ME and ONLY ME, decide what goes on my computer.

[Win764Man]

In addition, remember to delete or disable the CCleaner update task in Windows Task Scheduler.  Check out how AskVG at https://www.askvg.com/tip-disable-automatic-updates-for-software-versions-in-ccleaner/ or Bleeping Computer at https://www.bleepingcomputer.com/news/software/ccleaner-disregarding-settings-and-forcing-update-to-latest-546-version/.  I searched "CCleaner forces update" on DuckDuckGo.

I actually deleted CCleaner 5.65 because of this.  I am using cleanmgr.exe in Win 7 Pro and run as Administrator. I also use the cleaner under my paid Norton360 subscription.  Do NOT use 'free' security software.  Do NOT save logins/passwords.  Only allow auto updates on your PAID security software.  Important, stay away from Google and MS where possible.  In private browsing with Firefox (I use an older version,) or a browser window with auto history, cookie, and tracker cleaning.  Oh, and use an Ad blocker of some sort.  Equals happy computing. 

The entire freeware universe is becoming nothing but tracking cookies, data selling, and intrusive reporting back to the Mother ship.  Also, I can still use my old Glary with the nag popup.