Tools I No Longer Recommend: CCleaner

Quite a bit has changed over the past year, including some of my own TTPs and understanding. I am going to start covering some tools I no longer use or recommend. The first installment of “Tools I No Longer Recommend” will cover CCleaner.

No Longer Recommended: CCleaner

Historically, I have had a pretty solid relationship with CCleaner. CCleaner was once one of my favorite tools, especially when combined with the additional cleaning capabilities of CCEnhancer [Windows only]. Running CCleaner was a deeply-embedded part of my daily digital routine. I recently completely stopped using and teaching CCleaner, however.

I stopped teaching CCleaner for several reasons. First, I went on a brief hiatus because of CCleaner’s no-opt-out data collection. Piriform (owned by Avast) backed down off this stance and made data collection optional but the feature is still turned on by default, requiring the user to opt-out rather than opt-in.

The second reason is CCleaner’s complicated, sketchy download/update process. CCleaner has a very rapid update cycle and as a result, updates seem to be constant. That’s great from a security perspective, but the process for installing updates is a security nightmare. During a class, my typical workflow with CCleaner would go something like this:

  1. Install the application from the installer that I provide. Even if I download the latest installer the night before, there will sometimes still be updates the following day. More often than not, step two would be to download and install the update. If it doesn’t happen on Day 1 of the class, it almost certainly happens by Day 5.
  2. Click the “download and install update” button. Here’s where things get interesting:
    • Navigate the first screen attempting to upsell you on the paid version,
    • Navigate the second screen attempting to upsell you on the paid version,
    • Get redirected to,
    • Avoid clicking the various fake “Download Now” buttons,
  3. Once the update is finally downloaded and running, remember to UNCHECK the box that installs some add-on software like Avast Antivirus or Google Chrome. In some cases, even if the user opts not to install Avast, it installs it anyway.
  • In summary, CCleaner has created a system that promotes mistakes, and tricks at least some users into downloading stuff they don’t want or need. This is terrible behavior from a “security” product.

  • At this point, you might be nodding your head, but wondering when I’m going to get to the malware. The malware is alarming, but to be fair, it could happen to a lot of products. Quite frankly, I’m more concerned about CCleaner violating users by installing software they don’t want, and forwarding them to another domain to download updates. Those actions demonstrate bad judgement and a disinterest in user security.

    Replacement: Bleachbit

    The best replacement currently, and probably for the foreseeable future, is Bleachbit. Bleachbit is completely free and open source, and to my knowledge shares no data at all. Bleachbit does reach out to the internet to ensure you are are running the latest version, however. Bleachbit isn’t perfect and there are some downsides.

  • First, Bleachbit doesn’t clean as much as CCleaner does. CCleaner (especially with CCEnhancer) cleaned a ponderous number of items from your computer. Bleachbit is a bit more limited. Bleachbit is also much less pretty and offers far fewer configuration options. Finally, Bleachbit does not really support Mac users. Apparently it can be run in macOS from the command line and a full Mac version is planned, but it’s not currently available.

    In Summary

    CCleaner is a security risk. Updating it is a security risk. CCleaner collects data on its user by default, and has a demonstrable history of giving users no control or recourse over data collection. Don’t use CCleaner. Use Bleachbit instead.