Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Wednesday, November 10, 2010

Beware over ambitious clean up programs

Last month I wrote about problems caused by the security company McAfee. An update from McAfee falsely accused my WinPatrol program of being a dangerous Trojan. A slow response from McAfee cost some business but mostly hurt our reputation for over a week.  I’ve had a number of people ask me how things were going since this annoying experience.

Unfortunately, my story isn’t unusual. What we call “False-Positives” happen all the time and reputable companies take them serious.  Most companies certainly don’t want to cause more harm than they help.

There’s another potential danger from programs promoted as Registry Cleaners and/or system optimizers. They can also delete program files or registry values that they decide may be harmful. How they decide what needs to be cleaned appears to be arbitrary. Currently, the only program of this type I recommend is Optimize 3 from PC Pitstop.

My most recent efforts have been to contact folks with Piriform a company who distributes a program called CCleaner.  This program is well respected as a utility which will help clean up your computer claiming to make it run faster and more secure. One of our friends found out if you’re a WinPatrol user CCleaner will remove one file you’ll want to keep.  CCleaner does provide an option to exclude WinPatrol which for now I recommend unchecking.

ccleaner 
While I’m honored to be included, WinPatrol users will want to uncheck this box.  The history.txt file is an important file you won’t want deleted. The history.txt file stores a lists of actions you took using WinPatrol. If for some reason you want to recover a change you’ve made it won’t be possible without the history file. If at sometime you want to clean up this file WinPatrol already provides a button to initialize it.

wpcleaner 
I’m hoping to contact someone at Piriform so I can let them know what might be useful to clean without hurting WinPatrol.

My experience with McAfee wasn’t the best but they’re not alone. There’s an company in Norway called Norman which continues to classify WinPatrol as a Trojan even though I’ve contacted them multiple times. Since they’re not very popular in English speaking countries I haven’t had many complaints but I’m sure it has hurt our reputation in Europe.

I have however had some good experiences. In the past month I’ve had two reports of false positives caused by new software from Panda Security. After my first report last month they updated all their users and resolved the problem within 24 hours. This weekend I started to get new reports but they had it fixed before I found the time to report it.

Another security company ESET tells me their test procedures are so extensive that WinPatrol is included when they test any new signature files.

I’m also a big fan of the site VirusTotal.com.  If you ever find a suspicious file you can uploaded it to VirusTotal and have it evaluated by up to 43 different anti-virus signature files.  VirusTotal also allows you to join their community and comment on files you test.

virustotal

 

Update 11/11: I heard early this morning from a rep from Piriform and they have agreed to leave the history.txt alone but will continue to include WinPatrol logs in their clean up. Thanks!

Share on Facebook


7 Comments:

Blogger Unknown said...

I'm unable to locate VirusTotal.com ... both Google and Wiki say it should be there but all I get is an error page. Is it just me?

3:58 PM  
Blogger bowlby4 said...

I just EXCLUDE C:\Program Files\BillP Studios\WinPatrol\history.txt under the OPTIONS button in CCleaner.

7:07 PM  
Anonymous Anonymous said...

It should be noted CCleaner just started listing WinPatrol in the most recent version (3.00.1310), or perhaps the version just before that. Most people who have CCleaner installed probably won't see WinPatrol listed in the applications.

I noticed this when I checked after reading this post. I keep CCleaner relatively up to date, but it isn't one of those programs I update right away, or for every minor release. I suspect many others do the same.

So keep this in mind if/when you update CCleaner in the future. Maybe you can work it out with Piriform and it won't be an issue much longer. Good luck!

-Brian Fiori

8:42 AM  
Anonymous weaselbites said...

I have reported it to the CCleaner people. Hopefully this will get fixed really quickly!

Keep up the good work with Winpatrol - I am loving the cloud feature so I can see what others have thought program X Y or Z :)

10:39 AM  
Blogger Unknown said...

I'm pleased to report I have been contacted by someone from Pirform. I've elaborated on our issue so hopefully it will be resolved so future versions of CCleaner and WinPatrol work well together.

Bill

1:29 PM  
Anonymous Anonymous said...

CCleaner is supposed to be used to delete history and log files. Seems like it is working as designed.

3:16 PM  
Blogger Unknown said...

Before anything is cleaned, CCleaner always asks you to make your OWN choices on what is to be deleted. CCleaner therefore does NOT DECIDE what is harmful (sorry Bill). It is YOUR OWN responsibility to carefully verify what to remove, among the items proposed in their list.

If you notice irrelevant files or registry entries (e.g. totally unrelated to a program being removed) you should report this to Piriform.

Those guys are extremely happy with user's feedback and they are very grateful for it (fast answers too). Bill has experienced bad luck but eventually admits that he had good contacts with Piriform people, just as I did as well.

Again, DO VERIFY what the program is suggesting to delete, even more if it is a very long list; which is most of the time correct, but that indicates that the program is taking way too much space on your disk.

As for suspicious false positives : I'm also very pleased with TotalVirus, which gives a full report just in seconds on suspicious files which you upload. This is a free analysis.

However at Avira Antivir (paid version)the "support" is slow to react to licensed users. A suspicious file submitted tree times, using program's Antivir upload feature, remains without any answer. Same thing with email. For a German company, this kind of "support" is disappointing.

2:07 PM  

Post a Comment

<< Home