Author Topic: CCleaner Cripples Application Load Times  (Read 110805 times)

0 Members and 1 Guest are viewing this topic.

darth.mikey

  • Guest
Re: CCleaner Cripples Application Load Times
« Reply #135 on: October 17, 2005, 12:42:24 AM »
I used the word "argument" as a reason given to disprove something or what some people say.  Not as a quarrel.

Oh i see, no harm done...  ;)

This is a matter of point of views but I understand it as "fewer folders mean fewer hiding places."  In fact, I separate storage partitions from app one and am trying to keep the app one as small as possible.

I don't get your logic Umath sorry...I don't see how having less folders means less infections(if that is what you're trying to say)  ???
If that is what you believe let me assure you that you're not even a tiny bit safer having less folders...  ;)


Cheers

Mikey




Mastertech

  • Guest
Re: CCleaner Cripples Application Load Times
« Reply #136 on: October 17, 2005, 02:50:10 AM »
Yes the security issue is a Myth. A virus or malware can put itself in any folder and there is nothing special about removing one from the prefetch folder. Places like system restore are much more of a concern.

Privacy is a non issue. Prefetching does nothing more then show programs that are installed on your computer anyway. Looking in Add/Remove is more effective then looking in the prefetch folder.

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: CCleaner Cripples Application Load Times
« Reply #137 on: October 17, 2005, 10:19:49 AM »
The postings I quoted before seem to suggest that malware may be abusing the Prefetch process in order to hide itself.

This may be true, it may not.

I'm going to err on the side of caution and nuke the Prefetch folder with CleanUp! the next time I encounter an infected computer, especially as any performance issue is a)minor and b)shortlived as Windows rebuilds the folder.

Otherwise I'm quite happy to let prefetch do its thing if malware is not present, and to leave the CCleaner prefetch box unchecked.
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Mastertech

  • Guest
Re: CCleaner Cripples Application Load Times
« Reply #138 on: October 17, 2005, 01:41:05 PM »
But that doesn't make any sense. If Malware wants to hide itself it will use techniques like alternate data streams ect... Nothing about prefetching has anything to do with hiding files. People are confusing a prefetch file created for the malware executable as malware. Simply impossible. By all means delete any executables found in the prefetch folder that are identified as malware but cleaning the whole folder is a waste of time. I clean malware daily and have dealt with some very bad infections none of which has anything to do with prefetching. This is simply paranoia being spread because the associated prefetch file has the same name as the malware it was prefetching. I see alot of posts in forums where people jump to all sorts of crazy conclusions.
« Last Edit: October 17, 2005, 01:49:52 PM by Mastertech »

Umath

  • Guest
Re: CCleaner Cripples Application Load Times
« Reply #139 on: October 17, 2005, 05:46:51 PM »
This is a matter of point of views but I understand it as "fewer folders mean fewer hiding places."  In fact, I separate storage partitions from app one and am trying to keep the app one as small as possible.

I don't get your logic Umath sorry...I don't see how having less folders means less infections(if that is what you're trying to say)  ???
If that is what you believe let me assure you that you're not even a tiny bit safer having less folders...  ;)

I thought "less" was used for uncountable nouns.   I meant less hiding places (for virus and malware).

Yes the security issue is a Myth. A virus or malware can put itself in any folder and there is nothing special about removing one from the prefetch folder. Places like system restore are much more of a concern.

Of course, most favourite places for malware seem to be temp folders and system restore.  However, prefetch folder has common things with malware's favourite hiding places: it is a system folder, which is not unnatural to be there.  The files inside the folder can be changed often although they shouldn't vary unlike in the other folders.  I agree that the other folders are more of the concern but it doesn't mean prefetch folder is totally safe, I think.

Privacy is a non issue. Prefetching does nothing more then show programs that are installed on your computer anyway. Looking in Add/Remove is more effective then looking in the prefetch folder.

I have a lot of manually installed apps, which are not on Add/Remove.

As I wrote, they are not big issues, though.  I just tried to explain what I thought.

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: CCleaner Cripples Application Load Times
« Reply #140 on: October 17, 2005, 06:45:51 PM »
Quote
Nothing about prefetching has anything to do with hiding files.

While stories like this appear, I think I'll remain paranoid:

Quote
Prior to deleting the prefetch folder the file did not appear in a search of the system32 folder.

Quote
it seems that the prefetch folder can actually load things even if they aren't being called anywhere

(See my previous posting for full links.)

I appreciate now that .pf files in Prefetch have the same name as the .exe file, e.g. MSBLAST.EXE-39813b24.pf, but it worries me that Sophos detected this file as a virus file: surely an AV works on content not just name?

Although I've seen no hard evidence that there is a risk from Prefetch other than malware files simply being in the folder, that alone seems to be a good enough reason to delete it along with all the temp and cache folders. Who's going to notice a slight slowdown in performance because prefetch is being rebuilt over the huge improvement in a crippled computer when malware is removed?

And the stories above do worry me.

Is it possible to say categorically that prefetch folder can't actually load things even if they aren't being called anywhere, and that the Prefetch file can't hide a file in the system folder?







     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Mastertech

  • Guest
Re: CCleaner Cripples Application Load Times
« Reply #141 on: October 17, 2005, 07:18:21 PM »
Quote
Of course, most favourite places for malware seem to be temp folders and system restore.  However, prefetch folder has common things with malware's favourite hiding places: it is a system folder, which is not unnatural to be there.  The files inside the folder can be changed often although they shouldn't vary unlike in the other folders.  I agree that the other folders are more of the concern but it doesn't mean prefetch folder is totally safe, I think.
The Prefetch folder is no different then any other folder. It is not hidden ect... So there is no special reason for anything to be put in there. Like any other folder a virus can install itself there, however it has nothing to do with the .pf files.

Quote
I have a lot of manually installed apps, which are not on Add/Remove.

As I wrote, they are not big issues, though.  I just tried to explain what I thought.
I guess but the performance hit is not worth it IMO.

Quote
worries me that Sophos detected this file as a virus file: surely an AV works on content not just name
It is a false positive. Every nonstealth virus running in XP will have a prefetch file created for it. I could find no evidence from any antivirus company that remotely talks about .pf files. I found three separate malware items that can put executables in the prefetch folder. These have nothing to do with the prefetch files. Which is why cleaning the folder is not a solution to anything.

Quote
And the stories above do worry me.
When you hear an antivirus company or reputable antispyware company seriously talking about it, I would be concerned. Prefetching has been around since 2001 when XP was released and you see no reputable company talking about cleaning the prefetch folder as any sort of antimalware solution. Simply because it makes not sense. People are getting scared because of the prefetch file name, nothing more.

I mean if the evidence doesn't put your mind at ease, delete the malware associated .pf file. If the malware is cleaned it is not needed anyway. heh.
« Last Edit: October 17, 2005, 07:20:24 PM by Mastertech »