Agreed. There's no place safer than the bank the day after the robbery.
In other words, I am still going to use CCleaner and other Piriform products. I just hope they find the culprit (was it an inside job? or, where did the malware come from?) so they can stop it for good.
But, more in general, the CCleaner malware incident makes me wonder: how can I keep my Windows PC safe in a world where even software houses are compromised? It's not the first time and it won't be last.
So far, my anti-malware approach has included the following:
1. only download from developer/trusted sites,
2. always multi-scan new software before install, no matter how "trusted" the developer,
3. watch out for strange behaviors,
4. keep Windows and other programs "happy" (updated against vulnerabilities),
5. run real-time AV, use a firewall, set UAC to the max, stay behind a router whenever possible,
6. disable scripting and stuff like Flash and Java unless on a case-by-case base,
7. keep 1-2 months' backup of everything on external disks,
8. store sensitive data on offline/encrypted drives,
9. disable Windows autoplay,
10. keep myself informed about ongoing threats.
I won't mention the obvious like not clicking any mail attachment, not downloading pirated software, avoiding shady web sites, not logging on to Windows using the administrative account unless strictly necessary.
Looks like all that was not enough, because:
A. I did not check updates, especially automatic updates,
and
B. even if I checked updates, in a case like Ccleaner's the malware went undetected for a month. The same could happen to any other software company.
So, where does all this leave us now?