There are some applications you have to install on every PC. Maybe a retail worker told you about one years ago, or maybe you finally found an app after digging for one for hours. Some PC apps are installed on millions — and sometimes even billions — of PCs even if they shouldn’t be.
Over the past several years, some apps have become redundant with features available within Windows, while others have been sold and leveraged by larger companies for some shady business practices. Some could even put your PC at risk. Here are four apps that you’re still using on your PC, even if you shouldn’t be, as well as some alternatives to consider.
CCleaner
If there’s one app I see almost universally on PCs, it’s CCleaner. The utility claims to have 5 million installs per week and clean more than 35 million gigabytes of disk space each month. At this point, however, installing CCleaner on your PC is more risky than the software is worth.
The utility has been hit by not one, not two, but three major data breaches in the last five years, the most recent of which was in October 2023. These breaches compromised millions of users’ data and allowed hackers to leave compromised installations of CCleaner installed on users’ systems. The breaches came after CCleaner was sold to Avast — the antivirus company — in 2017, and the utility starting actively tracking user data, even when the tracking was turned off.
Data breaches aren’t surprising for software that has been installed on billions of PCs. The problem is that CCleaner doesn’t do a whole lot. You can manage your own browser data through, well, your browser, and cleaning your registry isn’t something that needs to be done. In fact, Microsoft has been warning against registry cleaners like CCleaner for close to a decade. As some security experts put it: “Registry cleaners don’t fix problems. They invent them.”
CCleaner doesn’t have much of a use in a modern PC. Cleaning your registry can cause problems, and clearing out junk files is just as easy to do in your browser. Given the tumultuous few years CCleaner has had, it’s best leaving it uninstalled.
Avast/Norton/AVG
I’m rounding up three of the biggest names in antivirus here because they’re all part of the same company now. These supposed antivirus tools were essentially spyware, and you don’t need to take my word for it. In February of this year, the Federal Trade Commission fined Avast $16.5 million for collecting and selling user data while posing as security utilities.
The story here starts in 2019 when Google removed browser extensions for Avast and AVG. These extensions would not only track which sites you were visiting but also specific behaviors in your browser. As the developer of the popular Adblock Plus extension put it: “Tracking tab and window identifiers as well as your actions allows Avast to create a nearly precise reconstruction of your browsing behavior.”
Just a year later, a joint investigation by Motherboard and PCMag found this type of data collection was happening in the antivirus program itself, too. The company Avast sold this data to, Jumpshot, claimed to have data on more than 100 million devices. This data included your web searches, GPS coordinates, browsing data, and much more. It was anonymized, but the FTC ruling makes it clear that Avast users weren’t aware of the data collection that was happening behind the scenes.
Avast ended its relationship with Jumpshot after the report was published. The point remains that the company was caught collecting user data, punished, and then continued to do it anyway through its software. I don’t want software from a company with those kind of business practices installed on my PC.
Don’t fret that your PC will be open to viruses and malware without one of these tools. Windows Defender, which is built into your PC, is one of the more effective antivirus tools you can use. Defender, along with some commonsense browsing practices, can keep your PC safe on their own.
LastPass
LastPass is one of the more popular password managers around, and it’s easy to see why. It’s free, and not the half-hearted kind of free you see with a lot of apps. You can store unlimited passwords, access autofill, and even share passwords with others, all without paying a dime. You might want to spend a little money for a different password manager, though.
In August 2022, LastPass revealed that it suffered a data breach. It’s not ideal, but these things happen. What’s important is how a company responds to a data breach, and LastPass had a lot of issues on that front. At the time, LastPass said that the breached didn’t involve “any access to customer data or encrypted password vaults,” which is a story that slowly unraveled in the months that followed.
A second breach, using data stolen in the first, happened a few months later. This time around, it was “elements of our customers’ information” that was stolen. A month later, it was revealed that LastPass wasn’t telling the full truth. In the breach, customer data including email addresses, phone numbers, IP addresses, billing information, and encryption keys were stolen.
One security researcher said that LastPass’ statements on the matter were “full of omission, half-truths, and outright lies,” while rival 1Password took a shot at LastPass that hackers could crack a master password with $100 and a bit of time. The situation became even worse when it was discovered that LastPass was intentionally hiding its support pages on the breach from search engines.
With the treasure trove of sensitive data you store with a password manager, transparency is key. LastPass didn’t live up to that standard with its data breach, continually downplaying the incident over the course of a few months while new details started to emerge.
For my part, I use 1Password instead. Both 1Password and LastPass use a “zero knowledge” security architecture, meaning they don’t actually know what your master password is, but 1Password uses a special security key. This is a key generated on your device, and you need it alongside your master password in order to set up the service on a new device. It’s a bit like two-factor authentication, meaning even if 1Password suffered a security breach, there would be no way for an attacker to access your account.
WinRAR
Don’t worry — I’m not going to talk about the nefarious things our beloved WinRAR has been doing under your nose for the past few decades. Unlike the previous apps, WinRAR hasn’t been caught up in data breaches, shady business practices, or FTC lawsuits. The reason you don’t need WinRAR is much simpler: In 2024, it’s just not needed.
Windows 11 now supports common file compression types, including .zip, .rar, and .7z file extensions. You can compress and decompress these folders within Windows 11 without the need for a third-party app. The only exceptions are password-protected archives — you’ll still need a program like WinRAR for those archives.
Furthermore, downloading it could open you up to some vulnerabilities since WinRAR suffers from being a big target for attackers. Hackers will commonly distribute fake versions of these apps, hoping to scam unsuspecting downloaders through search results, and vulnerabilities pop up that hackers exploit commonly. A swift update always fixes these issues, but there’s no reason to play whack-a-mole with security vulnerabilities when the functionality is already built into Windows.