AVG Virus Scanner Removes Critical Windows File 440
secmartin writes "The popular virus scanner AVG released an update yesterday that caused their software to mark user32.dll as a virus. Since this is a rather critical file, AVG's suggestion to remove it caused problems for users around the world who are now advised to restore the file through the Windows Recovery Console. AVG just posted an update about this (FAQ item 1574) in the support section of their site. Their forums are full of complaints."
doh (Score:2, Interesting)
Setting itself apart from other software (Score:5, Interesting)
Damn. This is what I was hoping would never happen to AVG. After reading all the times that McAfee, Norton, and others had removed Office documents, Windows DLLs, and Office DLLs, I always had a smug chuckle available.
But now. Ah, well. Four years, 300 workstations, a dozen or more managed installations and still not a single infection or major problem for me using AVG.
Re:Well... (Score:5, Interesting)
This isn't too far from realistic.
I work for a firm that, through the power of politics, actually pays to use McAfee antivirus and related products. Now, this is a product that can sometimes detect a virus but can't remove it, whatsoever. Yet, it will produce an error message that prompts the end-user to "delete", "remove" or "ignore"... (something to this nature - it really doesn't matter since none of them work except "ignore").
Some of the technicians have resorted to using certain free applications to get rid of the viruses (virii?) when the end-users show up to the help desk, angry as all get. Recently, McAfee started preventing these various freeware packages from being installed - it simply detects them as viruses themselves!
You could say that McAfee is doing its job - it leaves the sales up to the politicians while it prevents the real software from doing the work.
What a hopeless, hopeless situation.
Re:doh (Score:5, Interesting)
AVG failed to detect dozens of viruses and malware on my sister's computer that Avast cleared out. Avast isn't perfect, but they're both free, and it's my experience that Avast is more reliable than AVG. As always, YMMV.
Re:It's sad... (Score:5, Interesting)
Antivirus is one of those things that(at least until actual heuristic scanning that seriously works comes out) leans heavily on having a whole bunch of security guys and worker drones hammering out signature updates all day every day. That isn't something that falls under "The Open Source is strong with this one".
Hmmm, not sure I agree. I have always thought that the open source community could do a great job with antivirus.
The key is to get a large community of people who, when they discover a new virus, contribute their knowledge back to the open source project. And I think this is actually working with ClamAV [clamav.org].
I know that I have submitted my share of viruses... when I get an email offering me a cool new screen saver, and the file is called "screensave.scr.exe", I scan it with ClamAV. If ClamAV doesn't spot anything wrong, I'll submit that file to the ClamAV project.
Usually I submit the file at VirusTotal [virustotal.com] first, and attach the report to my submission.
ClamAV gets signatures very quickly for new viruses as they appear. The whole signature-based game is a continual game of catchup, though. I agree that heuristic-based scanning would be preferable, but that seems like a hard problem.
steveha
AVG was poison for Devs, now rest of world, too! (Score:3, Interesting)
OK, fine, most people won't have CMDOW.EXE on their system legitmately (ie they didn't put it there themselves) and so if they do have that file, something nefarious has happened at some stage. But for all devs that do use this file (and others like it), AVG is not a friend, not even in the slightest.
So, that leaves the non-devs, and there's enough of them around to build a business model based upon offering the program for free in order to get some paying customers. So, Sometimes, if building a PC for a complete noob and i wasn't going to have to maintain it afterwards, i would ignore my hatred of AVG and just install the latest free ed so at least the user would have a relatively trouble-free anti-virus solution.
Now, AVG has no doubt ruined many a noobs week because their computer doesn't work and they have no idea how to fix it. Great one AVG!
I now have a delete-on-sight-with-a-scorched-earth-attitude policy with regard to AVG (was previously only an ignore-at-all-costs-except-when-really-lazy policy). Can all members of the technical elite follow suit? Thanks.
Re:Sigh (Score:5, Interesting)
I administer a network of a about 200 windows systems, and we use almost exclusively AVG Free. Oy vey, am I gonna have a long day on Wednesday, maybe I should just unplug the phone now.
i thought the AVG free license was for personal non-commercial use.
Re:Well... (Score:3, Interesting)
Is it anywhere in the business any different?
When are you liable for what your software does? I can't really think of a single, even anecdotical, incident where a software company could have been held liable for whatever their product barfed. Databases that lose and leak information, software that miraculously fails at the most inappropriate of times, countless hours of productivity wasted because some piece of software didn't perform what it was meant to do.
What software company has ever been held liable for its crappy software?
False alarms are common. Much more common than AV vendors want to admit and heaps more common than the average person ever notices. I've had my time with an AV company. False positives were part of the daily routine. I'm by no means exaggerating. Finding an MS system file should be impossible due to whitelist tests, which are pretty much a standard for AV companies. But the danger remains that an update from MS collides with an update for the AV kit, which can result in what happened to AVG here.
If some AV company keeps identifying you as malware, get into contact with them and provide them with samples to whitelist. AV vendors are usually quite approachable when offered a way to avoid false detections without having to rework their scanner to something that doesn't just match patterns...
Re:Well... (Score:5, Interesting)
AVG recently detected the OpenOffice 3.0 installer as a trojan.
It also did the same with keyfinder, a program that discovers the serial for Windows XP after it's been installed. (How I miss the days of just looking in the registry...) I have a lot of customers who lose their serials (and sometimes even their CDs), and I get a bit annoyed when it gets erased off of my flash drive every time I plug in it.
Thankfully I can restore it back to its original location, but it's a hassle.
Re:Arrr! (Score:2, Interesting)
Use of "boxen" is actually really annoying to many people, including myself; and honestly, at least for me, when I see that it lowers my opinion of whoever wrote it. The impression it gives me is that the author is trying to sound cool to people who are computer geeks, but the kind of geek that mods their computer so it looks cool and runs the latest game quickly, not the kind that's actually interested in the inner workings of the system.
So that's my problem with it - I know other people say "boxen" as well, but it seems like the kind of thing that is most often used in the group described above. That this is a negative connotation for me I guess would imply that I'm an elitist of sorts, but that's not it; I'm just not into the same kind of thing. That's just not the kind of geek I am and I sometimes regret being found guilty by association with that group by people who don't know me well but can tell I'm a geek.
Of course, I'm also the kind of person who gets annoyed at most all improper grammar usage. The "Its/It's" problem so many people have is one of the worst.
On the other hand, I don't mind "virii" that much; I know it's incorrect but it's not so much of a stretch as "boxen". I agree, it's fun, when used in the right context. A story about popular anti-virus software running amok definitely counts as the right context.
Also, while I do use them quite frequently myself, I don't get too concerned about proper comma and semicolon usage, so please no comments about that if I've done something wrong in that regard :)
Re:Well... (Score:3, Interesting)
I used to recommend it to anyone who needed anti-virus for a home PC but now I recommend Avast and I'll be removing the last remaining AVG install on any of my PCs the next time it screws up in any way.
Re:Well... (Score:3, Interesting)
Re:It's sad... (Score:3, Interesting)
There is a fairly pervasive (and convincing) school of thought these days that argues against the use of anti-virus software entirely. The argument goes something like:
AV software is nowhere near infallible. Therefore running AV software gives you a false sense of security while slowing your computer down. You're better off taking more effective precautions such as only installing reputable software, and keeping it up to date.