Forgot your password?
typodupeerror
Bug Windows IT

Avira Premium Anti-Virus Bug Disables Windows Machines 151

Posted by timothy
from the malware-writers-have-won dept.
New submitter Adesso writes "Anti-virus vendor Avira is having difficulty with an update of all their Premium customers. An update that has been downloaded over 70 million times is causing the 32-bit version of Windows to block almost all critical applications. Avira has responded promptly with an interim solution for this problem. In most cases this causes Windows to not boot properly."
This discussion has been archived. No new comments can be posted.

Avira Premium Anti-Virus Bug Disables Windows Machines

Comments Filter:
  • by NecroPuppy (222648) on Tuesday May 15, 2012 @10:52AM (#40005319) Homepage

    Couldn't we be using Avira at work?

    Then I could go home and play Diablo.

    • Not really. My coworker took this week off for D3. After it went live this morning he still cant get in as the game wont actually launch. Apparently others are having the same issue as well. Ahh Blizzard, I don't miss you in the slightest.
      • by Entropius (188861)

        but ... but ... but pirates!

        Seriously, wtf. D2 sold gajillions of copies and had working single player and LAN. You could be sitting out in the middle of the desert with a solar panel and a netbook and play with your friends.

        • Re: (Score:2, Interesting)

          by metalgamer84 (1916754)
          Yep, exactly why I refuse to purchase D3. If they release a patch down the line that doesn't require me to be online with their servers just to play single player, then I will buy it.
          • by Cito (1725214)

            There is already a pirated version that doesn't require you to be online :)

            I downloaded it off demonoid, and picked up the skidrow patch and can enjoy it offline.. never liked playing diablo online as it was just chain lightning spam and KEKEKEKE's all over the screen anyhow

            so demonoid single player is perfect

            • by Entropius (188861)

              Hm, I can't seem to get to skidrow's website. Are they slashdotted?

              This crack allows actual singleplayer, right? This is relevant to my interests since my ISP is so lossy (~20% packet loss) that I can only play SP.

              • by Anonymous Coward

                Hm, I can't seem to get to skidrow's website.

                ...facepalm

      • by danomac (1032160)

        I took the day off to play it too, I'm just getting ready to install it. I sure hope I don't have problems...

  • by cpu6502 (1960974) on Tuesday May 15, 2012 @10:54AM (#40005357)

    Still think this is good advice? Worse is when the vendor forces the update silently w/o informing the user. Then suddenly your PC is broke or browser and you don't know why.

    • Some people can't be bothered to install updates themselves and even if they could they don't know how to analyze and see if they need the update or not.

      For them automatic updates make the most sense. Of course if the company pushing out the updates isn't competent you probably shouldn't be using their products at all in the first place, manual or automatic updates.

      • by cpu6502 (1960974)

        That means I would stop using Microsoft and Apple (both have pushed updates that broke the computer). Then what would I do?

        • Ubuntu is the answer, especially if you're a desktop user and don't play games.

          • by cpu6502 (1960974)

            Ubuntu GNUlinux also has pushed updates that have broken things in the past, so no it isn't the answer.

            • Wait a minute... I'm not saying updates were flawless, but at least with Ubuntu I never got something updated without my consent. I mean, no automatic updates. The OS checks, tells you "here be updates" and you check the ones you want. I have configured Windows the same way as well, it never adds updates by itself.

          • Yeah... I can't even count the number of times an update for a Linux distro has broken things... I think I've had issues with almost every major linux update I've ever had. Usually wind up doing a clean install for a new major update. Though, I'm now using Debian for most of my linux instances.
        • by mcgrew (92797) *

          That means I would stop using Microsoft and Apple (both have pushed updates that broke the computer). Then what would I do?

          Well, I'd say Linux if I hadn't updated to 12.04 on Sunday and had Flash break.

    • by arth1 (260657)

      Then suddenly your PC is broke or browser and you don't know why.

      My PC is always broke; I won't let it have a wallet.
      But it has never become browser.

    • by TheLink (130905)
      I don't install antivirus software on my home Windows PC. And I know what I'm doing. At least more than the various antivirus vendors who have done similar screw ups every few years or so! If I need to check some stuff I check it with virustotal.

      I do install antivirus software on other people's computers. But you don't update stuff ASAP. Yes viruses are a risk, but so are mistakes by software vendors. And AV software makes your computer system slower- you pay for that all the time.

      FWIW I'm one of those that
  • by killfixx (148785) * on Tuesday May 15, 2012 @10:55AM (#40005365) Journal

    I guess that's one more to add to my list of AV products I recommend against.

    But hey, they'll give you a month free subscription for your troubles*.

    *Hyperbole, they'll most likely give users nothing.

    Cheers!

    • The big surprise for me is they have 70 million paying customers. I'm in the wrong business!

    • by danomac (1032160)

      I think if you blacklist every AV vendor for random f-ups you wouldn't have any left to buy from. I've had issues in the past with: Trend Micro, McAfee, Symantec, AVG (most recent - they decided to bundle 32-bit binaries for 64-bit machines and this causes all 64-bit machines to bluescreen), ESET (issues with our accounting systems) and probably others I've forgotten about. This is mixed personal and work experiences.

      So far I've had OK luck with MSE at home, but I'm sure at some point Microsoft will screw t

  • McAfee (Score:3, Insightful)

    by SJHillman (1966756) on Tuesday May 15, 2012 @10:58AM (#40005419)

    It seems Avira is taking a page out of McAfee's playbook.

  • by b0bby (201198) on Tuesday May 15, 2012 @11:00AM (#40005441) Homepage

    When AVG caused a boot failure several years ago I switched started switching everyone who asked to Microsoft Security Essentials; still seems to be the best free one. At work I'm happy with NOD32; I suppose that they could have a similar problem, but they've been really good so far.

    • Several years ago? MSE is that old?

      • by b0bby (201198)

        MSE came out in fall 2009, so not quite 3 years ago; IIRC the AVG issue was probably earlier that year and made me start looking around for the best replacement & MSE came out to generally good reviews. I find that MSE with an occasional Malwarebytes scan will keep most people's home machines pretty clear, even people with teenagers...

        • by danomac (1032160)

          Pretty sure that AVG issue is the one I mentioned in another post, where they mixed 32-bit binaries in the package for 64-bit installation. Pretty sure that happened in 2010, as we switched at work to ESET in early 2011 because the lack of AVG's QA.

        • by xelan (1191065)
          MSE isn't a bad product. From personal experience, I'd rate it higher than Symantec's Endpoint Solutions from a usability and end user standpoint.The only gripe I have with MSE is that its script blocking capabilities aren't as good as Avast's - my AV of choice. Every antivirus product seems to have had an issue like this from time to time. In this case, Avira, which normally does very well in testing, probably released an update too quickly and disabled machines resulted. Regrettable, but not all that unu
    • by asdf7890 (1518587)
      I'm currently running Avast as various testers found it to have the best detection rates of the common choices at the time (though it didn't have such a good repair rate IIRC). I've been telling people to use MSSE on low spec machines (like netbooks or just really old boxes) as it seems to test fairly well and last time I tried it (on a laptop that somehow got declared "Vista ready" despite only having 512Mb RAM) I found it to be noticeably less demanding on RAM and to have less detrimental effect on perfor
    • Except that MSE routeenly doesnt detect shit!

      I ran it for a year or so after it first came out. Then one day i had popups on a machine. MSE said it was clean, MSE in another machine said it was clean (with hard drive removed and put in other machine). Only aviria was able to find the virus.

      That said, aviria is godawful. The software itself shows popups forcing you to blacklist avnotify.exe with local group policies (yuk!) and they really push their premium version down your throats. Despite this, it does ha

      • by sunspot42 (455706)

        I just had my machine get totally infected last month by some Java-spread garbage. MSSE was useless. I tried several programs, and Avast did by far the best job at detecting and removing the infection. It's my new AV of choice.

        I also switched to Chrome and set it so that I have to click to run any Java or Flash crap. Hopefully that'll help prevent drive-by attacks in the future that exploit the gaping security holes in Java and Flash.

  • by Anonymous Coward

    Anti-virus programs cannot stop you from getting viruses. They can only react after the fact. Their updates are by necessity reactive: a virus appears, and it takes time to update definition files to detect it.

    And even once that happens, once ring0 is compromised on a box, it is not possible to trust that box again without a full OS reinstall. Anti-virus programs can attempt to clean things up, OK for casual web browsing, but not for anything you must trust. The only safe recovery is a reinstall.

    The only

    • I went to a Sophos event once (mostly because it was catered...), the only content I remember was one speaker who spent 10 minutes of his presentation time showing various screenshots of web sites and asking the audience whether they were phishing scams, or the real thing. Towards the end it was very difficult, and this was an audience of technical IT people.

      I also don't trust an OS once it has been compromised, and I agree that actually thinking/paying attention is vital to complete security. For me it i

      • by TheLink (130905)
        10 minutes of wasted time. People who know what they are doing don't decide whether sites are phishing scams or not by using screenshots, or by how they look.

        If a phisher does things "properly" the phish site should look EXACTLY like the real thing, and it should even have the same stupid check pictures/words that some sites like to have.

        You'd do stuff like check the certificates, including who they are signed by, and contacting the bank if you think their site has been pwned. Get some sort of document trai
    • by Opportunist (166417) on Tuesday May 15, 2012 @11:28AM (#40005753)

      Erh... no.

      Anti-virus programs cannot stop you from getting viruses. They can only react after the fact. Their updates are by necessity reactive: a virus appears, and it takes time to update definition files to detect it.

      First of all, there is very, very little "new" malware. Ok, there's lots, but very, very little thereof actually becomes a problem. There are only so many that actually become a worldwide problem. What happens is that big malware packages that actually constitute a problem come in thousands, if not millions, of variants. Often just differing in some minor points, like their C&C server, their encryption, their packaging... think of a biological virus that mutates just a little while having essentially the same payload. Modern AV toolkits come with very sophisticated heuristic algorithms that can to some extent find simple mutations easily, as you can easily see if you watch the various AV kit tests closely. To test it, they take a signature file from a few months ago and test how many of the more recent attacks they can identify. It's not perfect, but some come close to 95%. No, that is not perfect. But we're far from "can only identify after the fact".

      And even once that happens, once ring0 is compromised on a box, it is not possible to trust that box again without a full OS reinstall. Anti-virus programs can attempt to clean things up, OK for casual web browsing, but not for anything you must trust. The only safe recovery is a reinstall.

      There is always the option to boot your machine with a known-clean OS and run a scan, which is bundled with pretty much all AV toolkits worth their salt today. Usually the CD you get with your AV toolkit is a Linux boot disc with a fitting scanner, most of the time working in a way that you slip in the DVD, boot the machine, get updates for the signature and have it scan your machine. If you don't feel like buying a AV toolkit, some of those scanners are also available online or as part of computer magazines.

      The only way to practice safe computing is to *not run malicious software* in the first place. This is fortunately not difficult to do.

      This is unfortunately NOT possible to do. At least if running Windows. And only because Windows is the prime target, dear Mac/Linux fanboys, those systems are by no means any safer. Just less interesting as a target.

      You do NOT know whether the browser you use or any plugin it uses has any security holes. Adobe has recently been notorious for having security holes in its PDF reader and Flash Player for browsers. Now, you can of course avoid reading PDFs and watch Flash ... well, actually, often you can NOT. Many whitepapers only come in PDF format and more and more webpages are simply inaccessible without Flash. Now, of course you can run a few different browsers, each with different sets of plugins and whatnot... which still does not constitute perfect security.

      The human brain is the only perfect anti-virus utility in existence.

      You expect the average computer user to use it? I do not know what rays come out of computers, but it must be some kind of stupifying rays, they can turn people holding PhDs into bumbling fools. The alien mindbenders from Zak McKracken could not have come up with a better device.

      • Despite it being pretty old, Vundo is still alive and well, just in a slightly different variant every couple of months. I suspect it will become less common over time as people finally move to Windows 7 as most will be using the 64bit version, which Vundo can't really infect (it injects code into running system processes, which must be 32bit). Macs were targeted, and it seemed to be pretty effective (and profitable) host for malware.
      • by Hatta (162192)

        You do NOT know whether the browser you use or any plugin it uses has any security holes. Adobe has recently been notorious for having security holes in its PDF reader and Flash Player for browsers. Now, you can of course avoid reading PDFs and watch Flash ... well, actually, often you can NOT. Many whitepapers only come in PDF format and more and more webpages are simply inaccessible without Flash. Now, of course you can run a few different browsers, each with different sets of plugins and whatnot... which

        • To you, yes, maybe. To the average user, hardly.

          I'm also pretty sure the average mechanic dreads the mass of computer gizmos in today's cars that make tinkering with it near impossible, while the average standard guy certainly welcomes them because now he gets a pretty good idea what's wrong instead of that simple "failure" light going on... or that engine stopping without any good reason.

          The point is that you're an expert for the machine you're using. You're a minority, though. 99% or more of the people us

      • by Hatta (162192)

        I should have added this to my previous post. These measures are also much more effective than antivirus. For example, my boss has had several viruses on his computer in the past year. Not one of them was detected by the university mandated antivirus, or his own antivirus. They were all detected simply by noticing the computer was behaving strangely.

        On the other hand, I disabled the university antivirus, and simply use the precautions I mentioned earlier. I haven't had one noticable infection. I could

      • by a_claudiu (814111)

        And only because Windows is the prime target, dear Mac/Linux fanboys, those systems are by no means any safer. Just less interesting as a target

        I heard this quote/excuse same time ago but I still do not believe it. Most of the servers are running Linux and a server it's a bigger target than a home computer. For the moment being Linux is safer. The user space is more strictly enforced than a Windows machine. Looking historically Linux came from a server platform with strictly enforced security and move to a desktop/more user friendly distribution, and Windows started as a single user OS and goes to a more multi user platform. The legacy of both sys

        • There is a very simple reason for this: Servers are usually run by admins who not only know what they're doing but also part of a company that has some rules concerning software used. They can't simply download any crap from anywhere and install it, much like private users would. The main attack vectors simply don't apply to commercial servers:

          1. Manipulated webpages and browser bugs: Business servers are not used to browse the internet.
          2. Mislabeled software (malware disguised as some tool): Gets weeded ou

        • by Kalriath (849904)

          The user space is more strictly enforced than a Windows machine. Looking historically Linux came from a server platform with strictly enforced security and move to a desktop/more user friendly distribution, and Windows started as a single user OS and goes to a more multi user platform.

          Who cares? Malware these days doesn't need ring-0 access. It doesn't need kernel access. All it needs is the ability to watch keystrokes in userland, and to open outbound connections on port 25 (and maybe 80). Whether the user space is "more strictly enforced" is irrelevant.

  • How does the interim solution get implemented if the machine won't boot?

    In ye olden days, if you compiled a new linux kernel, deleted the old one, forgot to run lilo, it doesn't reboot, then the solution was to boot and run lilo, which was a task that separated the men from the boys, err it wasn't that difficult, maybe separated the 7 year olds from the 6 year olds or whatever. Anyway...

    Also a note to the editors, that link would have been a million times funnier if it pointed to a ubuntu.com live cdrom/dv

    • You might try GateOne. It's much slicker than AjaxTerm. You need a HTML5 WebSockets capable browser, but it's actually responsive.
    • How does the interim solution get implemented if the machine won't boot?

      Magic, how else?

    • by mcgrew (92797) *

      How does the interim solution get implemented if the machine won't boot?

      External media. CD, USB, whatever is handy. That's another way Linux is ahead of Windows, you can usually fix an unbootable computer easily.

  • Though not nearly as bad. I trialled a small business product designed to make managing your AV/Firewall across multiple computers easy via a central web interface. It was all great in concept, except the default configuration for the individual install blocked itself from communicating with the central service. And while managing everything on the web interface was slick, attempting to fix the configuration on the installs without the benefit of that centralized web interface was a huge pain in the ass.
  • Too well.

  • by doctormetal (62102) on Tuesday May 15, 2012 @11:20AM (#40005667)

    This is a very effective security measure. If your system cannot boot it cannot get infected.

  • Just need to encase the PC in cement and bury it at sea, and then those evil hackers will never be able to get to it! ... of course, that's going to cost you extra....

  • by Brandano (1192819) on Tuesday May 15, 2012 @11:28AM (#40005745)
    I only use Windows to play games (the ones that can cause some issues under Wine), so it wasn't that big a deal. Anyway, I had avira blocking explorer.exe and cmd.exe from running. Luckily they still ran fine if I logged in as administrator, so I just added them to the list of exceptions, and seems to work properly now. At least good enough for my scope, which is playing games. No big loss, though, Skyrim works perfectly fine in Wine....
  • If you can't fix it, feature it.

    At least that is the mantra at my company.

  • by afidel (530433) on Tuesday May 15, 2012 @11:49AM (#40006033)
    How have the AV companies not come to realize that they need to have an automated testing lab where they apply the newest update to every variant of Windows and have the machine reboot and then run a test suite? Even basic QA should have caught this level of stupidity. In the six years we ran Trend the only problem we ever had was extreme slowness on our Notes servers, it turns out they didn't have a Notes server in their lab and none of their early adopter program participants were running Notes either. We talked to the head of QA and he assured us that they would add a Notes server to their test environment, that was QA done properly.
  • by ericloewe (2129490) on Tuesday May 15, 2012 @11:53AM (#40006073)

    My list of serious bugs in AV products:

    Panda (ancient versions) - failed to install correctly, impossible to uninstall. Two botched Windows XP installations.

    BitDefender (relatively recent) - very messed-up definition file marked ALL executables as infected, putting them in quarantine. I still have the feeling any malicious executables would not have been marked.

    Kaspersky 2012 - screws up Windows Home Server (v.1 and 2011) connector, has to be disabled for backups to work

    McAfee - Won't even protect anything if the license has expired. Still bloats up your computer, though.

    Norton - everything you've heard is true. It's impossible to uninstall, it's a resource hog, blocks stuff randomly...

    The one exception so far is MSE - considering the amount of malware the others have caught so far (less than 10 times, if you count tests as detections), how light it is and how it doesn't piss you off, it's my favorite.

    • I've had good results with ClamAV on a USB drive, together with spybot S&D, Hijack This, and portable Firefox, there ain't much that combination can't deal with.

    • by tokul (682258)

      The one exception so far is MSE

      There are two more exceptions. Microsoft Antivirus and snake oil. Both offer no real protection for your PC. Not sure MSE offers more. AV can't be lightweight without taking shortcuts in security checks.

      • MSE does take shortcuts (though newer versions are better at actually protecting your computer).

        However, personal experience just tells me that the bloated laternatives don't help much anyway.

  • by lwriemen (763666)

    An anti-virus software that gets to the root of the problem! :-)

  • by denmarkw00t (892627) on Tuesday May 15, 2012 @12:15PM (#40006329) Homepage Journal

    Does anyone have a quick writeup of what versions of Windows are affected? The...summary...declares "32-bit versions of Windows" - so, just 32-bit - is that everything? Does it stop at XP? What about some poor fool running Windows ME - how is s/he going to cope or does s/he even have to worry? Is it really just 32-bit Windows versions or will this affect a 64-bit Windows install running a 32-bit version of Avira? I really appreciate it when we get a summary with no actual article on it, just links to Avira's forums and website.

  • ....decided the only winners in the game don't play.
  • Does the Lite editing cause your machine burst into flames and burn down half your house after posting compromising photos to Facebook?

  • by Anonymous Coward

    . . . antivirus software that keeps the Windows virus from spreading!

  • by nuckfuts (690967) on Wednesday May 16, 2012 @01:53AM (#40013593)

    that recently had Avira anti-virus identify itself as malware:

    http://www.theregister.co.uk/2011/10/26/avira_auto_immune_false_positive/ [theregister.co.uk]

It is impossible to travel faster than light, and certainly not desirable, as one's hat keeps blowing off. -- Woody Allen

Working...