Avira Premium Anti-Virus Bug Disables Windows Machines 151
New submitter Adesso writes "Anti-virus vendor Avira is having difficulty with an update of all their Premium customers. An update that has been downloaded over 70 million times is causing the 32-bit version of Windows to block almost all critical applications. Avira has responded promptly with an interim solution for this problem. In most cases this causes Windows to not boot properly."
Wow... McAfee 2.0... (Score:5, Insightful)
I guess that's one more to add to my list of AV products I recommend against.
But hey, they'll give you a month free subscription for your troubles*.
*Hyperbole, they'll most likely give users nothing.
Cheers!
McAfee (Score:3, Insightful)
It seems Avira is taking a page out of McAfee's playbook.
Re:people still use antivirus software? (Score:5, Insightful)
Erh... no.
Anti-virus programs cannot stop you from getting viruses. They can only react after the fact. Their updates are by necessity reactive: a virus appears, and it takes time to update definition files to detect it.
First of all, there is very, very little "new" malware. Ok, there's lots, but very, very little thereof actually becomes a problem. There are only so many that actually become a worldwide problem. What happens is that big malware packages that actually constitute a problem come in thousands, if not millions, of variants. Often just differing in some minor points, like their C&C server, their encryption, their packaging... think of a biological virus that mutates just a little while having essentially the same payload. Modern AV toolkits come with very sophisticated heuristic algorithms that can to some extent find simple mutations easily, as you can easily see if you watch the various AV kit tests closely. To test it, they take a signature file from a few months ago and test how many of the more recent attacks they can identify. It's not perfect, but some come close to 95%. No, that is not perfect. But we're far from "can only identify after the fact".
And even once that happens, once ring0 is compromised on a box, it is not possible to trust that box again without a full OS reinstall. Anti-virus programs can attempt to clean things up, OK for casual web browsing, but not for anything you must trust. The only safe recovery is a reinstall.
There is always the option to boot your machine with a known-clean OS and run a scan, which is bundled with pretty much all AV toolkits worth their salt today. Usually the CD you get with your AV toolkit is a Linux boot disc with a fitting scanner, most of the time working in a way that you slip in the DVD, boot the machine, get updates for the signature and have it scan your machine. If you don't feel like buying a AV toolkit, some of those scanners are also available online or as part of computer magazines.
The only way to practice safe computing is to *not run malicious software* in the first place. This is fortunately not difficult to do.
This is unfortunately NOT possible to do. At least if running Windows. And only because Windows is the prime target, dear Mac/Linux fanboys, those systems are by no means any safer. Just less interesting as a target.
You do NOT know whether the browser you use or any plugin it uses has any security holes. Adobe has recently been notorious for having security holes in its PDF reader and Flash Player for browsers. Now, you can of course avoid reading PDFs and watch Flash ... well, actually, often you can NOT. Many whitepapers only come in PDF format and more and more webpages are simply inaccessible without Flash. Now, of course you can run a few different browsers, each with different sets of plugins and whatnot... which still does not constitute perfect security.
The human brain is the only perfect anti-virus utility in existence.
You expect the average computer user to use it? I do not know what rays come out of computers, but it must be some kind of stupifying rays, they can turn people holding PhDs into bumbling fools. The alien mindbenders from Zak McKracken could not have come up with a better device.
Re:For crying out loud (Score:4, Insightful)
Nobody has ever produced a single email or a distruntled employee rating out or any other kind of actual hard evidence that any company is paying for comments on slashdot of all places - a mostly irrelevant website in the larger tech world. Although, depending on your level of personal narcisism you might have an overinflated sense of importance of the things that in reality nobody is paying attention to.
THIS. Does anybody out there really think corporations are going to spend real money paying people to argue with anonymous idiots on a site that 99.9% of the population doesn't even know exists? Someone please explain how Slashdot has any sort of "sway" in the consumer electronics industry.