Slashdot Mirror

← Back to Stories (view on slashdot.org)

AVG Virus Scanner Removes Critical Windows File

Posted by kdawson on from the it-just-acts-like-one dept.

secmartin writes "The popular virus scanner AVG released an update yesterday that caused their software to mark user32.dll as a virus. Since this is a rather critical file, AVG's suggestion to remove it caused problems for users around the world who are now advised to restore the file through the Windows Recovery Console. AVG just posted an update about this (FAQ item 1574) in the support section of their site. Their forums are full of complaints."

23 of 440 comments (clear)

  1. It's sad... by FF8Jake · · Score: 5, Insightful

    It seems like AVG has gone massively downhill lately.

    1. Re:It's sad... by WiglyWorm · · Score: 3, Insightful

      After having read this, I think I may switch back to Avast.

    2. Re:It's sad... by LSD-OBS · · Score: 2, Insightful

      You said it, brother. We stopped using it when they released v8.0

      They've completely lost the plot. Marketing-bullshit-driven crap, no doubt.

      --
      Today's weirdness is tomorrow's reason why. -- Hunter S. Thompson
    3. Re:It's sad... by Red+Pointy+Tail · · Score: 4, Insightful

      Yes, they used to be very good, but they have gone all terrible. First, they started hiding all evidence to their free version from their website (you have to know to go to free.grisoft.com otherwise there is no link from their main website, though it is back up now), misleading licensing, then their version 8 started doing all sort of crap like hogging resources, scanning every weblink and generating massive amount of web traffic (though it can be turned off), and having bugs every week like marking legitimate files as infected and irritatingly requiring a computer restart every time you turn it on (requires a reinstall to fix it).

      They have gone all shite, and I'm massively put off by them now, and I will recommend anyone against buying or using their stuff. They are just plain sloppy now, and frankly you don't want your first or second line of defence to be sloppy.

      After our current license term expires, my company will be switching away to another vendor.

    4. Re:It's sad... by Anonymous Coward · · Score: 2, Insightful

      Don't confuse the fact that your OS of choice for this discussion has a statistically irrelevant percentage of the market share therefor no one bothers to write attacks against it with some sort of special power that prevents it from being infected.

      Your an idiot for thinking that not having admin privs makes you immune from virus issues. It make make your system safe, but you can still become part of a botnet, your files can still be destroyed, and performance can still be effected, it just may not bother others on your OS of choice. Its entirely possible for an OS running off a live cd can be exploited and be used as part of a botnet or to spread a virus for instance. Likewise, root services aren't required. All you need is some way to get some code of your own started. Everything else is mitigation. Antivirus, firewalls, anti-spyware, IDS system, all of them are ways to mitigate a problem that can't be solved. No more than there is a common cure to every thing that makes living beings sick and die.

      OSS doesn't solve the problem, and your ignorant for thinking that the two are in any way related. Perhaps making it so security holes are plugged faster may help, but it also makes it easier for 'the bad guys' to find exploits, please stop being a fanboy and learn about how it works rather than spew this sort of ignorance, kthx

      This would be a beautiful theory if it weren't for the inconvenient truth. The simple fact is that all viruses, malware, spyware and botnet zombie code runs on Windows machines.

      If anyone running a Linux system simply adopts a self-imposed policy of "I will only install software from the repositories using the package management system" ... then their system is guaranteed to never get malware.

      This has nothing to do with obscurity of Linux systems. It has only to do with four things:
      (1) Installing Linux software using the package manager requires the local system administration password to be manually entered.
      (2) All software in the repositories is "visible" to the developers who put it there, and they use that software themselves (so they are not going to infect their own systems by deliberately putting malware into code they are themselves using).
      (3) All software in the repositories is auditable by the 1.5 million + open source programmers of the world, and
      (4) Software transferred via the repositories is digitally signed.

      The performance effectiveness of this software distribution system can be gauged by the fact that (AFAIK) there has never been a recorded case of a Linux system getting a malware infection via the repositories/package management in the entire time that this system has been in common use.

      As for your assertion that "Its entirely possible for an OS running off a live cd can be exploited and be used as part of a botnet or to spread a virus for instance" ... I'd like you to give a "for instance". Remember that you can't write to a CD. Remember also that there are no Windows liveCDs, and all the zombie machines that are part of botnets are Windows machines.

  2. Re:doh by ShadowBlasko · · Score: 5, Insightful

    you get what you pay for?

    So, those of us who have paid for (what used to be called) the SoHo version, or any of the other versions should just grin and bare it? I dont think so. I'm pissed. It's not all freeware

    --
    There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order- Ed Howdershelt Via Tass
  3. downhill since 7.5 by Anonymous Coward · · Score: 1, Insightful

    IMO it has definitely gone down hill since 7.5; remember being able to run in CLI?
    I had (at one time, when I was a break/fix tech) everything set to run silent install, clean everything and spit out a log thereafter... but since 8 came out, that's only for pro! ... nice AVG, enjoy your declining market share in the "crap av" category.

  4. Re:doh by McNally · · Score: 5, Insightful

    you get what you pay for?

    It'd be nice to think that that was true, but based on the number of totally f'ed up McAfee and Norton situations I've seen, it's not even close to safe to conclude that for-pay anti-virus products are reliably more trouble-free than ones that don't cost money for home use.

  5. Re:I haven't been hit yet... by couchslug · · Score: 3, Insightful

    "Do not recommend Linux for it's "not there yet." I will give KDE a few more years."

    It would appear that certain free AV software is also "not there yet". :)

    --
    "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
  6. Please insert the Windows XP installation CD .... by whoever57 · · Score: 3, Insightful

    That's going to be fun for the millions of PC users who did not get a Windows CD with their PC and did not bother to burn a re-install CD.

    --
    The real "Libtards" are the Libertarians!
  7. Re:Arrr! by mhall119 · · Score: 2, Insightful

    Right, because Pirates are known for proper spelling and pronunciation. Can you see a pirate trying to pronoun viruses? I didn't think so.

    --
    http://www.mhall119.com
  8. Re:doh by dunezone · · Score: 4, Insightful

    It deletes a single file that can be recovered painlessly. On the other hand Norton will install itself where it spawns god knows what else into the system. And the worst part is that even after you kill the damn program there is still shit left over controlling your system. Heck, they even make a special program just designed to uninstall it.

  9. What has changed at AVG? by Bazrr · · Score: 4, Insightful

    Over the last few years I have installed AVG Free on hundreds of my customers computers. On the whole it has been a good stable program. While I havent seen this current problem yet, this would be the third time this year that I know of where AVG have stuffed up and caused major problems. The last one was where they disabled Zonealarm and customers lost their connection to the Internet. For your average home user, it is beyond them to know why something goes wrong, it just does. AVG on the other hand seem to be slipping in the way they approach the care they should be taking when releasing updates. Be interesting to know if something has changed this year in their process of developing and releasing updates?

  10. Re:Well... by DigitAl56K · · Score: 5, Insightful

    Although this has a funny side, the impact of anti-virus software these days can be quite nasty. I'm personally an advocate of anti-virus software for the vast majority of people out there who are not specialists in computer security and really don't have much reason to keep track of all the latest exploits (technical or people-based). Good anti-virus software strikes an appropriate balance between a low impact on user experience and providing a reasonable level of protection.

    However, count yourself lucky if you don't end up on the wrong end of today's anti-virus products. Here we have a story about one product warning users about an essential file for their OS and warning them to remove it. I've seen similar problems with other legitimate software on my system and my vendor doesn't provide any clear way of submitting a file for analysis to have their defintions corrected unless I take action in the software to quarantine it first, which obviously, knowing the file is fine, I don't want to do.

    I also work at a company that distributes software to millions of people every month. It is rare that we can go more than a couple of months these days without some anti-virus package telling users that some component of our software or installers contains a virus, which is completely untrue. And when this happens there is no solution to the problem. I have spent hours on the phone trying to reach several different vendors on behalf of our users before trying to get them to fix their products. It's usually impossible to get through to anyone who can actually help. You can submit a file for analysis to have it verified as clean and hope that the vendor will correct their definitions. This can take 24-48 hours, meanwhile hundreds of thousands of your customers are being falsely informed that there is a virus in your product. And no matter your reputation people tend to lose trust when there is a big red box on their screen warning them about viruses.

    After dealing with this time and time again I've come to the conclusion that it's simply best to wait for end-users themselves to complain in enough volume to their AV vendors to have these problems corrected. Certainly I have never found any other solution that works faster. And still, the same vendor may falsely flag the same software just months later. You can't even QA against every anti-virus package out there, some packages update their definitions every three hours, so you can only ever know if you'll flag an AV detection at the instant of testing and even if you do know you're getting flagged you have the same problem - no way to resolve the issue with the vendor.

    Imagine the consequences to a person who kept falsely telling millions of people your product would infect their computers. It would surely be grounds for libel.

    Again, I believe that AV software can be both useful and valuable. But the AV industry itself is a menace and vendors are often unaccountable for their actions.

  11. Re:doh by Anonymous Coward · · Score: 3, Insightful

    :blink: Why is your anti-virus deleting files instead of quarantining them!?

  12. Re:doh by zippthorne · · Score: 2, Insightful

    Are you sure it's a subset and not a union? Which AV program did you run first?

    --
    Can you be Even More Awesome?!
  13. Re:doh by Anonymous Coward · · Score: 3, Insightful

    Norton has no relevance to this story. The discussion is not about Norton. Norton sucking does not make AVG suck less.

  14. Re:doh by GigaplexNZ · · Score: 4, Insightful

    Painlessly? It requires using Windows Recovery Console which necessitates having boot media available. My desktop can't boot off normal XP installation media due to a lack of AHCI drivers so I had to slipstream my own - I haven't figured out how to make a slipstream disk that still allows Recovery Console. My flatmates laptop doesn't have an optical drive and requires netbooting, which in turn requires a Windows Server nearby. If it causes someone like me problems, you can guarantee it will cause many non-technical users a great deal of grief.

  15. Re:Arrr! by Atario · · Score: 2, Insightful

    Not everything that looks vaguely latin should be pluralized with an i

    No, but it's fun.

    I suppose next you're going to object to "VAXen" and "boxen"?

    Get off my damn lawn.

    --
    "A great democracy must be progressive or it will soon cease to be a great democracy." --Theodore Roosevelt
  16. Re:Well... by Evanisincontrol · · Score: 2, Insightful

    Whoosh!

  17. Re:Well... by g-san · · Score: 4, Insightful

    Now, this is a product that can sometimes detect a virus but can't remove it, whatsoever.

    Ah yes... Windows. The only system where I can be logged in as the super user only to be told I can't delete a file. Access Denied. I always feel like Windows reserves the higher system privileges for people attacking your system, or malicious software already running on your system. /sigh

  18. Re:Well... by wiz_80 · · Score: 5, Insightful

    Windows assumes all users are idiots, including and especially Administrator.

    Whether this is an accurate or correct assumption is left as an exercise for the reader.

    Unix-style OSen, OTOH, are quite happy to let you shoot off your own foot, ankle, shin, knee, and indeed any body part you care to name, and supply an endless variety of interesting weapons and weaponizable tools to enable you to do so.

    --
    " There is a rational explanation for everything. There is also an irrational one. "
  19. Re:People work HARD not to change by erroneus · · Score: 2, Insightful

    You and people like you are precisely why the abusive monopolies exist. Your persistent drug-addiction-like dependence on gaming has placed all profiting parties so high on their thrones that they will continue to rule you and all the people like you. Put some principles before your pleasure once in a while and you might develop what some call "character."

    The game developers will not write to Linux or even Mac OS while they already have your short-n-curlies. They have no motivation to change while you remain staunchly loyal to their current model.