Slashdot Mirror
AVG Virus Scanner Removes Critical Windows File
secmartin writes "The popular virus scanner AVG released an update yesterday that caused their software to mark user32.dll as a virus. Since this is a rather critical file, AVG's suggestion to remove it caused problems for users around the world who are now advised to restore the file through the Windows Recovery Console. AVG just posted an update about this (FAQ item 1574) in the support section of their site. Their forums are full of complaints."
Damn. This is what I was hoping would never happen to AVG. After reading all the times that McAfee, Norton, and others had removed Office documents, Windows DLLs, and Office DLLs, I always had a smug chuckle available.
But now. Ah, well. Four years, 300 workstations, a dozen or more managed installations and still not a single infection or major problem for me using AVG.
This isn't too far from realistic.
I work for a firm that, through the power of politics, actually pays to use McAfee antivirus and related products. Now, this is a product that can sometimes detect a virus but can't remove it, whatsoever. Yet, it will produce an error message that prompts the end-user to "delete", "remove" or "ignore"... (something to this nature - it really doesn't matter since none of them work except "ignore").
Some of the technicians have resorted to using certain free applications to get rid of the viruses (virii?) when the end-users show up to the help desk, angry as all get. Recently, McAfee started preventing these various freeware packages from being installed - it simply detects them as viruses themselves!
You could say that McAfee is doing its job - it leaves the sales up to the politicians while it prevents the real software from doing the work.
What a hopeless, hopeless situation.
AVG failed to detect dozens of viruses and malware on my sister's computer that Avast cleared out. Avast isn't perfect, but they're both free, and it's my experience that Avast is more reliable than AVG. As always, YMMV.
Antivirus is one of those things that(at least until actual heuristic scanning that seriously works comes out) leans heavily on having a whole bunch of security guys and worker drones hammering out signature updates all day every day. That isn't something that falls under "The Open Source is strong with this one".
Hmmm, not sure I agree. I have always thought that the open source community could do a great job with antivirus.
The key is to get a large community of people who, when they discover a new virus, contribute their knowledge back to the open source project. And I think this is actually working with ClamAV.
I know that I have submitted my share of viruses... when I get an email offering me a cool new screen saver, and the file is called "screensave.scr.exe", I scan it with ClamAV. If ClamAV doesn't spot anything wrong, I'll submit that file to the ClamAV project.
Usually I submit the file at VirusTotal first, and attach the report to my submission.
ClamAV gets signatures very quickly for new viruses as they appear. The whole signature-based game is a continual game of catchup, though. I agree that heuristic-based scanning would be preferable, but that seems like a hard problem.
steveha
lf(1): it's like ls(1) but sorts filenames by extension, tersely
I administer a network of a about 200 windows systems, and we use almost exclusively AVG Free. Oy vey, am I gonna have a long day on Wednesday, maybe I should just unplug the phone now.
i thought the AVG free license was for personal non-commercial use.
AVG recently detected the OpenOffice 3.0 installer as a trojan.
It also did the same with keyfinder, a program that discovers the serial for Windows XP after it's been installed. (How I miss the days of just looking in the registry...) I have a lot of customers who lose their serials (and sometimes even their CDs), and I get a bit annoyed when it gets erased off of my flash drive every time I plug in it.
Thankfully I can restore it back to its original location, but it's a hassle.
Random Thoughts From A Diseased Mind (Not For Dummies)