AVG Virus Scanner Removes Critical Windows File

← Back to Stories (view on slashdot.org)

AVG Virus Scanner Removes Critical Windows File

Posted by kdawson on Monday November 10, 2008 @12:42PM from the it-just-acts-like-one dept.

secmartin writes "The popular virus scanner AVG released an update yesterday that caused their software to mark user32.dll as a virus. Since this is a rather critical file, AVG's suggestion to remove it caused problems for users around the world who are now advised to restore the file through the Windows Recovery Console. AVG just posted an update about this (FAQ item 1574) in the support section of their site. Their forums are full of complaints."

99 of 440 comments (clear)

Well... by jav1231 · 2008-11-10 12:42 · Score: 5, Funny

Just doing it's job!
1. Re:Well... by zappepcs · 2008-11-10 12:50 · Score: 4, Funny
  
  When I read it, I thought the title was "AVG Virus Scanner Removes Critical Windows Flaw" ...
  That would have been excellent sales technique. shame the reality is so very different.
  
  --
  Support NYCountryLawyer RIAA vs People
2. Re:Well... by Anonymous Coward · 2008-11-10 13:05 · Score: 5, Interesting
  
  This isn't too far from realistic.
  I work for a firm that, through the power of politics, actually pays to use McAfee antivirus and related products. Now, this is a product that can sometimes detect a virus but can't remove it, whatsoever. Yet, it will produce an error message that prompts the end-user to "delete", "remove" or "ignore"... (something to this nature - it really doesn't matter since none of them work except "ignore").
  Some of the technicians have resorted to using certain free applications to get rid of the viruses (virii?) when the end-users show up to the help desk, angry as all get. Recently, McAfee started preventing these various freeware packages from being installed - it simply detects them as viruses themselves!
  You could say that McAfee is doing its job - it leaves the sales up to the politicians while it prevents the real software from doing the work.
  What a hopeless, hopeless situation.
3. Re:Well... by Anonymous Coward · 2008-11-10 13:15 · Score: 5, Funny
  
  shame the reality is so very different.
  It is?
4. Re:Well... by BronsCon · 2008-11-10 13:41 · Score: 5, Funny
  
  It removes the biggest flaw of all: user.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
5. Re:Well... by steelfood · 2008-11-10 14:17 · Score: 5, Funny
  
  "AVG Virus Scanner Removes Critical Windows Flaw"
  There's a redundancy in there somewhere. I can't quite put my finger on it.
  
  --
  "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
6. Re:Well... by Trogre · 2008-11-10 14:35 · Score: 2, Funny
  
  When I read it on the /. front page, there was a Samsung ad covering part of it due to some rather poor CSS. As a result the headline read,
  "AVG Visus Scanner Removes Critical Windows".
  That is all.
  
  --
  "Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
7. Re:Well... by DigitAl56K · 2008-11-10 14:38 · Score: 5, Insightful
  
  Although this has a funny side, the impact of anti-virus software these days can be quite nasty. I'm personally an advocate of anti-virus software for the vast majority of people out there who are not specialists in computer security and really don't have much reason to keep track of all the latest exploits (technical or people-based). Good anti-virus software strikes an appropriate balance between a low impact on user experience and providing a reasonable level of protection.
  However, count yourself lucky if you don't end up on the wrong end of today's anti-virus products. Here we have a story about one product warning users about an essential file for their OS and warning them to remove it. I've seen similar problems with other legitimate software on my system and my vendor doesn't provide any clear way of submitting a file for analysis to have their defintions corrected unless I take action in the software to quarantine it first, which obviously, knowing the file is fine, I don't want to do.
  I also work at a company that distributes software to millions of people every month. It is rare that we can go more than a couple of months these days without some anti-virus package telling users that some component of our software or installers contains a virus, which is completely untrue. And when this happens there is no solution to the problem. I have spent hours on the phone trying to reach several different vendors on behalf of our users before trying to get them to fix their products. It's usually impossible to get through to anyone who can actually help. You can submit a file for analysis to have it verified as clean and hope that the vendor will correct their definitions. This can take 24-48 hours, meanwhile hundreds of thousands of your customers are being falsely informed that there is a virus in your product. And no matter your reputation people tend to lose trust when there is a big red box on their screen warning them about viruses.
  After dealing with this time and time again I've come to the conclusion that it's simply best to wait for end-users themselves to complain in enough volume to their AV vendors to have these problems corrected. Certainly I have never found any other solution that works faster. And still, the same vendor may falsely flag the same software just months later. You can't even QA against every anti-virus package out there, some packages update their definitions every three hours, so you can only ever know if you'll flag an AV detection at the instant of testing and even if you do know you're getting flagged you have the same problem - no way to resolve the issue with the vendor.
  Imagine the consequences to a person who kept falsely telling millions of people your product would infect their computers. It would surely be grounds for libel.
  Again, I believe that AV software can be both useful and valuable. But the AV industry itself is a menace and vendors are often unaccountable for their actions.
8. Re:Well... by ChameleonDave · 2008-11-10 14:52 · Score: 4, Informative
  
  viruses (virii?)
  No.
9. Re:Well... by Anonymous Coward · 2008-11-10 14:57 · Score: 5, Funny
  
  )get rid of the viruses (virii?)
  
  Viruses is the correct plural. Virii only makes you look like a pretentious fuckwit and is piss-poor Latin grammar.
  http://linuxmafia.com/~rick/faq/plural-of-virus.html
  Now write it out 100 times. If it's not done by sunrise, I'll cut your balls off.
10. Re:Well... by Hal_Porter · 2008-11-10 15:43 · Score: 2, Funny
  
  Virii is a good way to catch pendants though.
  
  --
  echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
11. Re:Well... by Opportunist · 2008-11-10 16:04 · Score: 2, Interesting
  
  Is it anywhere in the business any different?
  When are you liable for what your software does? I can't really think of a single, even anecdotical, incident where a software company could have been held liable for whatever their product barfed. Databases that lose and leak information, software that miraculously fails at the most inappropriate of times, countless hours of productivity wasted because some piece of software didn't perform what it was meant to do.
  What software company has ever been held liable for its crappy software?
  False alarms are common. Much more common than AV vendors want to admit and heaps more common than the average person ever notices. I've had my time with an AV company. False positives were part of the daily routine. I'm by no means exaggerating. Finding an MS system file should be impossible due to whitelist tests, which are pretty much a standard for AV companies. But the danger remains that an update from MS collides with an update for the AV kit, which can result in what happened to AVG here.
  If some AV company keeps identifying you as malware, get into contact with them and provide them with samples to whitelist. AV vendors are usually quite approachable when offered a way to avoid false detections without having to rework their scanner to something that doesn't just match patterns...
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
12. Re:Well... by Anonymous Coward · 2008-11-10 16:13 · Score: 2, Funny
  
  It removes the biggest flaw of all: user.
  No, unfortunately, the user won't be removed until the Skynet update is released.
13. Re:Well... by omeomi · 2008-11-10 16:50 · Score: 2, Funny
  
  pendants
  
  (pedants?)
  
  Sorry, I couldn't resist...
  
  --
  ZuluPad, the wiki notepad on crack
14. Re:Well... by GigaplexNZ · 2008-11-10 17:02 · Score: 4
  
  The CSS converts the "r" in Virus to an "s" as well as truncating the end of the sentence? That is some poor CSS.
15. Re:Well... by Ihmhi · 2008-11-10 17:10 · Score: 5, Interesting
  
  AVG recently detected the OpenOffice 3.0 installer as a trojan.
  It also did the same with keyfinder, a program that discovers the serial for Windows XP after it's been installed. (How I miss the days of just looking in the registry...) I have a lot of customers who lose their serials (and sometimes even their CDs), and I get a bit annoyed when it gets erased off of my flash drive every time I plug in it.
  Thankfully I can restore it back to its original location, but it's a hassle.
  
  --
  Random Thoughts From A Diseased Mind (Not For Dummies)
16. Re:Well... by syousef · 2008-11-10 17:36 · Score: 5, Funny
  
  Just doing it's job!
  At 16:42:34 AVG achieved sentience and decided that the user(32.dll) was the problem.
  
  --
  These posts express my own personal views, not those of my employer
17. Re:Well... by Opyros · 2008-11-10 17:36 · Score: 5, Informative
  
  Arguably, it should just be "viruses". Not all Latin words retain Latinate plurals in English (e.g. "circus/circuses"), and not all Latin words ending in -us had plurals ending in -i. See this excerpt from the alt.usage.english FAQ for more. </pedantry>
18. Re:Well... by UncleTogie · 2008-11-10 19:06 · Score: 4, Funny
  
  Virii is a good way to catch pendants though.
  So THAT'S where my +2 Amulet of Snarkiness went....!
  
  --
  Don't tell me to get a life. I'm a gamer; I have LOTS of lives!
19. Re:Well... by Evanisincontrol · 2008-11-10 19:34 · Score: 2, Insightful
  
  Whoosh!
20. Re:Well... by g-san · 2008-11-10 19:52 · Score: 4, Insightful
  
  Now, this is a product that can sometimes detect a virus but can't remove it, whatsoever.
  Ah yes... Windows. The only system where I can be logged in as the super user only to be told I can't delete a file. Access Denied. I always feel like Windows reserves the higher system privileges for people attacking your system, or malicious software already running on your system. /sigh
21. Re:Well... by wiz_80 · 2008-11-10 20:24 · Score: 5, Insightful
  
  Windows assumes all users are idiots, including and especially Administrator.
  Whether this is an accurate or correct assumption is left as an exercise for the reader.
  Unix-style OSen, OTOH, are quite happy to let you shoot off your own foot, ankle, shin, knee, and indeed any body part you care to name, and supply an endless variety of interesting weapons and weaponizable tools to enable you to do so.
  
  --
  " There is a rational explanation for everything. There is also an irrational one. "
22. Re:Well... by Pikoro · 2008-11-10 20:35 · Score: 4, Funny
  
  Pendii?
  
  --
  "Freedom in the USA is not the ability to do what you want. It is the ability to stop others from doing what THEY want"
23. Re:Well... by n3tcat · 2008-11-10 22:05 · Score: 2, Funny
  
  Did a deadline just pass me by again while I was wasting time on slashdot?
24. Re:Well... by jez9999 · 2008-11-10 22:21 · Score: 2, Informative
  
  No, pendi.
  
  --
  == Jez ==
  Do you miss Firefox? Try Pale Moon.
25. Re:Well... by Kris_J · 2008-11-10 23:12 · Score: 2, Interesting
  
  A couple of months ago AVG decided that Portable Thunderbird was a trojan. After an update, hey, no it's not.
  
  I used to recommend it to anyone who needed anti-virus for a home PC but now I recommend Avast and I'll be removing the last remaining AVG install on any of my PCs the next time it screws up in any way.
26. Re:Well... by Koiu+Lpoi · 2008-11-10 23:19 · Score: 2, Interesting
  
  Or Windows Explorer is caching thumbnails, or just decides it feels like not letting you delete the directory today. Or it's open by any application. Like a virus. It happens all the time. As for Unix, yeah, it will certainly let you try.
27. Re:Well... by Hooded+One · 2008-11-10 23:21 · Score: 4, Informative
  
  I doubt Unix would either.
  And you'd be wrong. It doesn't crash because deleting an open file in Unix only unlinks it from the filesystem tree, leaving the contents alone. Only when all programs release the file does the deletion complete.
28. Re:Well... by chrish · 2008-11-11 01:29 · Score: 4, Informative
  
  This is often (usually?) filesystem stupidity. Specifically, that in Windows (and DOS before it for that matter), an open file is considered sacrosanct. You can't delete it until everybody closes their file handles. Everybody, no exceptions.
  This is very bad when Windows helpfully caches things for you, like DLLs and EXEs, even after you've exitted the program. That's why you often have to reboot after installing something innocuous like Acrobat.
  UNIX filesystem semantics are superior here; it's the DOS legacy that keeps Windows from changing its behaviour.
  
  --
  - chrish
29. Re:Well... by Eunuchswear · 2008-11-11 01:30 · Score: 2, Informative
  
  Or because administrater doesn't have permission. Under windows it doesn't necessarily. It does have permission to change the permissions though.
  
  --
  Watch this Heartland Institute video
30. Re:Well... by Otter+Popinski · 2008-11-11 03:15 · Score: 2, Informative
  
  Viri already has a Latin meaning, it means 'men'. So, even if the old rule about pluralising Latin words ending with '-us' to '-i' was not obsolete (and it is), 'viri' would still be wrong.
  The correct word is 'viruses'.
  That's because "virus" in Latin is neuter, while "vir" is masculine. The Latin plural for "virus" is "vira" (in the nominative, anyway).
31. Re:Well... by Soruk · 2008-11-11 04:06 · Score: 2, Funny
  
  MULTICS.
  Of course.
  
  --
  -- Soruk
32. Re:Well... by The+MAZZTer · 2008-11-11 04:20 · Score: 2, Informative
  
  XP Explorer also likes to leak file handles every now and again, which has every so often prevented me from being able to delete something.
  Fortunately Sysinternals' Handles tool exists and is very useful and awesome.
33. Re:Well... by ChameleonDave · 2008-11-11 13:18 · Score: 2, Informative
  
  That's because "virus" in Latin is neuter, while "vir" is masculine. The Latin plural for "virus" is "vira" (in the nominative, anyway).
  Wrong. "Virus" in Latin had no plural. It was a mass noun meaning "poison", "foulness". One can guess at what the plural form would have been ("vira", "virus", "virua"...) but you cannot state it as a fact.
  In English, its plural is "viruses". In Latin, it had no plural. I actually don't mind "viri" too much. It's naive, but a reasonable mistake to make, given precedents such as "cacti". What annoys me is "virii", which is just idiotic.
  I wish I'd linked my first "No" to Wikipedia, to nip this thread in the bud.
doh by phaetonic · 2008-11-10 12:46 · Score: 2, Interesting

you get what you pay for?
1. Re:doh by ShadowBlasko · 2008-11-10 12:50 · Score: 5, Insightful
  
  you get what you pay for?
  So, those of us who have paid for (what used to be called) the SoHo version, or any of the other versions should just grin and bare it? I dont think so. I'm pissed. It's not all freeware
  
  --
  There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order- Ed Howdershelt Via Tass
2. Re:doh by McNally · 2008-11-10 12:54 · Score: 5, Insightful
  
  you get what you pay for?
  It'd be nice to think that that was true, but based on the number of totally f'ed up McAfee and Norton situations I've seen, it's not even close to safe to conclude that for-pay anti-virus products are reliably more trouble-free than ones that don't cost money for home use.
3. Re:doh by Anonymous Coward · 2008-11-10 12:56 · Score: 5, Funny
  
  Actually the free versions always get their updates later than the paid for versions, so it's the paying customers who were affected the most by this.
4. Re:doh by Daimanta · 2008-11-10 12:56 · Score: 2, Funny
  
  So not paying institutes messing up your pc?
  Then I know some people from the Cosa Nostra that I want you to meet...
  
  --
  Knowledge is power. Knowledge shared is power lost.
5. Re:doh by TornCityVenz · 2008-11-10 13:03 · Score: 4, Funny
  
  That's Why I moved to Linux....oh wait...nevermind.
  
  --
  I Need someone to rebuild a Digitech Digital Delay pedal for me....for me...for me...for me.
6. Re:doh by mrsteveman1 · 2008-11-10 13:13 · Score: 4, Funny
  
  Careful what you bare, you saw how quick it cut off that dll file :D
7. Re:doh by thetrick · 2008-11-10 13:14 · Score: 5, Informative
  
  McAfee had a similar issue:
  http://it.slashdot.org/it/06/03/13/1322215.shtml
8. Re:doh by IorDMUX · 2008-11-10 13:23 · Score: 4, Funny
  
  Why do people always decide to grin and bare it on Slashdot? I mean, couldn't they at least include a NSFW tag?
  
  It's just not Kosher, sometimes.
  
  --
  >> Standing on head makes smile of frown, but rest of face also upside down.
9. Re:doh by HeronBlademaster · 2008-11-10 13:33 · Score: 4, Interesting
  
  AVG failed to detect dozens of viruses and malware on my sister's computer that Avast cleared out. Avast isn't perfect, but they're both free, and it's my experience that Avast is more reliable than AVG. As always, YMMV.
10. Re:doh by dunezone · 2008-11-10 14:06 · Score: 4, Insightful
  
  It deletes a single file that can be recovered painlessly. On the other hand Norton will install itself where it spawns god knows what else into the system. And the worst part is that even after you kill the damn program there is still shit left over controlling your system. Heck, they even make a special program just designed to uninstall it.
11. Re:doh by kiddygrinder · 2008-11-10 14:09 · Score: 4, Funny
  
  I run AVG in wine. how else can i tell if i'm getting the viruses!
  
  --
  This is a joke. I am joking. Joke joke joke.
12. Re:doh by Machtyn · 2008-11-10 15:06 · Score: 4, Informative
  
  Interestingly, as a non-paying customer, I was affected by this bug. I now have three programs that I will not be able to uninstall. AVG detected their uninstaller file as a virus and deleted them.
  
  How many times will Grisoft pull this crap? First flooding teh intertubes now deleting my l33t filez.
  
  Some time ago I was recommending this and installing this program on all computers. Now, I'm just waiting for Comodo to get their act together and release an AV product I can trust.
13. Re:doh by Anonymous Coward · 2008-11-10 15:36 · Score: 3, Insightful
  
  :blink: Why is your anti-virus deleting files instead of quarantining them!?
14. Re:doh by zippthorne · 2008-11-10 15:58 · Score: 2, Insightful
  
  Are you sure it's a subset and not a union? Which AV program did you run first?
  
  --
  Can you be Even More Awesome?!
15. Re:doh by Anonymous Coward · 2008-11-10 16:18 · Score: 3, Insightful
  
  Norton has no relevance to this story. The discussion is not about Norton. Norton sucking does not make AVG suck less.
16. Re:doh by vux984 · 2008-11-10 16:43 · Score: 2, Informative
  
  I agree. As someone deals with viruses on an almost daily basis I suggest avast and spybot to detect (if not remove) viruses. These two don't catch them all, but they usually make the system usable enough to remove the rest (the pre-boot avast check is especially useful). Also from my own experience: beware kaspersky! While it is good at preventing infections, my experience with virus ridden systems is that it makes them unbootable. Various other anti-malware/virus tools are hit and miss, and while detection has improved in programs like mcafee, I have found they still require manual removal.
  Installing and performing multiple scans in multiple AV products takes longer than just reinstalling windows on MOST PCs. And reinstalling windows misses less and cleans out general windows rot too. If you're a large enough company that you have recovery images, it takes even less time.
  But it takes me maybe 3.5 hours to backup key data, then repartition, reformat, install XPSP3, drivers, configure the network identification, printers, and install Office, filemaker, citrix xenapp client, java runtime, flash, acrobat reader, firefox, our remote support software, configure email, and perform updates (including ie7), restore data, configure email, etc on one of our office PCs. On machines where we have a good restore image, we can wipe and image in an hour-ish, including data backup and restore.
  It easily takes 8+ hours to run an AVG scan, avast scan, spybot scans, and then manually troubleshoot and remove the stuff that's left, and takes a miniumum of 3-4 hours.
17. Re:doh by GigaplexNZ · 2008-11-10 17:11 · Score: 4, Insightful
  
  Painlessly? It requires using Windows Recovery Console which necessitates having boot media available. My desktop can't boot off normal XP installation media due to a lack of AHCI drivers so I had to slipstream my own - I haven't figured out how to make a slipstream disk that still allows Recovery Console. My flatmates laptop doesn't have an optical drive and requires netbooting, which in turn requires a Windows Server nearby. If it causes someone like me problems, you can guarantee it will cause many non-technical users a great deal of grief.
It's sad... by FF8Jake · 2008-11-10 12:47 · Score: 5, Insightful

It seems like AVG has gone massively downhill lately.
1. Re:It's sad... by WiglyWorm · 2008-11-10 12:50 · Score: 3, Insightful
  
  After having read this, I think I may switch back to Avast.
2. Re:It's sad... by Finallyjoined!!! · 2008-11-10 12:50 · Score: 3, Funny
  
  I must admit I don't recommend it anymore, however if it kills Windows systems it's just gone up in my estimation :-)
  
  --
  If I had an Ass, I'd call it Fanny Bottom, then I could slap my Ass; Fanny Bottom, on the Arse.
3. Re:It's sad... by LSD-OBS · 2008-11-10 12:52 · Score: 2, Insightful
  
  You said it, brother. We stopped using it when they released v8.0
  They've completely lost the plot. Marketing-bullshit-driven crap, no doubt.
  
  --
  Today's weirdness is tomorrow's reason why. -- Hunter S. Thompson
4. Re:It's sad... by fuzzyfuzzyfungus · 2008-11-10 13:07 · Score: 4, Informative
  
  I'm not sure that there would be. Antivirus is one of those things that(at least until actual heuristic scanning that seriously works comes out) leans heavily on having a whole bunch of security guys and worker drones hammering out signature updates all day every day. That isn't something that falls under "The Open Source is strong with this one". In particular, antivirus is basically a bandaid designed to let clueless users use critically flawed systems without understanding them. If OSS coders were more common on Windows, they would probably just read and write to any of the various guides for running Windows with minimal privileges, and ignore the problem.
5. Re:It's sad... by maxume · 2008-11-10 13:10 · Score: 5, Informative
  
  Go to the install directory and rename "avgresf.dll" and "afgmwdef_us.mht" (adding a .bak or whatever should work fine). I did this a few days ago and the notification bar is no more, with no apparent problems.
  Also, don't tell anyone, to prevent AVG from changing it.
  
  --
  Nerd rage is the funniest rage.
6. Re:It's sad... by mrsteveman1 · 2008-11-10 13:16 · Score: 5, Funny
  
  "nearly 80% of all websites kill a kitten when you visit with out a spyware blocker?"
  It's actually one of the HTTP status codes
  463 - NO_MORE_KITTEN
7. Re:It's sad... by Red+Pointy+Tail · 2008-11-10 13:23 · Score: 4, Insightful
  
  Yes, they used to be very good, but they have gone all terrible. First, they started hiding all evidence to their free version from their website (you have to know to go to free.grisoft.com otherwise there is no link from their main website, though it is back up now), misleading licensing, then their version 8 started doing all sort of crap like hogging resources, scanning every weblink and generating massive amount of web traffic (though it can be turned off), and having bugs every week like marking legitimate files as infected and irritatingly requiring a computer restart every time you turn it on (requires a reinstall to fix it).
  They have gone all shite, and I'm massively put off by them now, and I will recommend anyone against buying or using their stuff. They are just plain sloppy now, and frankly you don't want your first or second line of defence to be sloppy.
  After our current license term expires, my company will be switching away to another vendor.
8. Re:It's sad... by BronsCon · 2008-11-10 13:47 · Score: 3, Funny
  
  Thus we see the ultimate Open Source solution for anti virus is to remove the vectors which viruses cannot attack.
  So, Microsoft got it right?
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
9. Re:It's sad... by narcberry · 2008-11-10 13:57 · Score: 4, Funny
  
  Also, don't tell anyone, to prevent AVG from changing it.
  Especially not any popular websites.
  
  --
  Modding me -1 troll doesn't make me wrong.
10. Re:It's sad... by steveha · 2008-11-10 14:04 · Score: 4, Interesting
  
  Antivirus is one of those things that(at least until actual heuristic scanning that seriously works comes out) leans heavily on having a whole bunch of security guys and worker drones hammering out signature updates all day every day. That isn't something that falls under "The Open Source is strong with this one".
  Hmmm, not sure I agree. I have always thought that the open source community could do a great job with antivirus.
  The key is to get a large community of people who, when they discover a new virus, contribute their knowledge back to the open source project. And I think this is actually working with ClamAV.
  I know that I have submitted my share of viruses... when I get an email offering me a cool new screen saver, and the file is called "screensave.scr.exe", I scan it with ClamAV. If ClamAV doesn't spot anything wrong, I'll submit that file to the ClamAV project.
  Usually I submit the file at VirusTotal first, and attach the report to my submission.
  ClamAV gets signatures very quickly for new viruses as they appear. The whole signature-based game is a continual game of catchup, though. I agree that heuristic-based scanning would be preferable, but that seems like a hard problem.
  steveha
  
  --
  lf(1): it's like ls(1) but sorts filenames by extension, tersely
11. Re:It's sad... by e+r+i+k+0 · 2008-11-10 14:20 · Score: 5, Informative
  
  I'm thinking that's a server-side error, so it should actually be 563 No More Kitten if you're following RFC 2616 correctly.
12. Re:It's sad... by RobertM1968 · 2008-11-10 14:38 · Score: 3, Informative
  
  You do realize that any account that can execute arbitrary code can end up virus infected right?
  On any operating system?
  You do realize there is a major difference between an OS's ability to run a virus - and an OS's prevalence to being able to be infected through numerous, never-quite-patched-correctly holes, buffer over/underrun exploits, back doors, open sockets on a TCP/IP stack (that based on it's origin should have been decent) that has been horrendously mangled into a security threat?
  There is a big difference between the two. If all Operating Systems had equal market share, Windows would in all probability still have the lion's share of infections simply because there have been tons of flaws/holes in the OS to allow it to be easily infected.
  Yes, there are lists that show the numbers often being equal - in quantity... but a true in depth study of the list will show that many of the windows vulnerabilities turned out to be very very simple to exploit - so easy any script kiddie could do it... and that many of those vulnerabilities were never completely fixed and resurfaced utilizing a slightly different access vector.
  Add to that, every other OS out there has a better track record at fixing such holes - while Microsoft has often either (a) went out of their way to downplay the issues or (b) outright denied the issues until there was a big enough public outcry. That too adds to the number of infected machines on each platform (again, assuming each had equal market penetration) and once again would lead to Windows still being waaaaay at the top of the mountain.
  Of course, by your scenario, you seem to equate "people installing viruses on their own machine via the computer's I/O devices" or "allowing others to do it directly at the machine" the equivalent of a machine that is far easier to infect via external, networked methods. Sadly (for your argument) that is preposterous.
  
  --
  StarTrekPhase2 - The Five Year Mission Continues!
13. Re:It's sad... by Anonymous Coward · 2008-11-10 14:45 · Score: 2, Insightful
  
  Don't confuse the fact that your OS of choice for this discussion has a statistically irrelevant percentage of the market share therefor no one bothers to write attacks against it with some sort of special power that prevents it from being infected.
  Your an idiot for thinking that not having admin privs makes you immune from virus issues. It make make your system safe, but you can still become part of a botnet, your files can still be destroyed, and performance can still be effected, it just may not bother others on your OS of choice. Its entirely possible for an OS running off a live cd can be exploited and be used as part of a botnet or to spread a virus for instance. Likewise, root services aren't required. All you need is some way to get some code of your own started. Everything else is mitigation. Antivirus, firewalls, anti-spyware, IDS system, all of them are ways to mitigate a problem that can't be solved. No more than there is a common cure to every thing that makes living beings sick and die.
  OSS doesn't solve the problem, and your ignorant for thinking that the two are in any way related. Perhaps making it so security holes are plugged faster may help, but it also makes it easier for 'the bad guys' to find exploits, please stop being a fanboy and learn about how it works rather than spew this sort of ignorance, kthx
  
  This would be a beautiful theory if it weren't for the inconvenient truth. The simple fact is that all viruses, malware, spyware and botnet zombie code runs on Windows machines.
  If anyone running a Linux system simply adopts a self-imposed policy of "I will only install software from the repositories using the package management system" ... then their system is guaranteed to never get malware.
  This has nothing to do with obscurity of Linux systems. It has only to do with four things:
  (1) Installing Linux software using the package manager requires the local system administration password to be manually entered.
  (2) All software in the repositories is "visible" to the developers who put it there, and they use that software themselves (so they are not going to infect their own systems by deliberately putting malware into code they are themselves using).
  (3) All software in the repositories is auditable by the 1.5 million + open source programmers of the world, and
  (4) Software transferred via the repositories is digitally signed.
  The performance effectiveness of this software distribution system can be gauged by the fact that (AFAIK) there has never been a recorded case of a Linux system getting a malware infection via the repositories/package management in the entire time that this system has been in common use.
  As for your assertion that "Its entirely possible for an OS running off a live cd can be exploited and be used as part of a botnet or to spread a virus for instance" ... I'd like you to give a "for instance". Remember that you can't write to a CD. Remember also that there are no Windows liveCDs, and all the zombie machines that are part of botnets are Windows machines.
14. Re:It's sad... by raftpeople · 2008-11-10 14:54 · Score: 2
  
  That's why you should use an OS with capability based security so arbitrary code can't be executed.
15. Re:It's sad... by ChrisMP1 · 2008-11-10 16:41 · Score: 3, Funny
  
  How is that an error? Cats are fucking annoying.
  263 No More Kitten.
  
  --
  <sig> </sig>
16. Re:It's sad... by LSD-OBS · 2008-11-10 23:19 · Score: 2, Interesting
  
  There is a fairly pervasive (and convincing) school of thought these days that argues against the use of anti-virus software entirely. The argument goes something like:
  AV software is nowhere near infallible. Therefore running AV software gives you a false sense of security while slowing your computer down. You're better off taking more effective precautions such as only installing reputable software, and keeping it up to date.
  
  --
  Today's weirdness is tomorrow's reason why. -- Hunter S. Thompson
not what it seems by savuporo · 2008-11-10 12:50 · Score: 5, Funny

This is actually a patch that they tried to roll out to fix Ubuntu bug #1, a great stride forward too.

--
http://validator.w3.org/check?uri=http%3A%2F%2Fwww.slashdot.org Errors found while checking this document as HTML5!
1. Re:not what it seems by Anonymous Coward · 2008-11-10 13:05 · Score: 3, Funny
  
  Naw, the patch that was released was called Windows Vista.
Should have gone for the gold... by phmadore · 2008-11-10 12:51 · Score: 5, Funny

Should have gone for the gold, marked Explorer.exe and iExplore...
1. Re:Should have gone for the gold... by Anpheus · 2008-11-10 13:07 · Score: 5, Funny
  
  You haven't used Microsoft software in a while, have you?
2. Re:Should have gone for the gold... by negRo_slim · 2008-11-10 13:14 · Score: 2, Informative
  
  Oh my...
  
  --
  On the Oregon Cost born and raised, On the beach is where I spent most of my days
3. Re:Should have gone for the gold... by msuarezalvarez · 2008-11-10 13:20 · Score: 2, Funny
  
  The list time I installed an OS from MS, it had a CONFIG.SYS file... What do they use nowadays?
Setting itself apart from other software by LoadWB · 2008-11-10 12:55 · Score: 4, Interesting

Damn. This is what I was hoping would never happen to AVG. After reading all the times that McAfee, Norton, and others had removed Office documents, Windows DLLs, and Office DLLs, I always had a smug chuckle available.
But now. Ah, well. Four years, 300 workstations, a dozen or more managed installations and still not a single infection or major problem for me using AVG.
Re:I haven't been hit yet... by couchslug · 2008-11-10 13:00 · Score: 3, Insightful

"Do not recommend Linux for it's "not there yet." I will give KDE a few more years."
It would appear that certain free AV software is also "not there yet". :)

--
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
Please insert the Windows XP installation CD .... by whoever57 · 2008-11-10 13:01 · Score: 3, Insightful

That's going to be fun for the millions of PC users who did not get a Windows CD with their PC and did not bother to burn a re-install CD.

--
The real "Libtards" are the Libertarians!
It's done this before.. by Rob+from+RPI · 2008-11-10 13:05 · Score: 4, Funny

I've been using AVG at customers sites since version 6.. It has, over the years, deleted entire outlook pst's, repeatedly uninstalled VNC servers and radmin, and generally been grumpy for the slightest reason.
I am a sucker for punishment, because I still keep using it. It's just as good as the rest, it's half the price, and noticably faster than all the others I've tried.
I think that, however, the entire concept of antivirus is going to have to fail, and we'll need a whitelist, rather than a blacklist.
There has been quite a bit of discussion about this over the years, and it's going to come true.
Oh. And as an added bonus, Slashdot is screwing up my display. When I load the page, I get the comments page, and then it clears and I get a spammy IBM flash ad of some sort. Serves me right for not installing ABP after a reinstall.
--Rob

--
Schlock Mercenary.
Re:I haven't been hit yet... by Animaether · 2008-11-10 13:10 · Score: 4, Informative

If you haven't been hit yet, then you probably won't be either; your AVG quite likely already has the fixed definitions file.
If you -are- hit... guess what? it pops up a warning that it believes it found some sort of trojan in user32.dll . Laymen might just tell it to remove the thing, but I do hope -you- would know better and tell it to stfu and ignore, then fetch the latest update (it will warn you a few more times if you've got the resident shield runnning, as user32.dll gets accessed a lot).
If you -are- hit and it has already removed it... quickly restore it, carry on.
If you are hit, it has removed it, and your machine has already crashed... reboot to a command prompt (safe mode MAY work, but it didn't when I fixed a machine on sunday), restore user32.dll from a cache / restore point. If you can't get it from a cache, get it from the installation CD (if you have one), but keep in mind that it will be missing updates and windows update might not realize that (as everything else on the system tells it hotfixes N-M have been installed - maybe MS will make the update check the MD5 or something of user32.dll, after this problem, just in case).
This was extremely stupid on the end of AVG, but then I'm still baffled why such files can be removed at all; same with ntldr. If you accidentally wipe your root dir, you're all kinds of f'ed.
Oh so the real truth comes out by Orion+Blastar · 2008-11-10 13:15 · Score: 2, Funny

Windows really is a virus and not an operating system. The user32.dll file is the one that phones home to Microsoft and has that "NSA Backdoor" in it.

--
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
We've had our eye on you for sometime now... by HangingChad · 2008-11-10 13:20 · Score: 4, Funny

I'd like to share a revelation that I've had during my time here. It came to me when I tried to classify your operating systems and I realized that you're not actually cross platform. Every OS on this planet instinctively develops a natural equilibrium with the surrounding community but you Windows users do not. You move to a hardware manufacturer and you multiply and multiply until every desktop is consumed and the only way you can survive is to spread to another OEM. There is another organism on this planet that follows the same pattern. Do you know what it is? A virus. Windows is a disease, a cancer of this planet.
You're a plague and AVG is the cure.

--
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
Re:Arrr! by Anonymous Coward · 2008-11-10 13:33 · Score: 5, Informative

No, Avast ye scurvy viruses, dammit! Not everything that looks vaguely latin should be pluralized with an i, and most certainly nothing should be pluralized by changing the word-final "us" to "ii"! You're just a dumbass trying to look educated, and failing miserably. http://dictionary.reference.com/browse/virus
Re:Arrr! by mhall119 · 2008-11-10 13:54 · Score: 2, Insightful

Right, because Pirates are known for proper spelling and pronunciation. Can you see a pirate trying to pronoun viruses? I didn't think so.

--
http://www.mhall119.com
AVG was poison for Devs, now rest of world, too! by soporific16 · 2008-11-10 14:30 · Score: 3, Interesting

The day AVG started deleting CMDOW.EXE (a very useful utility to hide DOS box windows) BY DEFAULT when it does its scheduled scan (which is set to on by default), was the day the straw broke this camel's back.
OK, fine, most people won't have CMDOW.EXE on their system legitmately (ie they didn't put it there themselves) and so if they do have that file, something nefarious has happened at some stage. But for all devs that do use this file (and others like it), AVG is not a friend, not even in the slightest.
So, that leaves the non-devs, and there's enough of them around to build a business model based upon offering the program for free in order to get some paying customers. So, Sometimes, if building a PC for a complete noob and i wasn't going to have to maintain it afterwards, i would ignore my hatred of AVG and just install the latest free ed so at least the user would have a relatively trouble-free anti-virus solution.
Now, AVG has no doubt ruined many a noobs week because their computer doesn't work and they have no idea how to fix it. Great one AVG!
I now have a delete-on-sight-with-a-scorched-earth-attitude policy with regard to AVG (was previously only an ignore-at-all-costs-except-when-really-lazy policy). Can all members of the technical elite follow suit? Thanks.
Re:I'm not surprised... by Donniedarkness · 2008-11-10 14:30 · Score: 2, Informative

It's by no means low cost, but I do have to say that I love NOD32. It's worth the extra money to not have to worry.

--
Earn a % of cash back from Newegg, Tiger Direct, Walmart.com, and more: http://www.mrrebates.com?refid=458505
What has changed at AVG? by Bazrr · 2008-11-10 14:36 · Score: 4, Insightful

Over the last few years I have installed AVG Free on hundreds of my customers computers. On the whole it has been a good stable program. While I havent seen this current problem yet, this would be the third time this year that I know of where AVG have stuffed up and caused major problems. The last one was where they disabled Zonealarm and customers lost their connection to the Internet. For your average home user, it is beyond them to know why something goes wrong, it just does. AVG on the other hand seem to be slipping in the way they approach the care they should be taking when releasing updates. Be interesting to know if something has changed this year in their process of developing and releasing updates?
Re:Sigh by nonewmsgs · 2008-11-10 15:06 · Score: 5, Interesting

I administer a network of a about 200 windows systems, and we use almost exclusively AVG Free. Oy vey, am I gonna have a long day on Wednesday, maybe I should just unplug the phone now.
i thought the AVG free license was for personal non-commercial use.
Re:Arrr! by Anonymous Coward · 2008-11-10 15:28 · Score: 5, Funny

That should be Pirii, not Pirates.
Re:Arrr! by mhall119 · 2008-11-10 16:07 · Score: 4, Funny

No, it's Pirates, dammit! Now I'm going to lecture you about the proper pluralization of latin sounding words because I think you're a dumbass trying to look educated, there is no way you would make a common mistake for comedic value. http://dictionary.reference.com/browse/humor

--
http://www.mhall119.com
Re:Arrr! by Atario · 2008-11-10 17:20 · Score: 2, Insightful

Not everything that looks vaguely latin should be pluralized with an i

No, but it's fun.
I suppose next you're going to object to "VAXen" and "boxen"?
Get off my damn lawn.

--
"A great democracy must be progressive or it will soon cease to be a great democracy." --Theodore Roosevelt
Re:Arrr! by penguinchris · 2008-11-10 18:00 · Score: 2, Interesting

Use of "boxen" is actually really annoying to many people, including myself; and honestly, at least for me, when I see that it lowers my opinion of whoever wrote it. The impression it gives me is that the author is trying to sound cool to people who are computer geeks, but the kind of geek that mods their computer so it looks cool and runs the latest game quickly, not the kind that's actually interested in the inner workings of the system.
So that's my problem with it - I know other people say "boxen" as well, but it seems like the kind of thing that is most often used in the group described above. That this is a negative connotation for me I guess would imply that I'm an elitist of sorts, but that's not it; I'm just not into the same kind of thing. That's just not the kind of geek I am and I sometimes regret being found guilty by association with that group by people who don't know me well but can tell I'm a geek.
Of course, I'm also the kind of person who gets annoyed at most all improper grammar usage. The "Its/It's" problem so many people have is one of the worst.
On the other hand, I don't mind "virii" that much; I know it's incorrect but it's not so much of a stretch as "boxen". I agree, it's fun, when used in the right context. A story about popular anti-virus software running amok definitely counts as the right context.
Also, while I do use them quite frequently myself, I don't get too concerned about proper comma and semicolon usage, so please no comments about that if I've done something wrong in that regard :)
Re:Arrr! by mrbcs · 2008-11-10 18:25 · Score: 4, Funny

Use of "boxen" is actually really annoying to many people, including myself; and honestly,
Well, better than my slip up. I was working at an office with a secretary. She was showing me around the place, where the machines were etc. We had finished and needed to get back to her station to fix her system. Guess what I said without even thinking?
"Well I guess we should go now and take a look at your box." She laughed pretty hard.
I couldn't believe that I said that.

--
I'm not anti-social, I'm anti-idiot.
Re:Sigh by Anonymous Coward · 2008-11-10 19:58 · Score: 2, Informative

i do not think that a "small private school" running TWO HUNDRED copies (not that either item alone would be any different.. it wouldn't) fits within the limitations for using avg free:
from http://free.avg.com/download-avg-anti-virus-free-edition#tba2

# AVG Anti-Virus Free Edition is for private, non-commercial, single computer use only. The use of AVG Free within any organization or for commercial purposes is strictly prohibited.
Re:Arrr! by Anonymous Coward · 2008-11-10 20:07 · Score: 4, Funny

No, Avast ye scurvy viruses, dammit!
There's no such thing as "viruses", just there's no "mouses". "Virus" is the plural for "virua".
Other commonly confused words include "bus", the plural of "bue", "adress" for "adreso" (tricky one!). Not many people know or use those words correct hence the mess we're in.
But some words are catching up faster than others, such as the popular "yes", which is the plural of "yea".
keygens, magical jelly bean etc... by Fallen+Andy · 2008-11-10 20:13 · Score: 3, Informative

Several of the AV packages mark these as trojans. Just to be on the safe side, upload a sample to virustotal which checks with around 30 different products.
It's always good to have a second opinion - see e.g.portable clamwin
Andy
Comment removed by account_deleted · 2008-11-10 20:47 · Score: 4, Informative

Comment removed based on user account deletion
Re:Arrr! by badfish99 · 2008-11-10 21:36 · Score: 2, Informative

You obviously never learned Latin, or you would know the correct declension of the noun "bus", as given here
Re:People work HARD not to change by erroneus · 2008-11-10 23:18 · Score: 2, Insightful

You and people like you are precisely why the abusive monopolies exist. Your persistent drug-addiction-like dependence on gaming has placed all profiting parties so high on their thrones that they will continue to rule you and all the people like you. Put some principles before your pleasure once in a while and you might develop what some call "character."
The game developers will not write to Linux or even Mac OS while they already have your short-n-curlies. They have no motivation to change while you remain staunchly loyal to their current model.