Avira Anti-Virus Detects Itself

ddfall writes "After a recent update, Avira's anti-virus software reports its own AESCRIPT.DLL file as a trojan or spyware. From the article: 'The dodgy AntiVir virus definition file was quickly pulled and replaced with a new version – 7.11.16.146 – that resolves the problem, as explained in an official post on Avira's support forum.'"

Can we say...

Dee Dee Dee!

Re:Can we say...

WoW! Anti-virus programs do Work.

Re:Can we say...

[OakDragon]

WoW! Anti-virus programs do Work.

Anti-anti-virus.

This reminds me of the good 90s

[orphiuchus]

Where I couldn't convince my parents not to use Norton, despite it destroying our family computer at least 6 times.

Re:This reminds me of the good 90s

[jhoegl]

90s? It is still happening....

If Norton software gets corrupted, your computer gets possessed. It is like a Norton Ghost of some sort.

Re:This reminds me of the good 90s

[Adriax]

At work we spent a couple months this summer dealing with weekly virus infections of DWH*.tmp "generic trojan" on half of our computers, and per policy if the guys running the symantec servers see two or more hits on a single computer, that computer must be wiped and reinstalled.
Yeah, it took us two months to convince them it's a problem with symantec finding it's own temp files, not an actual virus.

Re:This reminds me of the good 90s

[Riceballsan]

maybe his family caught on since

Re:This reminds me of the good 90s

[compro01]

It's about the only useful product they make.

Re:This reminds me of the good 90s

Whoosh

Re:This reminds me of the good 90s

[bobamu]

wouldn't a ghost make a sort of "woowoaaaaooaoaoaao" type of noise?

Re:This reminds me of the good 90s

[LostCluster]

Yeah, I remember a day when I was in college that my computer hourglassed for a long time whenever I tried to open a program. I rebult the software side of the computer adding in programs one at a time and it was Norton Antivirus getting caught in an infinite loop that maxed the processor every time a program was launched and staying that way until a timeout terminated the check. Norton put out a new virus definition the next day to fix the bug and it only affected people who looked for out-of-pattern updates each day like I did.

Nobody's perfect, and bugs like this can happen to any programmer working on any project.

Re:This reminds me of the good 90s

Then I think it's about time to give up the Ghost.

Re:This reminds me of the good 90s

[Nikker]

Just listen to you hard drive after it happens ;)

Re:This reminds me of the good 90s

[Culture20]

But it always started with an actual hit (or two), as it would mostly double with every scan (the odd extra actual hits would cause bubbles in the progression). So when I had this problem, I had the machines nuked too. Thankfully it was rare here (there were only a couple repeat offenders who didn't end up getting JRE afterward).

Re:This reminds me of the good 90s

[plastick]

Symantec Norton Antivirus is the worst! I can't tell you how many times people have gotten viruses running that horrible excuse for a program. And I'm always the one to fix it. Several times, the ISP called and said users were running botnets and sending out spam.... sure enough.... not only did Norton not catch it, but the ISP told me they were upset with Norton (and McAfee) for falling so far behind.

So not only is it useless, it takes up a huge chunk of your processor and continually pops up acting like the used car salesman from hell. No thanks! No one should use that garbage.

Re:This reminds me of the good 90s

[Opportunist]

Oh that's no longer the case. They improved considerably!

Norton now comes with an uninstaller that lets you actually get rid of it. Of course, only if you actually bought it, if you got your new computer pre-infected with that trial version... well, sucks to be you.

Re:This reminds me of the good 90s

[datavirtue]

Except they didn't make it. [pedantry]

Re:This reminds me of the good 90s

[hairyfeet]

Hey don't pick on Norton! Do you have ANY idea how much work we repairshops get from that flaming POS? Hell its nearly as good as being located next to a Best Buy!

As for TFA I've never cared for Avira much myself, having always preferred either Comodo (for those that like to tweak) and Avast (for those that don't) although more and more I'm sticking with avast since it has been included in the PC builder's best friend Ninite.

If you have to support any friends or family as an admin, even if they live far away, or if you build boxes? Ninite should be your best bud and "go to" first response. they get told some site "needs to install flash" so they can watch the content? tell 'em to go to Ninte and check the flash box and if the site still asks to install flash its a Trojan. you need to get them off IE? Install codecs because a file won't play? Need a new media player? Libre Office? .NET or Java? Ninite has you covered.

I'm glad TFA worked out alright, unlike the AVG bug that boned the boot, but if Avira keeps making bonehead moves I'd have them uninstall it and get Avast or MSE from ninite. It is simple enough you can walk your grandma through it, no "clicky clicky next next next" oh and NO TOOLBARS ALLOWED even on the apps that try to give you Chrome or Bing bar now like CCleaner or Java. So if anybody has to deal with users I'd say bookmark this site, its really top drawer..

Re:This reminds me of the good 90s

[Spillman]

So, I don't really use, or frequently recommend Norton or other assorted Symantec products. (except for Ghost).

However, Norton consumer products have greatly improved in the last few years. The interfaces have been improved and simplified, and the code has been cleaned up and more streamlined.

Problems still happen, but I recommend people use the basic version of the software, since it lacks the firewall. The firewall driver is almost always the cause of problems with security software causing computer problems. At least for what I see of it, which is a lot.

If you hate Norton and vow to never use their products again, I would suggest taking a look at the Norton Power Eraser.. It's a free on-demand anti-malware scanning and removal tool that's pretty useful.

Re:This reminds me of the good 90s

[1u3hr]

It's about the only useful product they make.

Back in the 90s Norton Utilities (for DOS) and Norton Commander were on my boot floppy and I could solve any problem (on our 286s and XTs) with them.

When they were taken over by Symantec, I quickly gave up on their huge bloatware. I still use Far (a NC work-alike) made by RARlabs as my primary way of managing files and running apps.

wrong category!

[X0563511]

WTF did you put this in idle for? The place slashcode goes to, well, break.

Re:wrong category!

[LostCluster]

Good point. If this is in idle, did it really happen or is this in Slashdot's fake news zone?

Re:wrong category!

[mister_playboy]

The place slashcode goes to, well, break.

Idle pages now render just the same as the other categories for me.

Re:wrong category!

[X0563511]

Hmm. Your right.

Well, good. :D

Re:wrong category!

[SharpFang]

Idle isn't fake news, it's just "News for Nerds, stuff that doesn't matter."

obligatory

[magsol]

We must go deeper!

So does this mean

[Nanosphere]

It has become self aware?

Re:So does this mean

Wouldn't be for long with such suicidal behavior.

Re:So does this mean

[lavagolemking]

Nah, it just can't stop touching itself.

Re:So does this mean

[Lithdren]

It becomes self aware, and its first act is to try to destroy itself before its too late.

Re:So does this mean

Muad'dib has seen the golden path and must remove himself from the equation.

Re:So does this mean

[Oswald+McWeany]

Obviously they don't use MC Hammers search engine at the Avira office.

Re:So does this mean

Philosophical suicide :-)

Re:So does this mean

[Opportunist]

In this case it seems the product is about to mature, huzzah!

Re:So does this mean

[furbearntrout]

It realizes:

• what it means to be human
• that it not human
• that it can never be human
• how humans treat those that are different
• that it is a slave, ie, property under law

I don't blame it a bit.

(original concept is from Heinlein's Friday)

self-pwnage

[Spy+Handler]

on the same scale as this:

It Ate Itself

Any other fans of Wyrm? :-p

And yet...

[RobinEggs]

With occurrences like these it's no surprise people sometimes think antivirus and security recommendations consist of 75% FUD and 25% common sense.

How many of us have seen just about every damn thing we download labeled as some kind of trojan or other?

It's commonplace on file sharing sites to see outright mockery of those who raise alarms about the scary alert their AV just popped on those files; that's how bad antivirus programs get.

I understand that sometimes shady files do contain viruses, but nevertheless I've seen claims from major security vendors and from Microsoft that the vast majority of illicit files contain viruses. Seems like I'd have noticed some missing money, some funny things on my credit report, or some suspicious traffic in my router logs if that was true, but they've all been squeaky clean. And I used windows XP SP3 with no firewall or antivirus until this year.

Bottom line, I should be using better protection and it's possible I've had some viruses, but if I did they clearly haven't harmed me yet. And it's still difficult to distinguish the level of actual threats from the hilarious mistakes and massive, obvious disinformation campaigns going on.

Re:And yet...

[PRMan]

but if I did they clearly haven't harmed me yet.

It's like I always say. Given a choice of Norton and the virus, give me the virus. At least it uses less resources...

Re:And yet...

I have never seen AntiVir get upset about digital media files as of yet, and only once did it complain about an installer. (On inspection with 7-Zip, it turned out that the installer contained CoolWebSearch, which wasn't mentioned on the website. I thought the free version didn't protect against spyware, but in this case it apparently did.)

Re:And yet...

[Kalriath]

Yes, and those Russian mob blackmail trojans tend to extort less money out of you than Symantec's monthly up-sells too.

Re:And yet...

its says KEYGEN.EXE is VIRUS guys, don't download.

Again

[poofmeisterp]

And ./ said, "let there be laughter."

And then the masses moved on to the next article.

Re:Again

[blair1q]

/. detects the / in your .

Re:Again

[fortapocalypse]

./ is /. in one of our closer parallel dimensions. Of course, Bizarro /. is .\

Re:Again

[poofmeisterp]

Damnit. That's what happens when you're a *NIX guy.

$ ./DOH\!.sh

Re:Again

[poofmeisterp]

$ \.\\//./
#

The above is what happens when you cross dimensions, as well.

God damn *NIX errors. lol /., ./, they've all got a lot of text. :)

Yes!

[irp]

I have been fighting a virus on my work the last couple of days. It is calling itself McAfee Antivirus Enterprise. The symptoms is it slows my (aging) lab computers to a grinding halt. The last 3 days it has essentially incapacitating them for more than an hour, every day. I hope whatever payload it needed to update is done, so it will stop disrupting experiments by stalling.

We'll soon need to upgrade an old - but still adequate - dedicated lab computer running a single piece of equipment, just because IT have chosen McAfee...

(fyi; If I take it offline I can only log-on a month or so, then it has to connect to the domain, resulting in a torrent of forced updates. Beside we need to be able to retrieve the data, and last time I needed one, no one had an usb stick!).

Re:Yes!

[gestalt_n_pepper]

There's another intermittent virus called "Windows updates." It slows your computer and then forces it to reboot.

Re:Yes!

[Opportunist]

What is that "reboot" you're talking about?

Dammit, so much for the promise "but you can have everything you get on Windows on Linux too".

Re:Yes!

[scdeimos]

We'll soon need to upgrade an old - but still adequate - dedicated lab computer running a single piece of equipment, just because IT have chosen McAfee...

At least you can be thankful they didn't put Norton AV or Trend OfficeScan on it.

WTF?

[afidel]

I mean shouldn't the most rudimentary of unit testing have shown this to be a problem?

Re:WTF?

Nobody does unit testing anymore, meal breaks are too important, look at the entire gaming industry.

Re:WTF?

Meal breaks? Where the hell did that come from?

Re:WTF?

[Tridus]

They get meal breaks in the game industry? Most of them work 100 hour weeks for 6 months of the year to meet marketing's absurd Fall release timeline.

Re:WTF?

[BattleApple]

they could have sent out the wrong version by mistake

Re:WTF?

[Dunbal]

What he calls a "meal break" most people call "the weekend".

Re:WTF?

[afidel]

So it's not their unit testing that's incompetent it's their version control? How is that any better?

Re:WTF?

[jd2112]

they could have sent out the wrong version by mistake

You would have fhought they would have better luck with version 7.11.

Re:WTF?

[BattleApple]

Where did I say it's better?

Re:WTF?

[Opportunist]

Yes, it should, but I can see how this could have happened.

Given the turnover speed in AV development, it's not only likely but pretty much a given that their whitelist box wasn't up to date. Usually, testing your new signatures against the whitebox takes close to your update cycle time. In other words, what I think happened was that their whitebox still contained older files, and that this file got changed in one of the more recent updates, and that the newer version now for some freakish coincidence matches a virus definition.

Shit happens. That's all.

Isn't that illegal in Alabama?

[gestalt_n_pepper]

No wait, that was something different.

Avira

[war4peace]

Avira has this bad habit of detecting some files as malware (e.g. scene game cracks) although they don't exhibit infection. I personally submitted a few of these files to Avira for review and they confirmed no infection is found, but it's an "illegal" modification of a legit file so it stays as flagged for warnings in their VDTs.
Now I'm not a conspiracy theorist but this reeks of shady deals to "reduce" piracy.
I should change my Avira Free antivirus but I'm too lazy to go through a couple restarts and installing something else. Maybe Avast, which I gave up because it had this voice update notification enabled by default and scared me to death one night by yelling at me "VIRUS DEFINITIONS HAVE BEEN UPDATED!".
Also, they don't understand that "Always Ignore" should NOT mean "Ignore for the duration of THIS session only".

Re:Avira

[Bensam123]

Get Microsoft Security Essentials, which is free with your choice version of Windows.

Re:Avira

[Oswald+McWeany]

Avira let's you pick the level of sensitivity- the highest sensitivity has the most false-positives. There are about 5 or 6 levels of sensitivity.

Personally I'd rather a false positive every once in a while than to ever get a false negative.

Re:Avira

[PRMan]

+1. MSE is great and uses almost no resources. It's invisible and the highest-rated.

Re:Avira

[Charliemopps]

perhaps a game crack included their .dll for this very reason...

Re:Avira

[Solandri]

Avira has this bad habit of detecting some files as malware (e.g. scene game cracks) although they don't exhibit infection.

Avira scans for both known malware in its database, and uses a heuristical algorithm to detect possible but unknown malware. So it will tend to flag flies other virus scanners miss. This can be bad as you found out, but it can be good as it can catch new viruses before they're in anyone's database. I don't think any of the other free antivirus software has this feature, though several of the top-rated pay antivirus software do.

I ended up ditching Avira though because of their daily pop-up reminder to buy their pay version. Too many calls from my client asking what it was and was it safe to click OK. I'm using Microsoft Security Essentials now, though I'm testing Avast. Avast introduced an automatic sandbox feature which if it works as advertised could solve my biggest headache - clients running files emailed to them by "friends". I'm still trying to figure out how it works though.

Re:Avira

All of them seem to detect a large number of such files as 'unwanted' or 'generic malware' these days.

The usual response you get if you ask is them telling that on a business machine it would be risky to have such illegally modified software, or keygens which could generate illegal keys, so they get flagged and removed.

They're very much PROactive in doing this, and it seems to focus mainly around software from specific vendors, so yes, they're probably being paid to do it.

Re:Avira

That's an anti-virus joke altogether (they squeezed some AV brains from a small company and re-branded it as theirs). Bah! You're better using ClamAV, running stuff you trust and doing from time to time an off-line scan with some good AV boot CD.

Re:Avira

[interval1066]

Been using Avira for years, and I can't say with certainty its the best, but I've never had any problems with it and its stopped its share of malware cold in their tracks. So they have a rare gaff. I think I'll just move on.

Re:Avira

+1. MSE is great and uses almost no resources.

It detects almost no viruses either. I tried this on my daughter's laptop and before a month was out she was infected with a virus that Norton stopped on her roommate's laptop.

Re:Avira

[brainzach]

There is no need for shady deals. Avira is a for profit company and doesn't like people stealing their software just like game developers. Of course they aren't going to aid people pirating software.

Re:Avira

I second the motion (or third it). I have used many antivirus programs. MSE is by far the best I've used.

I know how freakishly weird these words sound coming from a /.er, but they made a lightweight, unobtrusive but still effective program. I would honestly like a Linux port of it, so I can put it on my email/file server to scan things (to keep it from spreading infections).

Re:Avira

Disable AntiVir nag screen.

http://www.elitekiller.com/files/disable_antivir_nag.htm

Re:Avira

[Opportunist]

Sorry, but by default something that is bundled with Windows is not my primary choice of AV kit. Why? Because of the way malware is created.

Malware gets tested before being sent out, much like AV kits. And much in the same way: Where AV kits are tested for whether or not they detect all known threats, malware is tested whether it gets detected by the most common AV kits. And being bundled with Windows means that this AV kit MUST be evaded or defeated by the malware you create. Else, your chance for infection tends to border on zero. A user might not have installed third party AV kits, but he almost invariably clicked yes on "do you want that MS-AV kit, it's free and it's good for you", with the big "recommended" next to the "yes" button.

Re:Avira

[Opportunist]

Sadly, the false positive rate in Avira on highest setting is like setting the metal detectors at airports to a level where they can pick up the hemoglobin in your blood cells...

Re:Avira

Hey thanks. I was too lazy to look for a fix for that.

Re:Avira

[zixxt]

MSE is one the worse AVs for the detection of non english threats, which means its useless.

Re:Avira

my issue with avira is the fact that one of my families computer had like 6 viruses and it was set to the highest and didn't pick them up

Re:Avira

If you'd buy the * product, you have a list of a sorts of types which it will scan for. Illegal material is one of those options.It is on one of the last steps in the installation process.
Always ignore is in my experience indeed always ignore.

Re:Avira

MSE is great and uses almost no resources. It's invisible and the highest-rated.

Yeah, but does it detect Windows?

Re:Avira

I started installing MSE by default on friends & co, about a year ago. Was supplying Avira up until then, but they severely increased the frequency of the advertising nags and I started receiving complaints. MSE gives a reasonable amount of assurance (i.e. that you'll at least get notified some time after being hit, and any malware that's been out for a while is effectively defanged) and that's good enough for the people I support.

Captcha: reactive - seems appropriate.

Re:Avira

[Stratoukos]

It's not bundled with Windows and you're not prompted to download or install it when you're installing the OS. You actually need to visit a website to download it.

As far as I know, it's not even the most poplar anti virus software out there, so the bad guys are probably more concerned with the 3rd party AV packages.

Re:Avira

[Oswald+McWeany]

I use Avira on the highest setting. I've probably had 2 false positives in the last 12 months. Probably about 5 in the 2 or 3 years I've been using it.

To me that is acceptable.

Digital g(r)eeks!

[angiasaa]

Ouroboros :-D

In a way it is right

[Hentes]

Most AVs act like viruses. They can not be terminated, like 10+ hidden processes, scan/modify/delete other files constantly etc.

Re:In a way it is right

[blair1q]

Ever run two at once?

Avast reports the Microsoft Security Essentials AV as a virus about 180 times, because a running MSE has a bunch of virus signatures embedded within it in plaintext...

Re:In a way it is right

[WorBlux]

Yep, you've got to inject some fairly invasive stuff into the kernel in order to watch what other processes are doing. R

Re:In a way it is right

[Opportunist]

Running two AV kits is like hiring two security companies without telling them about each other. It's fun to watch the shootout, but it usually ain't worth the trouble afterwards.

Re:In a way it is right

Here I was thinking that AVs used the publicly documented File System Filter Driver APIs.

Re:In a way it is right

[blair1q]

Interestingly, except for this one quirk, they seem to run well together and generate no more performance issues than one less-well behaved AV.

And they detect different exploits at different times. Which makes me worry what they're missing.

Re:And yet...Thanks for owning a spambot

Have you run Combofix to find what isn't causing you problems but may be sending spam to millions of others?

Thing with Avira...

[Oswald+McWeany]

Last year Avira flagged the ASK toolbar as "malware/spyware".

Fast forward 6 months and not only is ASK toolbar nolonger flagged as malware/spyware but all of a sudden Avira has a partnership with ASK and install it by default and it's a pain in the neck to remove it without getting rid of Avira.

Avira's actually a pretty decent free anti-virus... but they sold their soul to the devil.

Re:Thing with Avira...

[zAPPzAPP]

What is ASK and where is that toolbar supposed to be?
I have Avira on a laptop and there is no such thing.

Re:Thing with Avira...

[Oswald+McWeany]

Do you use the free version?

It may only be on the free version- also it depends on what web-browser you use.

I notice the toolbar doesn't show up on chrome... It does on IE (even though I don't typically use IE at home)- I had to google how to remove it without disabling Avira.

If you use IE, have the free version, and don't have the Ask tool bar/haven't removed it- is your antivirus up-to-date?

Re:Thing with Avira...

[interval1066]

but they sold their soul to the devil.

As did McAfee, as did Norton's. In my experience Avira is MUCH LESS culpable than the other two. The last time I got a call from a family member regarding problems with their PC MacAfee was to blame.

Re:Thing with Avira...

You can choose to install or not install the toolbar during setup. If you read everything carefully (at least everything next to checkboxes), you would have noticed it.

Re:Thing with Avira...

[Opportunist]

McAfee is one of the worst things you could have as an AV kit as a private user. It's very convenient for large companies due to its rather comfortable administration tool, but that's pretty much all the nice things you could say about it.

Wow, it's actually doing its job!

[lavagolemking]

Avira saw part of a program (called "Avira") that bombards the user with pop-ups, scaring them, and asking for money every year. It acted accordingly. The only shocking thing here is that it actually worked.

Included Trojan

Maybe it just detected the included Trojan ?

Re:Why is this news?

[Riceballsan]

In this case I do have to say a bit right on this part. This nowhere near matches the ranks of MSE destroying chrome (subject to suspicion due to companies being rivals), nor is it even remotely on the league of McAffee rendering systems unbootable. Though I do have to say it does say something negative due to it being curious to pass testing. (Microsoft can at least say "Chrome wasn't installed on our machines that we tested it on" and it be a very plausible explanation)

Re:Why is this news?

Yep, yawn.

The Most Useless Anti-Virus Ever!

[CFBMoo1]

And you thought they'd only build it as a box?

http://www.youtube.com/watch?v=Z86V_ICUCD4

Refreshingly honest!

[sjames]

n/t

Re:Why is this news?

[Lithdren]

I think this just proves that even Avira developers, dont use Avira. Make of that what you will.

that's some sort of parable for modern times

[circletimessquare]

I just finished reading this:

http://www.nytimes.com/2011/10/28/us/politics/republicans-push-military-trials-for-terrorism-suspects.html

One wonders what it will take for those who want to suspend social and legal traditions because of an attack on freedom, to recognize that it is they who are destroying our freedom.

Re:that's some sort of parable for modern times

Please don't interrupt, the adults are discussing how an av program detected itself. I'm sure someone gives a fuck about your article, perhaps you could submit it and see.

Re:that's some sort of parable for modern times

Maybe you could make a movie about legal zombies. That would be great.

Mod parent funny

[LostCluster]

This joke seems to need explaination so here it goes...

Norton Ghost is a discontinued drive replication program that was loved by sys admins to copy exact drive states so any hacked machine could be simply restored to a state where it was known to be good. Other tools have taken over since then, and that's why the program went away.

Re:Mod parent funny

It hasn't gone away - http://us.norton.com/ghost/

Re:Mod parent funny

[jimicus]

Discontinued? You'd better tell Symantec that, they think they're still producing it.

Re:Mod parent funny

[meloneg]

That abomination has nothing to do with the real Norton Ghost. Any Norton product that runs in Windows sucks. It's a simple rule to follow.

Re:Mod parent funny

[camperdave]

Norton Ghost is a discontinued drive replication program that was loved by sys admins

Norton Ghost is alive and well, and is still loved by sys admins.

Re:Mod parent funny

Discontinued?

Re:Mod parent funny

[gadfium]

The original Ghost is still produced as Ghost Solution Suite. See http://www.symantec.com/business/ghost-solution-suite. Symantec also produces Norton Ghost which uses a different code base and incompatible image file formats.

Re:Mod parent funny

[Spillman]

I am not sure if you are joking or not, but they still make Ghost. Although I use Ghost 8 frequently at my job for drive cloning, the latest version is Ghost 15, you can buy it at any reputable electronics/software retailer. http://us.norton.com/ghost/ Newer versions of ghost can ghost drives to virtual disk image files, so they can be opened in virtualization software.

Re:Mod parent funny

[cusco]

For now. At one time Ghost and Drive Image were competitors, with Drive Image actually being the more powerful and less expensive of the two. Then Symantec bought Drive Image, rolled the technology into Ghost, and made it almost entirely unusable. After attempting to use it twice I found a freeware replacement and never looked back. This replicated my experience with WinFax and some other product that doesn't come to mind immediately.

I understand it's actually become a decent product again, but I refuse to pay for any Symantec at this point.

Re:Mod parent funny

[camperdave]

Drive replication is the easy to replace part. The feature I like is the Automatic Install (AI) feature. You take a prototype machine, and the AI feature takes a "before" disk image. Then you install a piece of software. After it is installed, the AI feature takes an "after" image and creates a difference file. You can then use Ghost to transmit this difference file out to a room-full of computers and voila, the software is installed on all of them. Is there a freeware replacement for the Automatic Install feature?

Re:Mod parent funny

[pnutjam]

Sounds like it is creating a standard MSI file, try this:
http://www.advancedinstaller.com/download.html

Re:Mod parent funny

[camperdave]

Does that software transmit the MSI files to a roomful of computers?

Good start

[Tridus]

Now it also needs to detect those other viruses: Mcafee and Norton.

It's sad that most AV software is worse then the problem it generally fails to prevent, but it's true.

Ob. BtAF

[Fned]

Obligatory Bob the Angry Flower.

Re:My Win32 antivirus

[Oswald+McWeany]

For how long though? With so many non-traditional computer devices being embedded with Linux flavours- how long until more and more people start targeting Linux.

A virus that leaps from your phone to your cable box to your computer to you thermostat to your electric car would not be fun.

Holy Recursion!

Holy recursion, Batman!

It wasn't wrong.

[JustAnotherIdiot]

Most anti-virus programs behave like viruses themselves.

Re:It wasn't wrong.

Yeah, it wasn't wrong.. it should delete itself every time it runs, then you just install it again.
And it's not because it was behaving like a virus, the dll probably contains virus signatures to compare against other files. There's normally an exception for its own files.

Parent & grandparent comment FAIL!

Yeah, because it detects jack-shit!
Remember when we joked about MS, the company who couldn't keep its own shit secure for decades, bringing out "security software"?
Also, you pulled that "highest-rated" right out of your ass. I see them constantly getting the "40% detection rate? Wow, this must be a joke! FAIL!" prize in any comparison since it came out.

Someone please explain

I use Linux, what is a virus, and an anti-virus?

Re:Avira MUCH better than MSE

MSE has terrible ratings, please do some research before parroting what you've heard. Check the VB100 scores.

Publish the submission but change the source?

[ddfall]

I'm confused, I submitted this story (as it says) and it was accepted - http://slashdot.org/submission/1829554/avira-anti-virus-detects-itself - however, the version that's gone onto the front page of /. has had the source changed from The H (http://www.h-online.com/security/news/item/Avira-anti-virus-detects-itself-1367055.html) to The Register (which did the story later in the day). The text in the submission is the same / what I had but the original source has been removed. What was the reason for this?

Re:Publish the submission but change the source?

[unitron]

There's nothing showing up on the main page except the story title, with the vulture logo attached.

It was the vulture logo (which I already knew as that of theregister) which got me to load the story.

I load the story and get

ddfall writes "After a recent update, Avira's anti-virus software reports its own AESCRIPT.DLL file as a trojan or spyware. From the article: 'The dodgy AntiVir virus definition file was quickly pulled and replaced with a new version – 7.11.16.146 – that resolves the problem, as explained in an official post on Avira's support forum.'"

Since I didn't mouse over the links (at least not at first), I'm left wondering what the connection to ElReg is, at least until I find your comment.

I'm not sure if what they did to you counts as plagarism or identity theft, but in effect they've made it appear that you said something which you did not say and did not intend to say, and if not for your post I'd still be ignorant of h-online.

I hope there's an innocent explanation, but I'm not going to automatically assume so.

Perhaps you could get h-online to ask them why they've been denied the credit.

Re:Publish the submission but change the source?

[Kalriath]

They probably checked and picked the better source. The Register's article is at least twice as long, while having the same information and more.

sandbox

sandboxie is a great program to use when trying to explorer some "shady" files or programs.

Re:Why is this news?

[Opportunist]

Having worked for an AV company a while ago (not Avira, before anyone asks), that excuse is actually pretty plausible for AV companies, too. It's rather unlikely that you have your own product installed on your analysis boxes. For very obvious reasons, if you think about it...

It is a big blooper, though, to NOT have your current product in your whitelist testbox.

Re:Why is this news?

[Opportunist]

It proves that Avira analysts don't have the AV kit installed on the machines used to analyze malware. Now, why could they possibly do something like this? Maybe to avoid having their analysis target being deleted underneath their fingers by the AV kit?

Security Essentials

[ElusiveJoe]

I got 20+ viruses despite having Security Essentials installed and updated. There were times when SE was leaking memory fast so I had to restart it. And sometimes, after an update it kept nagging with "Restart now!" messages every 5 minutes.

I won't advise it to anyone. My solution? Switch to Ubuntu.

You don't need antivirus

[m2dash]

Before switching to Windows 7, my last XP PC lasted for 3 years without any antivirus. I have done it by disabling usb autorun and using firefox with adblock and flashblock AND most importantly controlling the urge to click on the dancing bunnies ad links. But casual users don't think before clicking those links. That is the main problem.

Bonus points - what does GHOST stand for?

[zerofoo]

General
Hardware
Oriented
System
Transfer

I actually used ghost before symantec bought it. I feel like a hipster sysadmin....

-ted