An update from AVG on Wednesday night rendered 64 bit Windows 7 systems unstable after it was applied. Several Register readers have been affected by the problem, which leaves machines in a continuous reboot loop. AVG has pulled the problem update (3292) and published an advisory apologising for the cock-up and providing …
Register's Round Up?
How about The Register doing a round up of free AV products? I've used AVG for a few years, but they're getting more bloated over time. It'd be good to see what's the best alternative.
Would be worth seeing
But I suspect MS Security Essentials would win.
I can get behind the round-up idea.
I've presonally used AVG on a few PCS, as well as Avira and Avast. Some are more effective then others at certain things, but on average they're all pretty much the same level of protection. OKish, but not a "catch all". AVG does seem to guzzle slightly more resources than the rest, but it's not a huge amount.
All of them have created problems though when I've recommended them to other users - they keep getting plagued by the ads along the lines of "your computer would be more protected if you paid us money and moved to this option", or couldn't work out the subscription renewal process. So in past years I've been recommending MS Security Essentials instead of the other offerings. Although it's a MS product it's roughly as effective as the rest, not particularly resource hungry and doesn't show unsolicted ads nag you for subscription stuff. (and as a bonus, updates itself using the Windows Update process so it means the users are forced to keep their PCs properly patched!)
Since version 8/9 AVG has become quite bloated and prolific with Ads. And it's not the first time they've had bug trouble either. I remember a version 9 iteration that used to switch your PC's focus to the AVG application approximately every 30 mins regardless of whatever you were working on at the time (like, Full Screen games, which tended to crash every 30mins like clockwork). Fixing that one required scrubbing the AVG installation combined with multiple registry hacks...
Yup, MSSE would be my choice...
Okay, when it came out Security Essentials had a lot of catching up to do - but recently it's been catching more than AVG Free (I run both on different VMs).
Just glad I switched family members from AVG to MSSE a month or so ago - 64-bit W7 is more common these days.
I dumped AVG after many years for MS Security Essentials, on both a Vista 64bit box and an XP x32 Thinkpad. I now find both machines faster and MS' software found a few nasties (nothing particularly serious, mind) on my Vista box that AVG didn't.
The best alternative to all AV products is to look at what causes infection - and stop doing it.
shouldn't need catch-up
"Okay, when it came out Security Essentials had a lot of catching up to do "
shouldn't have. Certainly when it first came out, the virus definition files were identical to those of its big-brother product Forefront. (which is the domain-controlled, central-reporting, costs-you-money version)
it's also both inconspicuous, AND doesn't have a "please ignore and run the virus anyway" option on its pop-up
for anyone saying "just don't get infected", remember you can get infected from flash. Before someone mentions noscript, remember there have been cross-side scripting exploits on youtube before. Just because you browse legit websites only doesn't mean you're safe, that's like saying uprotected sex is safe as long as you stick to "nice girls"
Nothing is best
I used to write AV software, but I don't use it now. Oh maybe once in awhile when I think there is something odd going on, but not as a regular installation. It's just more trouble than a virus- as this story illustrates.
Viruses used to be found, disassembled, and the AV updated before they became widespread, so it was worth the regular update as it actually had a chance of keeping you safe. Now a new virus is all over the web before the AV people get a chance to analyse and update, so it's firefighting rather than prevention. You can do that after you have a problem. No sense continually slowing down your computer and suffering all the false positives for no protection.
Catch-up: Just speaking of personal experience
I had a beta copy over a year ago (July 2009), which was somewhere around 60% catch-rate - it was a lot better when finally released in around Oct 2009, but AVG when through a major release during the same time and kept ahead of MSSE until about Easter 2010.
Virus defs aren't the only aspect - the defs didn't change massively between beta and release, but the detection engine obviously did. The final release was about 90% and it's now in the high 90's depending on your test of choice.
You forgot to mention
flash running on Windows
get a mac
Have you unplugged your airbags and drive without a seatbelt too?
here, fixed it for you.
The best ADDITION to all AV products is to look at what causes infection - and stop doing it.
Please do, and test 64-bit as well
Very good idea, but please put equal weight on 32-bit and 64-bit testing, since the latter are getting more and more popular. I am using 64-bit since XP was out and I'm never going back, the stability it offers is vastly superior from anything 32-bit.
Not free, but
I've used NOD32 / Eset for perhaps 3 years now, after having tried many others. Very small footprint, low processing overhead, effective and reliable.
So what you're saying is....
You can't protect against new Viruses immediately so there's no point having AV software. Even though that means you're vulnerable to Viruses that ARE protected against by AV software. So you're machine can regularly become infected and spread the virus for a few days before you notice it and then clean it. That's like saying we don't need an army until we've been invaded. I bet you don't even do updates because you think your PC is running fine so obviously you don't need updates. Get protected or get off the net.
There are no viruses that AV protects against
That's the point. All AV protects against all know viruses, everyone has AV, so there can no longer be any viruses that AV can catch before they catch you.
They will only catch the new ones and only after you already got infected and then only after the update.
Couldn't agree more
NOD32 is an amazing product and doesn't get mentioned enough when discussing AV solutions.
I've installed it on mine and all my families computers and I've never had any problems from anyone since upgrading them to NOD32. You don't even notice its there, its doing its job in the background without bugging me, exactly what I want my AV to do.
The most popular one is the most useless
Any virus that is successful is going to have to get past the most popular AV. Therefore your popular AV is not going to be much help.
As for updates, imagine if you wanted to maintain a backdoor into everyones computers but did not want to be discovered. Simply switch the location of the backdoor once per month, hence the monthly patch cycle. The backdoors have plausible deniability in that they are "oops a security valnerability" we need to patch.
What a perfect system, and the users do their part to maintain it. The virus companies are kept in business (I am assuming the same people write them as write the AV) and the hardware manufactures can keep supplying more powerful kit to combat the ever bloating software. Oh what a wonderful industry, I think I will become an arms dealer, more ethical.
think about it
There is no substitute for good driving & some drivers are often put under a false sense of safety by them.
Just like the complete dick head that followed me at a distance of less than 6 feet this morning when the temperature was minus three.
avoid getting infected
"remember you can get infected from flash"
...and you can get infected by something that is yet not covered by the most recent AV patch!
I've effectively walked the 'noscript' route for the better part of the last decade. The result: I got infected once, because I trusted eset's virus scanner when it said the executable I scanned was clean. Of course, a few months later eset changed its mind, but luckily I had managed to clean myself minutes after running the trojan. (the executable installed by the trojan was also deemed 'ok' by eset at the time...)
You don't have to run everything as 'administrator'. You don't have to run a browser that doesn't run as 'guest' by default. A couple of simple precautions goes a long way to make sure your local ecosystem just works.
In my case, I would have wasted a lot of resources on AV systems had I used them.
On the first part you're ok.... Then you mentioned 64-bit XP.
64bit XP was something to toy with but couldn't be used in a normal office environment - it was a 64bit driver wasteland, none to be found anywhere.
Even today with oh say SONY(!), zero support for most things - had to pull a 32bit Vista Business boxen out the other day so the little wife could do her transcription thing, not even Win 7 Pro 64bit drivers.
Unless you were lucky enough to have one of the three printers HP supported back then, I call bullshit.
The post below me?
ESET is a good antivirus/antispyware product and when my clients insist (the theory that anything you pay for is better - I used to try and point out the benefits of Security Essentials, but they evidently get that with their mothers' milk so it's a pointless endeavour (( "our" for our Brit cousins - yet the Reg's spellcheck wants American English lol)) ) on buying AV, that's what they get.
I posted something here somewhere last night about my longish day yesterday - I was doing a job for an adult education center installing new GED software on a new 2008r2 server and......... sigh...... this is why I dread going there: THESE SO-CALLED STUDENTS F-UP ANYTHING THEY TOUCH...... ahem excuse me. I have to clean and update a mix of XP Pro/Win7Pro and one lone Win98 (don't say a word!) BEFORE I can do a damn thing. <blood shoots out eyes> the fun part? No common virus/trojan/etc, everything from everywhere, things I've never seen before, errors never seen before..... all different, all requiring a different response/software. Sigh. Little wife understands why I might come home late and sometimes maybe a little cranky - took her with me as an assistant last night... and she got edumicated. (bwaaaahahahaha bout time!)
The machines with XP have full-on ESET protection and they were the worst of the lot - one had like 38 infections (bastards) etc etc according to NOD - why? ESET knew about it, warned about it, logged it, and the miserable bastards clicked through it... The machines with Win 7 ran Security Essentials - yeah clogged with bs these folks find and install, but no ohfuckware. SE pretty much lets those same miserable bastards understand that cleaning is better and no option to click-thru. That helps and was proven to me last night.
It's no damn wonder Apple and iGod Stevieboy do what they do with a walled garden - people evidently have to be protected from themselves.
And that's just a crying shame - Think I'll stay home today and contemplate that reality.
Prevention v mitigation
Do you drive without a care because you think your airbags and seatbelts will save you, or do you drive carefully so as to prevent an accident in the first place?
Oh Dear AVG :-(
To be honest, I switched to Comodo/MSE (Advanced/Basic users) a while ago, and am happy with those solutions. But I was a long term fan of AVG.
I thought that these 'brick-your-pc' AV updates were more the domain of McAfee / Symantec / CA. Come on AVG, keep up the standards!!
"Leaves machines in a continuous reboot loop."
So, they've reproduced the Blaster worm, basically, yes?
Re: Blaster worm
Worms self-propagate, so no, nothing like it really.
the AVG update server did it for them.....
Hey, now AVG users can pretend they paid for McAfee!
On the upside at least (some) AVG users have not paid for the privilege of their "anti virus" software buggering their machine up, it must sting less that way than if you handed all that money over to have McCrappee take out your Windows OS or your Office suite as "malware" every couple of months.
Actually I'd say AVG did better than McAfee
McAfee's last problem ate a Windows system file. Looks like AVG only ate their own files.
Of course, I'd still hate to have to clean it up.
Normally at this point we're urged to use open source stuff instead....
We use Clamwin, but they had their own problems couple of weeks back.
A bad update meant that the thing went nuts and sent every DLL and EXE on your server to the quarantine folder. First thing we knew was when the server was rebooted due to Windows updates and would not come up again.
I expected to see something in the Reg but either i missed it or they missed it!
At first we thought we had a very bad virus, but it turns out it was an issue with Clamwin - seems we were not the only ones...
They wrote a batch file that could look at the logs and restore the files from there, but unfortunately the default log size is 1mb - not nearly enough to hold the details of tens of thousands of files that were quarantined.
Can't blame Microsoft for these issues....
I had this too
Though I run a script that merely logs the "infections" so nothing was quarantined, but I did find myself quite surprised at the thousands of lines worth of log files I was greeted with in the morning.
My conclusion: ClamAV was designed for *nix mail severs and that's probably where it should stay. Also handy to help disinfect bricked Windows systems, via a live CD. But don't bother using it to scan your Windows machines with any regularity or you're just going to spend the rest of your life looking at false positives.
.. quarantined the call tracking software we use this morning.
As a result productivity is up!
If we don't take care of the customer,maybe they'll stop bugging us. [Picture of old dust phone with cobwebs].
I've actually got that mug on my desk at work :)
No problem here
Updated AVG about 11 pm last night (UK time).
I run windows 7 (ultimate) 64, but noting else
Same here. Maybe it is only certain versions of W7 and we are safe?
Glad I jumped ship when I did.
I got fed up with AVG - it's got too big and flakey, so I ditched it to give MSE a try (so far so good). Looks like the timing of moving my Win7 x64 box was crack on.
Moved from AVG a while back
AVG 2011 slowed my gaming pc to a frustrating crawl, increating boot time, and the time it took to launch browsers.
they really do need to take a look at themselves and realise they dont have to be Symantec.
The linkscanner is pretty good, though and you can run that alongside another product to keep things streamlined.
I have moved to MSE for the time being.
Had to recover a customers pc from this, although in his case we could get into safe mode, go figure. Uninstalled AVG, restarted, everything fine, installed MSE until AVG fix things.
PC World advert on Dual Core
Customer: What's this dual core technology?
PC World: Well sir it means you can be scanning your PC for viruses at the same time as getting on with your work.
I'm thinking: Oh so half the reason I buy a computer is to scan for viruses? Maybe I could use my old PC to scan for viruses whilst I get on with my work on the new one?
that explains my morning.
fired up the laptop this morning only to see the recovery screen. Fortunately letting that run to a previous restore point and a bunch of other background auto-wizardry had the system operating properly after about 15 minutes.
Was wondering what had changed since I hadn't installed or messed with configuration in almost a week, but I did recall seeing the 'you need to reboot" window from AVG's update manager last night.
And here on the first page of El Reg- news I can use. Once again beating the so-called Mainstream Media by providing useful information instead of political propaganda.
RE: that explains my morning
That explains my yesterday when Win7 64 Pro went into recovery screen - and recovered, thank god. However there is now another little window from AVG saying a reboot is required. This one is 426/3293 - so my question to the assembled is: how safe is this one? This has all occurred while travelling and is something I could really do without. Additionally, has occurred having replaced the even more painful McAfee which came pre-installed, following years of trying new avs when the previous became to bloated, too naggy, missed things, whether paid for or free.
The moral of this story really is that everything will let you down or annoy you in one way or another sooner or later and whether you can do without as an alternative depends on how well you can control your environment. As a teacher and a traveller, moving rapidly between network environments and with ever promiscuous USB ports and devices, my requirement is that I have to have some defence and I would prefer that that some defence would remain simple and effective, not feeling the need to load up on "features" and complexity as a way of justifying its existence, retaining existing users and gaining new ones.
This may well be the rub - that everything which starts out good will inevitably fail as a result of market pressures rather than simply technical problems...
Of test of AV products?
User training + Properly setup PC + External to PC Firewall and Zero AV software.
things that make you go Hmmmmmmmm
I am surprised you didn’t put "ditch windows and install Linux" in there too..
No matter how much training you have, no matter how good your firewall is, and for the general population or SOHO, the expense of running an external firewall and subscription is not really a viable option....
Anyone on occasion can get duped into clicking on the wrong link, or opening the wrong document so running a AV program is essential... although not necessary, but if there is a safety net available, use it... only a dumbass wouldn’t.
Wow, so AMNY holes to pick from
First and foremost, does no other device, even a mobile phone, never connect to the same subnet as your machine?
Can you actually trust the users to not click on links (no amount of training can fix stupid, and even the best fall for extremely convincing and well played phishing attacks).
Does nobody ever make a typo in a URL?
Do you trust the server you;re sharing a connection with to be infection free? some of the worst ones were spread by "KNOWN SAFE" sites who were the victims of SQL injection.
Being secure and having trained users, better still web filtering and white-lists on top, is great, and we all SHOULD do that, but lacking AV entirely is just plain stupid. no levels of security can protect you from even someone walking in the door with an infected disk or drive and plugging it in. Even commercial software IN THE BOX (including popular software from big names) has contained viruses on disk. Some "blank" hard drives even contained viruses from the factory, and PCs often do as well.
Do you not get e-mail at all? There are a thousand e-mails you don't even have to PREVIEW to get the virus in them.
All it takes is a single machine in your VLAN to get infected, and it could spread to the entire network in minutes.
That presupposes that your users are trainable. I've met very few that are.
Go on, I'll bite
Add to that list No keyboard + No mouse + No media drives + No network connection and you've got yourself a 100% secure system!
That will only work if you remove all networking devices, floppy drives and USB sockets.
Probably safest to remove the PS/2 ones as well in case someone connects up a keyboard that way too.
With no AV, you can get infected, so give the bad advice a rest please.
Ditch windows and install Linux
What's "anti-virus software"?
Don't have any... but then I run Linux.
I got ClamAV and SpamAssasin on my Linux box
It stops a lot of the email viruses.
If you try and run an original Cobalt Raq server it will get hacked in days, that's Linux. Even that needs updating :-(
They've got us both ways, do the updates and you have the official backdoors installed. Don't do the updates and all the hackers know where your backdoors are.