seriously who would use this software in a business?
Security software biz Avira has apologised after its antivirus suites went haywire and disabled customers' Windows machines. A service pack issued in Monday caused its ProActiv monitoring software to think vital operating system processes were riddled with malware and blocked them from running. Users of the affected products - …
seriously who would use this software in a business?
Yes - I agree
Why would you ever use an operating system that is susceptible to viruses ?
I remember the dark ages when I used to actually bother with those anti virus shites....
is that a troll or what?
Are you working in I.T or just a fan?
If working do any of your machines use windows?
McAfee DELETED svchost.exe after a bad sig update about 2 years ago.
Not fun :(
@yossarianuk Exactly. If you need antivirus you're doing it wrong.
What would you recommend AC? I have been using Avira Antivir Professional for Four Years and have never had a false-positive problem with their product. I seriously had to double take when I saw the article title.
Avast! free edition, never had a virus or any problems.
You sound an awful lot like an OS X user from a few years ago...
Never learn anything from History, that's my motto!
"Casting pearls before the" sw... MS Windows protagonists is not a very good idea. Alas, I often find myself doing exact same thing, <lat>quod etiam peccatum meum est.</lat>
Avast! free edition, never stops a virus until months after its in the wild.
There fixed it for you.
We went through a thorough testing procedure before setting on an AV solution, and Avira had the lowest performance hit of any solution. We were getting a performance boost in some situations of 20-40% on slower PCs over McAfee and Sophos.
It's been great from an Enterprise perspective. Their central management suite works a hell of a lot better than McAfee's EPO, and the agents are much more seamless to deploy than with Sophos (where the agent installs seemed to always find a different random deployment problem each time).
We were really happy until it bricked all our PCs on Tuesday. That can happen to anyone (it happened to McAfee not long ago). Thankfully, it was pretty easy to recover from in our situation, and we were back up and running within 20 minutes.
HAHAHAHA WHO SAYS APPLE NEVER GET VIRUSES NOW HAHAHAHA
"HAHAHAHA WHO SAYS APPLE NEVER GET VIRUSES NOW HAHAHAHA"
Now waiting for the bad guys to switch their attention to Linux.
Perhaps I ought to dust off my old MVS skills :-)
Is there such a thing as an OS that *isn't* 'susceptible' to viruses? Give the coder enough time and I bet they'd be among your machines toute suite.....
That is all.
Certainly so in the case of Google Updater. It's in constant connection with the C&C server uploading private data and waiting for orders.
Mistaken anti-virus hits usually only knock out one program that happened to trigger a new signature. How did they manage to hit that many? Or was it one core windows component that all of them used?
Anti-virus software uses heuristics which are defined on Wikipedia as "Examples of this method include using a rule of thumb, an educated guess, an intuitive judgment, or common sense."
Such an approach can be too sensitive and one mistake and it will pick up lots of things.
So they obviously:
1) Don't test their updates against a single Windows PC before sending them out.
2) Don't have a whitelist of known-good checksums of critically important, unchanging and pretty prevalent Windows system files.
3) Don't have a way to safely undo mistakes.
4) Don't put out an update that only touches the minimum of what it needs and lets USERS flag stuff as bad or not because it knows better.
and Windows, apparently, doesn't have a way of stopping programs from bricking the operating system by deleting critical files. Nice to know. (And, no, I don't care if you ARE an administrator user or not - you shouldn't be able to do this programmatically without at least warning the user first!)
windows does try and protect it's files
unfortunately it protects them in the same way as malware protects itself so anti-virus software uses methods that bypass the protection systems
"and Windows, apparently, doesn't have a way of stopping programs from bricking the operating system by deleting critical files."
If it's done by a process with significant privileges, very few operating systems do out of the box. To be functional an antivirus program is going to need those significant privileges.
So to be fair, that bit isn't really a Windows issues.
Being able to delete critical files as a standard user ... that's a different matter.
it is files?
They obviously also:
5) Don't understand digital signatures.
Let's assume your crapware has just flagged a Microsoft-signed file as a virus. What now?
If you believe that the black hats have got their paws on the private keys used to sign Windows itself, you should just give up. You cannot protect a system if the bad guys wrote it.
If, on the other hand, you believe the signature is valid, that means the file is supposed to exist and its contents are exactly as Microsoft intended them to be. What do you think is going to happen when you delete it? Is it going to be a nice end-user experience? Is it going to be tomorrow's headline in the IT press?
I agree that most operating systems don't. But that's no excuse if you're supposed to be making a "world-beating" operating system that's focused on security - because there's no barrier to making it work properly at all.
And MS is supposed to have their "system protection", etc.. How hard is it, precisely, to prevent certain files being deleted without being in a "system maintenance mode", or requiring an actual human's permission to do so (that was the whole POINT of the annoying UAC wasn't it?).
I'm really waiting for the day where your computer can be in either "usage" or a minimal "maintenance" mode and only in maintenance mode can you do updates, change bootloaders, play with critical files, etc. and only in usage mode can you log in as other users, browse the web, move files around, execute programs etc. And having NO PROGRAMMATIC WAY to switch between the two modes at all, and not have any processes survive the transition.
We have a sort of fake pseudo mentality that almost does this ("no running as root normally", "safe mode", etc.) but they never quite cover that the two modes of operation are distinctly different beasts.
It's a counter-intuitive rule, that one, but one we learn all the same. Perhaps people registering with El Reg could also be directed to a 'there, their, they're' lesson, and prove that they can disable their caps-lock key, too. It would get rid of one regular troll, at least....
Also, right alongside their/there/they're is your/you're
Perhaps commentards could also prove their (there? they're?) ability to 'lose' the habit of using 'loose' when they mean misplace or abandon.
"I'm really waiting for the day where your computer can be in either "usage" or a minimal "maintenance" mode and only in maintenance mode can you do updates, change bootloaders, play with critical files, etc"
If you want something like that try using a Linux/BSD variant setup to mount /sbin, /etc, /usr/sbin, and others as read only when in "usage" mode and read/write when in "maintenance" mode.
Or for for added security you could use a device with a physical read only switch for the drive/partition that holds those core parts. For standard user "usage" you only need write access to a /home/, /var, and couple of others. It's been a while, but I'm sure a quick google will confirm what can be mounted read only.
Used to run a firewall off of an old P1 with Debian running off of a CD but with /var mounted on a drive.
>You cannot protect a system if the bad guys wrote it.
Did anybody see that Ballmer was top of the Forbes list of the worst CEOs? What a douche nozzle he is. Obviously he didn't write it but he made sure the same business practices would continue.
> And MS is supposed to have their "system protection", etc..
Yes, but you granted your A/V suite system level privilege when you installed it, precisely so it could clean up infected system files. That's what the UAC warning you got on installation was for.
ISTR that MS did want to restrict that level of access purely to the O/S itself, but the A/V vendors threatened legal action......
RE:"And MS is supposed to have their "system protection", etc.. How hard is it, precisely, to prevent certain files being deleted without being in a "system maintenance mode", or requiring an actual human's permission to do so (that was the whole POINT of the annoying UAC wasn't it?)."
1) I don't think a Windows service triggers a UAC prompt. If it did, it would break all sorts of Windows functions (including Windows update). It would be a similar situation if Unix required daemons to run under the restrictions imposed by sudo, or so I believe.
2) Requiring a user to switch an OS to a "maintenance mode" to update would be a good way of ensuring that a lot of users never update their OS. The likes of Microsoft, Apple and the various Linux vendors are having trouble ensuring people keep their Oses up to date with the mostly automatic systems in place now, how are they going to do that when people need to switch the os to a different mode? In the mean time, bad guys would merely find a way around the protection without switching to a separate mode..
Nice if you read the article before posting.
3) It was possible to safely undo the mistake. By turning off the blocking. And for people who find that to difficult, it happened automatically when they brought out the update.
And, it didn't delete any files. It just a part of a system which (brokenly) blocked suspicious behavior.
And, you think users should be allowed to delete critical system files just by answering 'yes' to a warning? Sheesh. Glad I don't support your OS.
Actually, I rather like the big dumb guy. Obviously I found him annoying the first day he arrived, but as soon as it became obvious that he was just trolling on every post it was rather fun to see how many people he could get each time.
A lot like amanfrommars, in fact. Maybe they are the same guy?
Google updater? iexplore.exe? Potentially harmful?
Say it ain't so!
Disabling the web browser and the registry editor? That sounds suspiciously like malware behaviour.
If I went to buy a car and they told me they'd send me the steering wheel later, I'd be suspicious.
It isn't suspiciously like malware behaviour, it is malware behavior absolutely outright. Avira should face a very large fine in line with actual malware suppliers as this has damaged far, far more computers utilising exactly the same methods.
It is "malware behaviour" only in the same sense that everything that any software ever does is malware behaviour: creating and deleting files and changing their contents. The fact that it deleted the wrong files is a mistake, not "malice", which requires intent.
So McAfee is going to send everyone compensation for the time they bricked WinXP SP3 by flagging svchost.exe as a virus?
I'll go check the post - thanks!
no iexplore no cmd , no thats a PC thats been secured.
For complete security remove power and network cable
Why not just turn it off?
Got to love so called IT people who think that security is removing / disabling any piece of software that actually aids a user rather than sensible solutions.
And that the user.100% secure.
I always knew notepad.exe was secretly very dodgy.
Not exactly the first time something like this has happened. I'm fairly sure I've heard instances in the past where all the big name AV brands have done something similar - maybe many years ago for some of them but they're all just as bad as each other.
Aye, I remember a supposedly uninstalled copy of Norton that blocked access to Hotmail... Bloody thing came with the PC. Thank, HP!
No, it's bloody not bricked. Windows is not firmware. If it somehow overwrote the code on the motherboard's EEPROM, then it would be bricked. Until such time, it's a corrupt OS, i.e. soft and sod-all to do with hard or firm.
If my ONLY machine is a Windows machine, and I cannot use it to repair itself, then it is, to all intents and purposes, bricked. Now this scenario is unlikely in any commercial setting - ideally *someone* would have an unaffected machine, from which a BootCD could be burned, to help fix the other machines. However, to a lowly home user, especially a non-tech savvy one, then having their machine borked could be a big deal.
Quite a few one-man-band IT specialists have created their own Linux Distro, which they leave with clients, who can boot from it, in the event of a disaster. They establish an OpenVPN link back to the mothership, where remote jiggery-pokery can save the say.
I agree. The word "brick" has come to have a very specific meaning--crippling a device (by overwriting firmware) to the extent that it is permanently unusable or so that only the factory can repair it. We would have the same complaint if a headline said "Bin Laden dead" when he'd only gotten a flesh wound.
"Service Pack 0"
Well that would have made me suspicious straightaway.
I mean, it's like V1.0 of a Microsoft product; you just don't, do you?