Oh dear. Pissing off Google's techies is not a survival oriented action!
Google probes AVG Chrome widget after 9m users exposed by bugs
Google has banned AVG from automatically installing its Web TuneUp Chrome extension – after the widget wrecked the online security of nine million people. Tavis Ormandy, a Google Project Zero researcher who has been auditing antivirus software, found the extension was riddled with vulnerabilities. Web TuneUp is installed with …
COMMENTS
-
-
-
-
Wednesday 30th December 2015 13:10 GMT Anonymous Coward
Re: Hmmm
>Been using...
Likewise. As an AV it's as good as any other but people are lazy and just accept a default installation which loads a pile of crap such as this web tune-up. Yes, it's optional but it's opt-out not opt-in. Go the custom installation route and just install the core AV module.
At the moment such user behaviour is a raw nerve, I've just cleaned my sister-in-law's laptop for the umpteenth time and the number of tool bars and stuff that starts when the machine does and is set to auto-update had me climbing the walls.
-
Wednesday 30th December 2015 14:49 GMT Halfmad
Re: Hmmm
Most other companies that screw up in the AV field don't do so by leaking data or potentially opening up customers to MITM attacks, they release a messed up DAT file etc. This is a pretty major cock up in security by a firm which is meant to be trustworthy enough not to do exactly that.
White knight and defend it until you are blue in the face, this is a major balls up.
-
Wednesday 30th December 2015 15:12 GMT Anonymous Coward
Re: Hmmm
You're missing the point. If I am defending anything it's the core AV and in fact I'm criticising the bundling of other products along with that. Web-tune up and the other add-ons are different products to the AV which should not be bundled together with it. Take the AV core alone and you'll find it hard to jump on the slag off bandwagon. However given you can't distinguish between unrelated add-ons and the core product I doubt you'll be able to escape crowd mentality.
-
-
-
-
-
Tuesday 29th December 2015 23:30 GMT Turtle
Relatives.
"'Apologies for my harsh tone, but I'm really not thrilled about this trash being installed for Chrome users,' Ormandy told AVG's engineers in his security bug report."
It's all relative. I don't consider Ormandy's to be a "harsh tone". To me, personally, a harsh tone would be "We're a-gonna kill your family and half a dozen of your relatives" whereas an appropriate and measured tone would be "We gonna kill you".
-
-
Wednesday 30th December 2015 05:32 GMT Crazy Operations Guy
I can't tell you how many times I've had to fix a machine because someone tried to optimize something or other. Most of the time, these optimization programs only have negligible effects on the performance, but more often than not, will just prevent the machine from booting now, or a few weeks down the line. I've made so much money off of undoing CCleaner's messes that I might jsut be able to quite my day job...
-
-
Wednesday 30th December 2015 17:29 GMT Crazy Operations Guy
Some of the more common messes I see:
* Attempts to 'optimize' the registry resulting in corrupted files
* removal of 'temp files' that were still in use
* old update files that were removed, but a later rollback needed them (Particularly with beta versions of the .net framework as needed for some beta versions of games)
* sometimes the load order of drivers will change causing systems with 3rd party disk encryption software to fail to load properly
Most of the messes just cause applications to fail to load properly (Or put them into a loop of 'This application isn't installed, install now?' 'This application is already installed, installation failed' because it can't find specific registry keys but finds its files.
IMHO, even the most remote risk isn't worth the possibility of increasing boot times by a few seconds or freeing up a even a few gigabytes of disk space.
-
-
-
-
-
Wednesday 30th December 2015 04:21 GMT RIBrsiq
Re: IT Crowd
"Seriously, have you tried turning it off and on again?"
Or, more specifically to AVG's case, turning it off and leaving it that way...?
I mean, if one's willing to pay for an AV -- a sound and recommended investment, IMO -- there are really great ones out there. But for the price of free, nothing is much better than Windows Defender.
Now, I'm not saying Windows Defender is any good, mind! I'm just saying most free AVs I tried are comparable to it.
-
Wednesday 30th December 2015 04:28 GMT Bitbeisser
Re: IT Crowd
AVG was good back in the Windows XP days, but ever since they started to support (or not) Windows 7 and later, they have gone downhill pretty fast, including installing all that additional web$h!t that doesn't work any better than a little bit of common sense (ok, I know, a rare commodity these days).
But as far as Windows Defender goes, well, it does something. If that is any good, I am not so sure, there ARE free anti-virus solutions out there, like Avast, that do a MUCH better job, though they also started to go down that dark rabbit hole of trying to install all kinds of crap that is of no use (how do they dare to tell me which programs on my PC are unnecessary for example)...
-
Wednesday 30th December 2015 07:42 GMT Dan 55
Re: IT Crowd
The only virtue Windows Defender has is it doesn't nag which is quite out-of-line with the rest of Windows. The defending itself isn't actually very good...
-
Wednesday 30th December 2015 08:11 GMT RIBrsiq
Re: IT Crowd
"The defending itself isn't actually very good".
Yes.
If someone held a gun to my head -- or any other body part, really -- and forced me to say something positive about it the best I could come up with would probably be "It's better than nothing, I guess...".
Seriously: buy a proper AV suite with a good firewall. It's extremely unwise not to.
-
Wednesday 30th December 2015 12:47 GMT jason 7
Re: IT Crowd
Windows Defender for the general virus/trojan stuff.
EMET on max settings for the Zero Day stuff.
Unchecky for the adware/installer stuff.
AdBlock/NoScript etc. for the web stuff.
Cryptoprevent for the Cryptolocker stuff.
Well its what I use mainly. Big bonus is none of it is nagware or shoutware either!
-
Wednesday 30th December 2015 22:38 GMT JCitizen
Re: IT Crowd
@jjason 7 - substitute the free Malwarebytes Anti-Exploit utility for EMET, and run as a limited user, and you got a pretty good line up. I would include Secunia PSI to alert to vulnerabilities, and File Hippo's Application Manager to help keep your apps updated before zero day.
-
Thursday 31st December 2015 00:28 GMT jason 7
Re: IT Crowd
Yeah didn't like the Malwarebytes version as much as EMET. And Secunia just gets really annoying after a while. I make do with a ninite update script icon to run every couple of weeks to make sure most of my stuff is up to date.
Both worth using, I just don't like them personally.
-
-
-
-
-
-
-
-
Wednesday 30th December 2015 08:50 GMT Ambivalous Crowboard
Re: "no browser extensions should be allowed to install automatically"
Absolutely. Have we not been here before? Many, mamy times, and many moons ago, with things with shitty IE plugins that trash your online life?
Speaking as an IT admin that loves it when silent installs are possible, they are also simply disasterous for home users with vendors and the likes pushing what they think is best into other people's systems. If your users can't be persuaded to click a "Yes" box by your shitware, then perhaps fix your shitware.
-
Wednesday 30th December 2015 10:22 GMT AustinTX
Re: "no browser extensions should be allowed to install automatically"
As usual, as always, you give a business a little leeway, and they try to take over. And they're at least a little bit accountable. Imagine what the unaccountable agencies, who insist that you let them keep their loving eyes on you at all times, are up to?
-
-
-
-
-
Wednesday 30th December 2015 22:47 GMT JCitizen
Actually worse...
Norton is not as bad as it used to be, but I sure would not pay money for it - AVG is much WORSE!
After reading a news item about AVG issuing bad updates, I got a call from two clients that their machines were hosed so badly they had to send them in to the factory to be repaired!
-
-
Thursday 31st December 2015 21:54 GMT Chika
Firefox
I just noticed that the one machine that I have that uses AVG has had the same tool added, but this time on Firefox. I'm not totally convinced that this is wholly a Chrome issue, especially if this tool is installed without prior permission, a bit like the cloud tool on Foxit Reader.