back to article Windows 10 Anniversary Update crashing under Avast antivirus update

Avast has issued a rushed fix to stem blue screen of death action caused by an update that clashed with Windows 10 on some systems. The patched patch fixes a kernel panic caused by conflicts with a Windows 10 Anniversary Update on Intel Skylake Virtualization Technology machines. Microsoft's update sent some machines with …

  1. Shane McCarrick

    Did anyone actually test this?

    Also seems to have a distinct dislike of the nVidia Driver Experience program. Its not fatal- but the number of errors it throws up just isn't funny- and after the install, you'll keep getting popups about bad msvcrt.dll image files etc etc (there are a rake of them invoked by the nVidia drivers).

    This really is buggy as hell. I can't revert- because the main drive I use for o/s is a 50Gb SSD :(

    1. Anonymous Coward
      Anonymous Coward

      Re: Did anyone actually test this?

      Seems like no one did test it. Hey ho, welcome to the modern world.

      I've decided to roll back to 7, and let MS get their buggy code fixed and working without involving me any further. Hopefully they'll see sense in due course and will make it more like 7 in spirit if not in looks. By then I'll likely be upgrading my PC anyway so will be getting a license thrown in whether I like it or not. Failing that I could treat myself to a Mac...

      1. Anonymous Coward
        Anonymous Coward

        Re: Did anyone actually test this?

        I only update my nvidia drivers if I have issues with a game as I've noticed the drivers from Nvidia via the experience software have a good chance of deathlooping my pc.

  2. Magani
    WTF?

    Windows 10...

    ... World's largest Alpha/Beta test site.

    1. Version 1.0 Silver badge

      Re: World's largest Alpha/Beta test site.

      Thus speaks someone who never installed Vista.

      1. Packet

        Re: World's largest Alpha/Beta test site.

        My thinking is that Windows 10 has surpassed Vista in terms of an unfinished / alpha / beta product being released.

        It seems there are no excuses being made any more - it's just 'this product is rubbish but hey you'll install it and like it'

      2. Fatman Silver badge
        Joke

        Re: World's largest Alpha/Beta test site.

        <quote>Thus speaks someone who never installed Vista(ster).</quote>

        FTFY!

  3. lglethal Silver badge
    Trollface

    Blue Screen of Death

    I know that's the term we all use, but I still find it funny to see it in official press releases.

    Like hearing a news report on swim costumes and hearing the announcer call a pair of speedos "budgie smugglers".

    1. Anonymous Coward
      Anonymous Coward

      Re: Blue Screen of Death

      Ha, they may just as well have said 'ball bags' (or something else suitable from the Profanosaurus) and be done with it.

    2. Version 1.0 Silver badge
      Trollface

      Re: Blue Screen of Death

      I prefer the term "baby squirrel" ...

    3. energystar
      Windows

      Not at all surprised...

      Intel+Microsoft+Alwil [Plus MB manufacturer?]

      And let's stop there. Everyone of them being sure on premises [or promises?] about control of [bottom of] the stack.

  4. kryptylomese

    10 is not decimal it is binary and Beta is the 2nd letter of the Greek alphabet....

    Welcome to Windows Beta!

    1. Adam Jarvis

      Windows Bin, for short? Sounds about right.

  5. eJ2095

    Ahh yess

    We don't like you using classic shell so we have removed it for you...

    Which i thought was nice.....

    What next.... we see you have lots of porn and we have removed it for you....(Thats stored on the 02 USB stick now)

    Swap out Hal for Cortana :- http://www.imdb.com/character/ch0002900/quotes

    1. lansalot

      Re: Ahh yess

      Probably just as well they removed Classic Shell then...

      http://www.bleepingcomputer.com/news/security/audacity-and-classic-shell-download-server-hacked-by-pegglecrew-/

      1. Gis Bun

        Re: Ahh yess

        Did you read the article? It wasn't the developers' faulty but the crappy web site that hosted the programs.

    2. Stuart 22

      Re: Ahh yess

      I'm really shocked you still are expected to buy and install AV software on an OS that MS has been working hard to secure for over 20 years ... is there an ETA for basic in-built security coming RSN ;-)

      1. Ken Hagan Gold badge

        Re: Ahh yess

        You aren't. See the article the other day about drive-by installs? Notice how all the virus scare stories are about zero-days? AV doesn't work. It hasn't ever worked. It can't work because distinguishing "malicious" software from what comes out of big-name vendors just isn't possible, even for human intelligence after the event. AV is a gigantic scam. You are better off without it. Run as a normal user. Don't follow phishing emails. Don't install crapware you downloaded from a sharing site. In short, use Windows the same way you'd use Linux.

        1. Mage Silver badge
          Headmaster

          Re: Ahh yess

          Education and proper configuration and external firewall beats ALL AV for effectiveness. 30 Years of testing proves it.

          AV is part of the problem, not a solution. False sense of security substitutes for users actually paying attention and learning how to use Windows safely. UAC is also pointless.

        2. fruitoftheloon
          Stop

          @Ken Hagan: Re: Ahh yess

          Ken,

          So you seriously think that my (almost) elderly father shouldn't have AV running on his new win 8.1 gaming box?

          I know full well that AV isn't a universal panacea, but expecting Mr/Mrs Average to practice 'safe computing' is of little use in the real world!

          Meanwhile, back in the real world...

          I au fait with win 286-8.1, penguin boxen, my day-to-day box is a MBP Parallels & Win 7, most folk aren't!

          Cheers,

          Jay

        3. anthonyhegedus Silver badge

          Re: Ahh yess

          "You are better off without it. Run as a normal user. Don't follow phishing emails. Don't install crapware you downloaded from a sharing site. In short, use Windows the same way you'd use Linux." - all very well (and I upvoted you) but it doesn't work like that with normal (=stupid) users. We have had to even block zip files being emailed with some of our clients!

      2. Kristian Walsh Silver badge

        Re: Ahh yess

        Criminals rob banks all the time - does that mean that a bank building is less secure than a greengrocer's shop?.. because, after all, you never hear of a greengrocer's getting robbed.

        Security is not a technology issue. The technology is just a tool-kit; it still needs to be used by a human. Windows has all of the same security measures as Linux in place to prevent privilege escalation or out-of-process access, and all the other nasty ways a piece of software can do something that you, as the IT admin, don't want it to do.

        But none of these protections really matter, because the easiest way to get malware onto any system, no matter how "secure", is to give the victim step-by-step instructions on how to install it and let them work around the system's security measures for you. Of course, you tell them that they're doing something else (like getting something for free), but the malware gets in there all the same.

        And if you target Windows with your ransomware, you've got: 1. a far bigger target population, and 2. a higher likelihood of getting your malware into a company that'll pay the ransom.

        I use OSX, Windows10 and Linux daily, and I don't really play favourites, but I do get fairly tired of the insistence from Linux and Mac users that their platform is somehow more secure simply because criminals have no real financial incentive to attack it.

        1. Richard Plinston Silver badge

          Re: Ahh yess

          > Of course, you tell them that they're doing something else (like getting something for free), but the malware gets in there all the same.

          The thing about Windows is that there are (or were) designed in 'convenience' features that mean you don't even have to get the user to do anything other than normal operation. For example: simply inserting a CD or USB could run software on that media. Selecting an email could cause it to load an attachment and execute code (eg Excel macro or Javascript), downloaded files can be executable without further action, file types are hidden so knickers.jpg.exe looks like knickers.jpg and clicking on it executes code.

          Other systems just aren't that convenient for malware. The user must do something out of the ordinary.

    3. Haku

      Re: Ahh yess

      I thought you were joking about it uninstalling classic shell, so I ddi a quick search and found an article on the web titled "Windows 10 May Delete Your Programs Without Asking"

      WHAT THE ACTUAL FUCK?!

      As if I didn't need another reason to stay away from this abomination.

    4. Version 1.0 Silver badge

      Re: Ahh yess

      I turned Cortana off - but your link is interesting . . . "HAL: Dave, although you took very thorough precautions in the pod against my hearing you, I could see your lips move."

      So I'd better cover up the camera.

    5. thosrtanner

      Re: Ahh yess

      Acutally if you'd updated classic shell with their updater (i.e. from the right place rather than the nuked mirror) to the version that supported windows 10 anniversary, the anniversary update didn't complain about it one little bit.

  6. hplasm Silver badge
    Devil

    Avast AV-

    Working as intended. Win10 added to virus sig list.

    1. Baldy50

      Re: Avast AV-

      Norton bloody AV regarded a Vista (Spits on floor again) update on a machine of mine to be malicious and deleted it rendering the machine unable to boot and an MBR/system file repair required.

      So no surprise really!

    2. PNGuinn
      Joke

      Re: Avast AV-

      RTFA.

      It only detected a very few instances of the virus ....

      Epic Fail.

      I wonder if Norton ...

  7. Anonymous Coward
    Anonymous Coward

    We'll see more of this with W10

    Before W10, every sane user could wait 1-2 weeks before applying patches, and let AV vendors do their QA before upgrading.

    Now, with W10, there'll be none of this anymore: upgrades arrive and, conflict or not with the AV or something else, you'll be impacted, and will have to reactively fix it.

    Welcome to the world of user-performed QA as a (paying) service !

    1. Danny 14 Silver badge

      Re: We'll see more of this with W10

      at work I tolerate LTSB edition and WSUS as that is pretty much W7 with the new "look" (near as dammit the same and satisfies the edicts from above). There is no way in hell W10 is going near one of my home personal machines - updates like this are just crazy.

      1. Anonymous Coward
        Anonymous Coward

        Re: We'll see more of this with W10

        And so say many other IT pros.

        I am so glad that I gave up fighting MS with respect to my home machine years ago.

        Now we get the edict from above that the whole company is moving to W10 by the end of the year.

        There are whole rafts of Apps that just don't play nice with W10 and are still needed in order to run the business. I'm glad my contract is up at the end of the month.

        At least we have the enterprise verision. (small mercies I know).

        1. Doctor Syntax Silver badge

          Re: We'll see more of this with W10

          If the company has a legal department perhaps yo should draw their attention to the T&Cs. Just to be sure ask them what exceptions they might expect and whether they can find them.

  8. Ben Rose
    Megaphone

    Avast problems?

    I had Avast problems some time ago under Windows 7. I found the solution in the Add/Remove Programs dialog. No problems since.

    1. Anonymous Coward
      Anonymous Coward

      Re: Avast problems?

      You removed windows! A damn good idea, what did you replace it with?

      1. Rich 11 Silver badge

        Re: Avast problems?

        Doors.

    2. 404 Silver badge

      Re: Avast problems?

      I haven't used Avast! since it ate a couple of WinXP 64bit installations... don't need to be bit by a snake more than twice before they're KOS to me.

      1. Jeffrey Nonken Silver badge

        Re: Avast problems?

        "I haven't used Avast! since it ate a couple of WinXP 64bit installations... "

        Been avoiding it myself. Also avoiding WX except one test machine at work. WX+Avast seems like a marriage made in Hell to me.

  9. Anonymous Coward
    Anonymous Coward

    So let's rename it then...

    .. to AGHAST :).

    Personally I have never quite found an anti-virus program that didn't cause problems at some stage, either with installation, updates or generally getting in the way - it's hard to control the vast and ever changing amount of barn doors in Windows. That being said, preventing Windows from working at all IS effective, of course, just not terribly useful :).

  10. Anonymous Coward
    Facepalm

    Two questions

    1. What the hell is Avast doing to destabilise the Windows kernel so much that a BSOD results. How bad is their coding?

    2. Why is Microsoft allowing kernel patching at all? Anything that patches a running kernel must assumed to be malware and stopped at the OS level.

    1. Ken Hagan Gold badge

      Re: Two questions

      "What the hell is Avast doing..."

      You should note that this was an MS patch to a previously working configuration. Avast did something that MS-in-the-future didn't like. Failing to test that scenario isn't quite as lax as you suggest. It depends on how fully-featured and documented are the kernel hooks that MS (presumably) provide for AV vendors.

      "Why is Microsoft allowing kernel patching at all?"

      Because third-parties like to install drivers for specialised hardware and don't like paying MS to write them? I know a fair bit of hardware can run in user-space once MS have provided a generic driver for the relevant bus, but not everything fits that mold. Notice also that if you have Administrative rights on a Windows machine in user-space it is only a matter of time before you can override any restrictions on kernel patching.

      1. Anonymous Coward
        Stop

        ...the kernel hooks that MS (presumably) provide for AV vendors...

        'Patching the kernel' is not the same as 'writing a device driver'. Microsoft provides a rich, documented and free API for drivers to use to hook into call chains. I can fault Mcrosoft on many things, but not this. AV writers have a history of destabilising the very software they are trying to protect: I suspect Avast is a rat's nest of hackery, patching and general under-the-hood horrors. And they've been caught out. As ever with AV software, the cure is far worse than the disease.

        And 'a previously working configuration' doesn't mean all the running software (i.e. Avast) is going about things the right way.

        1. hplasm Silver badge
          Meh

          Re: ...the kernel hooks that MS (presumably) provide for AV vendors...

          I suspect Windows is a rat's nest of hackery, patching and general under-the-hood horrors. And they've been caught out.

          FTFY

          1. Anonymous Coward
            Happy

            Re: ...the kernel hooks that MS (presumably) provide for AV vendors...

            You have me there... Upvote incoming.

      2. energystar
        Boffin

        Re: Two questions

        "...Because third-parties like to install drivers for specialised hardware and don't like paying MS to write them?"

        Kernel should be off-limits. Anyone needing something inside there should pay MS for the install and the oversight.

      3. David 132 Silver badge
        Black Helicopters

        Re: Two questions

        You should note that this was an MS patch to a previously working configuration.

        "Windows ain't done, till Avast won't run"?

    2. patrickstar

      Re: Two questions

      Kernel/driver coding is HARD, and there is a lot of potential for unforeseen interactions.

      MS has actually stopped, beginning with 64 bit Windows, AV vendors (and certain other usual suspects) from poking around in the kernel arbitrarily. See PatchGuard / Kernel Patch Protection.

      Instead they have provided documented APIs for things like filtering syscalls.

      This however sounds like a driver for the Avast virtualization sandbox thingie. Not very familiar with it, but you can't really stop that without breaking VMware, VirtualBox, et al. as well.

  11. Anonymous Coward
    Anonymous Coward

    "certain HW configurations didn't mix well with the update"

    Translation: Our Ad slurping engine clashed with Microsofts sorry about that!

    "Avast – another anti-virus big-hitter – recently announced plans to make use of anonymised user data to develop marketing analytics through a spin-off called Jumpshot. This is not quite the same thing as what AVG is doing – not least because it doesn’t involve third-party ad brokers – but it might still be seen as moving in the same direction of travel of monetising users’ data as as way of offsetting flat or declining anti-malware software sales."

    http://www.theregister.co.uk/2015/10/14/avg_anon_data_brokering_analysis/

  12. Def Silver badge

    Avast...

    Used to be good. Has recently become the crash-happy, bloated bitch of virus scanners. Anyone got any recommendations for good alternatives?

    1. Anonymous Coward
      Anonymous Coward

      Re: Avast...

      Anyone got any recommendations for good alternatives?

      Linux? :)

      /tiptoeing away ..

      1. Anonymous Coward
        Anonymous Coward

        Re: Avast...

        Tiptoe all you like, but Cortana has got her beady eye on you...

        1. MrTuK

          Re: Avast...

          "Tiptoe all you like, but Cortana has got her beady eye on you..." - Not on my Linux Laptop !

          It would be a long day in Hell before I allowed her (it) anywhere near any device of mine let alone a PC/Laptop !!

          The bitch can't keep her mouth shut about what I do - oops there goes my male chauvinist attitude getting out yet again comparing Cortana to a female !!!

        2. moiety

          Re: Avast...

          Avira seems to be OK-ish, as these things go. Free and not too in-your-face anyway. Don't know how well it works on W10, though, nor do I have any intention of finding out.

          1. David Hicklin

            Re: Avast...

            Have an upvote for Avira.

            Have it on my W10 Virtual Installation where it seems to play OK (have it to remind myself just how bad and horrible w10 is)

    2. Anonymous Coward
      Anonymous Coward

      Re: Avast...

      GDATA

    3. stuff and nonesense

      Re: Avast...

      Try Sophos, Google - Sophos free

  13. ntevanza

    Twitter

    "i got the bsod bc of updating avast

    wow"

    Truly, Twitter is the future of human communication, not to mention journalism. By what other means would glistening gems like this be panned and sifted from the silt of existence and reflected for our delectation in the very eye of humanity?

    1. Darryl

      Re: Twitter

      ntevanza translated:

      "ppl r shit riters"

  14. Clockworkseer

    Avast also breaks proper installation of Windows Subsystem for Linux, so that new shiny bash shell they've been touting doesn't work right.

  15. J J Carter Silver badge
    Trollface

    Quis custodiet ipsos custodes

    >combined with our aswvmm.sys driver <

    MSFT really should have Windows 10 disable malware like Norton, Avast etc.

    1. Anonymous Coward
      Anonymous Coward

      Re: Quis custodiet ipsos custodes

      MSFT really should have Windows 10 disable malware like Norton, Avast etc.

      Isn't that the other way around?

      If an anti-virus program REALLY did its job it should uninstall Windows. The only problem is that that would remove a very profitable ecosystem. Can you imagine the howling of anti-virus providers if Microsoft suddenly got security right? Not that I deem them capable of that, but just imagine what would happen - never mind that that industry only existed by the grace of the abysmal coding from Redmond..

    2. a_yank_lurker Silver badge

      Re: Quis custodiet ipsos custodes

      Slurp should disable malware like 'bloat 10 is more correct.

  16. smartypants

    I didn't bother with a third party anti-virus for Win10

    ...is this bad?

    1. Adam Jarvis

      Re: I didn't bother with a third party anti-virus for Win10

      ....is this bad?

      Windows 10 has so many malware like features its truely difficult to discern the difference.

      The problem is AV Vendors are also having a hard time distinguishing the difference between real Malware and Windows 10 Anniversary Update's 'New features'. Technically, many properties of both forms of malware are the same, its just the MS ones are seen as 'official malware' that route Private data through MS Servers.

      You could have exactly the same 'Windows 10 feature' i.e. installing an unrequested app (in the form of malware) routing exactly the same telemetry data through a third party server that would be flagged as malware under different circumstances, and there is your problem.

    2. Anonymous Coward
      Anonymous Coward

      Re: I didn't bother with a third party anti-virus for Win10

      If you selected "Express Settings" rather than "Customise Settings" during the install of Windows 10, you've given MS the right to run more malware like code, than you ever probably had unknowingly running on an unprotected Win7 Machine, which surfed the wilds of the internet most of its life.

    3. David 132 Silver badge
      Trollface

      Re: I didn't bother with a third party anti-virus for Win10

      ...is this bad?

      Absolutely!

      If you don't run antivirus software on Windows 10, you'll experience problems with:

      -applications and features being suddenly disabled or removed without your permission,

      -demands for money to use your common applications e.g. card games,

      -advertising all over the place for services that people want to push you towards,

      -leaking of your personal data,

      -browser hijacking where your favourite browser gets periodically replaced with one under the miscreants' control,

      -unexpected reboots and changes to your environment.

      And as we can all agree, those are very bad things and would make trying to use your PC very frustrating indeed.

      1. Anonymous Coward
        Anonymous Coward

        Re: I didn't bother with a third party anti-virus for Win10

        -applications and features being suddenly disabled or removed without your permission,

        -demands for money to use your common applications e.g. card games,

        -advertising all over the place for services that people want to push you towards,

        -leaking of your personal data,

        -browser hijacking where your favourite browser gets periodically replaced with one under the miscreants' control,

        -unexpected reboots and changes to your environment.

        Hang on, that's just Windows 10. When are you getting to the effects of a virus infection?

        :)

        1. David 132 Silver badge

          Re: I didn't bother with a third party anti-virus for Win10

          Hang on, that's just Windows 10. When are you getting to the effects of a virus infection?

          I'm going to have to be less subtle in the future.

  17. Gis Bun

    Avast is crap. Worked at a place and had Avast Pro. Couldn't even detect those fake "Anti-Virus XP" junk around 2008-2009.

    1. regadpellagru

      different from my 8 years experience on a dozen of systems, then.

      always worked like a charm

      I think they were here only another victim of MS' always patch policy ...

  18. Hans 1 Silver badge
    Headmaster

    BSOD has been renamed Bug Check (officially) since Windows 8, I head it had to do with all the bad press.

  19. Doctor Syntax Silver badge

    It used to be said that anti-virus firms were engaged in an arms race with virus writers. Now it seems they're engaged in another arms race with Windows.

  20. Anonymous Coward
    Anonymous Coward

    Avast

    It's causes problems with Windows update after every 2-3 months. It's real world detection rate is lower than Bitdefender/Kaspersky/Avira. Only best thing it has now is bells and whistles.

    I've spent some times in an south Asian AV shop. Here general people most often make bad choices when buying an AV, their choice heavily depend of friend's suggestion(who is not probably tech savvy) and on "Visual Looks, bells and whistles". Many people here use Indian made Quick Heal seeing TV ads whose detection rate is actually worse than Windows Defender itself. In other words, your PC is comparativly safer without an "Antivirus" than installing one like this.

  21. Barry Rueger Silver badge

    Real Users

    Lord, bring on the anti-Windoze rants and raves, the anti-AV rants and ravs, the complaints about all users who aren't superior like ME.

    An average user wants to buy a system, not build it, plug it in, and use it.

    And that's an entirely reasonable approach.

    Which means AV and security stuff built in, and everything set to autoupdate.

    Not the admonitions to not click phishing links, to delay updates for weeks or months, to fiddle with firewalls and routers.

    I can repair my truck, build my own PC, and even find my way around Apache, but I realize that this is all pretty exceptional.

    What is needed in these discussions is less juvenile Windows bashing, and more useful advice on how to make average users' Windows machine safe and functional with little or no user intervention.

    1. Joe User
      Trollface

      Re: Real Users

      What is needed in these discussions is less juvenile Windows bashing, and more useful advice on how to make average users' Windows machine safe and functional with little or no user intervention.

      Remove the user from the equation.

  22. Herby Silver badge
    Joke

    Waiting...

    For Microsoft to send out some ransom-ware.

    Oh, wait, they already have, it is called Windows-10. Don't forget to send some $$$ for the next update that we will push onto your machine and ruin all your applications, causing you to spend even more $$$.

    Somehow I wish it were a joke, but from the looks of it, it isn't anymore. (*SIGH*). Maybe that is why I can get a call from someone being a "Windows specialist" wanting to clean my machine.

  23. Anonymous Coward
    Anonymous Coward

    Avast! is the problem here. They were recently acquired by AVG (yes, them) and since v11 Avast has rushed in (premium) Beta 'features', removed the RA tool in v12 and I now suspect the AVG codemonkeys are starting to have their way with the product as well.

    To be fair it was going down the tubes before AVG acquired them and AVG haven't made a product that I'd rate that even works on Windows since v7.5 on XP.

    Both companies concentrated on looking nice while adding yet another mouth to the rim of the cup that is your metadata.

  24. Howard Hanek Bronze badge
    Childcatcher

    I Can Imagine the Marketing Campaign

    ......Microsoft in cooperation with their partner Avast have succeeded where all others have failed. They've achieved a totally secure computer environment..........while your machine is turned off and stays off.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019