Author Topic: Avira antivirus upgrade wreaks 'catastrophic' havoc on Windows PCs  (Read 7229 times)


Offline John Buchanan

  • The greatest victory comes from the battle within.
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5642
  • Personal Dragons can be defeated. Improve yourself
Re: Avira antivirus upgrade wreaks 'catastrophic' havoc on Windows PCs
« Reply #1 on: May 17, 2012, 03:58:03 AM »
Sucks to be them  ;D
Please follow Comodo Forum Policy

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 19141
Re: Avira antivirus upgrade wreaks 'catastrophic' havoc on Windows PCs
« Reply #2 on: May 17, 2012, 12:01:28 PM »
Only the subscribers to the payed version were affected. The user of the Free version are not.
« Last Edit: May 17, 2012, 09:02:46 PM by EricJH »

Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 10753
Re: Avira antivirus upgrade wreaks 'catastrophic' havoc on Windows PCs
« Reply #3 on: May 17, 2012, 12:35:02 PM »
These things happen. FP's are a necessary byproduct of trying to completely protect a computer using only signature detection. As can be seen, sometimes these signatures can get a bit greedy. >:-D

That said, I would have hoped that some precautions would have been put in place to at least protect against critical windows system files like this. Hopefully they are now (and as far as I'm aware they already are with Comodo). Comodo does not scan whitelisted files, which should include all Windows files.

Offline SiberLynx

  • Comodo's Hero
  • *****
  • Posts: 2184
Re: Avira antivirus upgrade wreaks 'catastrophic' havoc on Windows PCs
« Reply #4 on: May 18, 2012, 11:46:59 PM »
Only the subscribers to the payed version are affected. The user of the Free version are not.
True, but that’s just because the free edition doesn’t include  Behavioral Blocker (BB)

These things happen. FP's are a necessary byproduct of trying to completely protect a computer using only signature detection. As can be seen, sometimes these signatures can get a bit greedy. >:-D
Hi Chiron,

What kind of signatures are you talking about? BB’s do not rely on / not using signatures.

Well, sure we (at least me personally) don’t have detailed info about Avira’s BB flaw in their recent SP

At the same time,... again ... users must be blamed as well if not in the 1st place
Such disasters happened in the past and will happen in the future
It was discussed here & in other forums

As soon as any security installed – go through all options and disable auto-quarantine / auto-deletion wherever you can see that Set those to “Notify” only.
You must not allow any security silently quarantine/delete anything
Pay attention to anything considered as a threat which resides in a system area
This way users are protected against such malware as their own security :)

And we all know (I hope) that even if those important system files are infected indeed – there is no way any security should attempt to quarantine/delete them, since special procedures are needed to deal with such in order to repair/put back the legit ones

As for BB's (no signatures involved) - the rule of thumb is pretty much the same
The thing is that most BB’s (or HIPS - not the same but similar) have just Alerts as a default  with Block/Quarantine/Allow/Create Rule/etc. options
Honestly, I was not interested in Avira’s ProActiv behavioral-based monitoring system, therefore I will refrain myself from comments & judging at the moment, but according to common sense – it most likely (or rather should) has similar setting(s) for not blocking/quarantining by default.

Cheers!

p.s.  Since it’s offtopic here
That said, I would have hoped that some precautions would have been put in place to at least protect against critical windows system files like this. Hopefully they are now (and as far as I'm aware they already are with Comodo). Comodo does not scan whitelisted files, which should include all Windows files.
can you please PM me some details about this matter in particular
That is interesting, because system files can be poisoned;  substituted; dig signatures can be forged … and so on...  So how those crucial sys files are whitelised & not “scanned” / or not checked by Defense+/ or theoretically by by so many times promised awaited BB by Comodo ;)
Thanks in advance
« Last Edit: May 18, 2012, 11:56:38 PM by SiberLynx »
Main OS - Ubuntu
XP Pro, SP3 (32bit), Admin; Comodo Firewall 3.14.130099.587; Proactive with Defense+; Emsisoft Anti-Malware v9; Sandboxie
Win 7 x64, Admin (UAC off); Win7 advanced FW +TinyWall; Emsisoft Anti-Malware v9; Sandboxie
Win 7 Ultimate 32bit (UAC off); Emsisoft Internet Security v9 beta

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 19141
Re: Avira antivirus upgrade wreaks 'catastrophic' havoc on Windows PCs
« Reply #5 on: May 19, 2012, 10:02:07 AM »
As long as D+ is active it will protect the Windows system files from being tampered with.

Offline Seany007

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 2381
  • Comodo Commando
Re: Avira antivirus upgrade wreaks 'catastrophic' havoc on Windows PCs
« Reply #6 on: May 19, 2012, 11:47:13 AM »
Only the subscribers to the payed version were affected. The user of the Free version are not.

That's funny LOL! ;D

These things happen. True. I never really liked Avira.
Proud Comodo User (CIS, CD, CID and CMS)

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 19141
Re: Avira antivirus upgrade wreaks 'catastrophic' havoc on Windows PCs
« Reply #7 on: May 19, 2012, 08:54:09 PM »
That's funny LOL! ;D

These things happen. True. I never really liked Avira.
Accidents like this happens to all of the security programs. It's not a a valid way of distinguishing the good from the bad, the outstanding from the mediocre and below, etc...

Offline Seany007

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 2381
  • Comodo Commando
Re: Avira antivirus upgrade wreaks 'catastrophic' havoc on Windows PCs
« Reply #8 on: May 19, 2012, 09:17:01 PM »
Accidents like this happens to all of the security programs. It's not a a valid way of distinguishing the good from the bad, the outstanding from the mediocre and below, etc...

I know even Microsoft gets it wrong time to time. I express my personal opinion. For me Avira will be the last AV I will ever use... Personal choice.
Proud Comodo User (CIS, CD, CID and CMS)

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek