Avira antivirus upgrade wreaks 'catastrophic' havoc on Windows PCs

Service pack bricks machines by blocking boots, banning launch of virtually every Windows executable

German security firm Avira yesterday issued a service pack for its antivirus software that crippled an unknown number of Windows machines, with one customer calling the gaffe "catastrophic" to his company.

Today, Avira updated the software to sidestep the problem.

"Following the release of Service Pack 0 (SP0) for Avira Version 2012, the ProActiv feature blocked legitimate Windows applications on customers' PCs," Avira acknowledged on its support site. "We deeply regret any difficulties this has caused you."

Avira is the world's second-biggest antivirus maker, according to usage statistics.

The service pack included an update to ProActiv, a behavioral-based monitoring system that watches for suspicious events that may hint at a malware attack or point to an infection.

Users quickly reported that the updated ProActiv was blocking almost every legitimate Windows executable file -- those with the ".exe" extension -- meaning that most applications refused to launch. Even worse, ProActiv prevented critical Windows files from running, which in many cases "bricked" PCs, or kept them from even properly booting.

The inadvertent blocking impacted Avira Professional Security, Avira Internet Security 2012 and Avira Antivirus Premium 2012, paid products priced between $30 and $60. Avira's free antivirus software, which has limited functionality -- and does not include ProActiv -- was not affected.

Customers were understandably irate.

"This update has been pretty catastrophic. The whole company ground to a standstill," reported someone identified as "AaronH" in a Tuesday message on Avira's support site. "I've been a big proponent of Avira within our company, but I think that may change when it comes time to renew our license in a few months."

According to the same support discussion thread, Avira's fix simply disabled ProActiv. The company will reportedly investigate to uncover the root cause of the massive blocking before re-enabling the feature.

Avira isn't the first antivirus vendor to cripple or damage Windows systems with a flawed update.

Last September, Microsoft's Security Essentials and Forefront -- its consumer- and enterprise-grade antivirus software, respectively -- issued a faulty malware signature update that deleted Google's Chrome browser from thousands of PCs.

Before that, all three of the world's largest antivirus companies -- Symantec, McAfee and Trend Micro -- had shipped defective definitions. In some cases, those mistakes have wreaked as much or more havoc as the Avira blunder.

In April 2010, for example, an update from McAfee paralyzed an unknown number of corporate PCs when it quarantined a crucial Windows XP system file.

According to security vendor Opswat, which reports on usage share every quarter (download PDF), Avira products accounted for 11.6% of all operating copies of antivirus software in the first quarter of 2012, putting the firm in second place worldwide behind Avast, and ahead of AVG Technologies and Microsoft.

In North America, where Symantec, Microsoft and AVG were the top three vendors, Avira had just 4.4% of the market.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

FREE Computerworld Insider Guide: IT Certification Study Tips
Join the discussion
Be the first to comment on this article. Our Commenting Policies