Avira antivirus upgrade wreaks 'catastrophic' havoc on Windows PCs
Service pack bricks machines by blocking boots, banning launch of virtually every Windows executable
Computerworld - German security firm Avira yesterday issued a service pack for its antivirus software that crippled an unknown number of Windows machines, with one customer calling the gaffe "catastrophic" to his company.
Today, Avira updated the software to sidestep the problem.
"Following the release of Service Pack 0 (SP0) for Avira Version 2012, the ProActiv feature blocked legitimate Windows applications on customers' PCs," Avira acknowledged on its support site. "We deeply regret any difficulties this has caused you."
Avira is the world's second-biggest antivirus maker, according to usage statistics.
The service pack included an update to ProActiv, a behavioral-based monitoring system that watches for suspicious events that may hint at a malware attack or point to an infection.
Users quickly reported that the updated ProActiv was blocking almost every legitimate Windows executable file -- those with the ".exe" extension -- meaning that most applications refused to launch. Even worse, ProActiv prevented critical Windows files from running, which in many cases "bricked" PCs, or kept them from even properly booting.
The inadvertent blocking impacted Avira Professional Security, Avira Internet Security 2012 and Avira Antivirus Premium 2012, paid products priced between $30 and $60. Avira's free antivirus software, which has limited functionality -- and does not include ProActiv -- was not affected.
Customers were understandably irate.
"This update has been pretty catastrophic. The whole company ground to a standstill," reported someone identified as "AaronH" in a Tuesday message on Avira's support site. "I've been a big proponent of Avira within our company, but I think that may change when it comes time to renew our license in a few months."
According to the same support discussion thread, Avira's fix simply disabled ProActiv. The company will reportedly investigate to uncover the root cause of the massive blocking before re-enabling the feature.
Avira isn't the first antivirus vendor to cripple or damage Windows systems with a flawed update.
Last September, Microsoft's Security Essentials and Forefront -- its consumer- and enterprise-grade antivirus software, respectively -- issued a faulty malware signature update that deleted Google's Chrome browser from thousands of PCs.
Before that, all three of the world's largest antivirus companies -- Symantec, McAfee and Trend Micro -- had shipped defective definitions. In some cases, those mistakes have wreaked as much or more havoc as the Avira blunder.
In April 2010, for example, an update from McAfee paralyzed an unknown number of corporate PCs when it quarantined a crucial Windows XP system file.
According to security vendor Opswat, which reports on usage share every quarter (download PDF), Avira products accounted for 11.6% of all operating copies of antivirus software in the first quarter of 2012, putting the firm in second place worldwide behind Avast, and ahead of AVG Technologies and Microsoft.
In North America, where Symantec, Microsoft and AVG were the top three vendors, Avira had just 4.4% of the market.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is email@example.com.
Read more about Endpoint Security in Computerworld's Endpoint Security Topic Center.
- EndPoint Interactive eGuide In this eGuide, Network World, Computerworld, and CIO examine two endpoint trends - BYOD and collaboration - and offer tips and advice on...
- Reducing the cost and complexity of endpoint management IBM now offers simpler, more affordable solutions for improving endpoint security, patch compliance, lifecycle management and power management within midsized organizations. Read this...
- Top 3 Myths about Big Data Security : Debunking common misconceptions about big data security Big data represents massive business possibilities and competitive advantage for organizations that are able to harness and use that information. But how are...
- Magic Quadrant for Data Masking Technology IBM is a leader in Gartner Inc's Magic Quadrant for Data Masking Technology. Read the full report to learn about IBM.
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Why Are Customers Really Deploying an NGFW? It seems every IT Security expert is talking about the NGFW, but what are people really doing? This webcast covers 5 real-world customer... All Endpoint Security White Papers | Webcasts