Avira antivirus upgrade wreaks 'catastrophic' havoc on Windows PCs
Service pack bricks machines by blocking boots, banning launch of virtually every Windows executable
Computerworld - German security firm Avira yesterday issued a service pack for its antivirus software that crippled an unknown number of Windows machines, with one customer calling the gaffe "catastrophic" to his company.
Today, Avira updated the software to sidestep the problem.
"Following the release of Service Pack 0 (SP0) for Avira Version 2012, the ProActiv feature blocked legitimate Windows applications on customers' PCs," Avira acknowledged on its support site. "We deeply regret any difficulties this has caused you."
Avira is the world's second-biggest antivirus maker, according to usage statistics.
The service pack included an update to ProActiv, a behavioral-based monitoring system that watches for suspicious events that may hint at a malware attack or point to an infection.
Users quickly reported that the updated ProActiv was blocking almost every legitimate Windows executable file -- those with the ".exe" extension -- meaning that most applications refused to launch. Even worse, ProActiv prevented critical Windows files from running, which in many cases "bricked" PCs, or kept them from even properly booting.
The inadvertent blocking impacted Avira Professional Security, Avira Internet Security 2012 and Avira Antivirus Premium 2012, paid products priced between $30 and $60. Avira's free antivirus software, which has limited functionality -- and does not include ProActiv -- was not affected.
Customers were understandably irate.
"This update has been pretty catastrophic. The whole company ground to a standstill," reported someone identified as "AaronH" in a Tuesday message on Avira's support site. "I've been a big proponent of Avira within our company, but I think that may change when it comes time to renew our license in a few months."
According to the same support discussion thread, Avira's fix simply disabled ProActiv. The company will reportedly investigate to uncover the root cause of the massive blocking before re-enabling the feature.
Avira isn't the first antivirus vendor to cripple or damage Windows systems with a flawed update.
Last September, Microsoft's Security Essentials and Forefront -- its consumer- and enterprise-grade antivirus software, respectively -- issued a faulty malware signature update that deleted Google's Chrome browser from thousands of PCs.
Before that, all three of the world's largest antivirus companies -- Symantec, McAfee and Trend Micro -- had shipped defective definitions. In some cases, those mistakes have wreaked as much or more havoc as the Avira blunder.
In April 2010, for example, an update from McAfee paralyzed an unknown number of corporate PCs when it quarantined a crucial Windows XP system file.
According to security vendor Opswat, which reports on usage share every quarter (download PDF), Avira products accounted for 11.6% of all operating copies of antivirus software in the first quarter of 2012, putting the firm in second place worldwide behind Avast, and ahead of AVG Technologies and Microsoft.
In North America, where Symantec, Microsoft and AVG were the top three vendors, Avira had just 4.4% of the market.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is email@example.com.
Read more about Endpoint Security in Computerworld's Endpoint Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Endpoint Security White Papers | Webcasts