Avira antivirus upgrade wreaks 'catastrophic' havoc on Windows PCs
Service pack bricks machines by blocking boots, banning launch of virtually every Windows executable
Computerworld - German security firm Avira yesterday issued a service pack for its antivirus software that crippled an unknown number of Windows machines, with one customer calling the gaffe "catastrophic" to his company.
Today, Avira updated the software to sidestep the problem.
"Following the release of Service Pack 0 (SP0) for Avira Version 2012, the ProActiv feature blocked legitimate Windows applications on customers' PCs," Avira acknowledged on its support site. "We deeply regret any difficulties this has caused you."
Avira is the world's second-biggest antivirus maker, according to usage statistics.
The service pack included an update to ProActiv, a behavioral-based monitoring system that watches for suspicious events that may hint at a malware attack or point to an infection.
Users quickly reported that the updated ProActiv was blocking almost every legitimate Windows executable file -- those with the ".exe" extension -- meaning that most applications refused to launch. Even worse, ProActiv prevented critical Windows files from running, which in many cases "bricked" PCs, or kept them from even properly booting.
The inadvertent blocking impacted Avira Professional Security, Avira Internet Security 2012 and Avira Antivirus Premium 2012, paid products priced between $30 and $60. Avira's free antivirus software, which has limited functionality -- and does not include ProActiv -- was not affected.
Customers were understandably irate.
"This update has been pretty catastrophic. The whole company ground to a standstill," reported someone identified as "AaronH" in a Tuesday message on Avira's support site. "I've been a big proponent of Avira within our company, but I think that may change when it comes time to renew our license in a few months."
According to the same support discussion thread, Avira's fix simply disabled ProActiv. The company will reportedly investigate to uncover the root cause of the massive blocking before re-enabling the feature.
Avira isn't the first antivirus vendor to cripple or damage Windows systems with a flawed update.
Last September, Microsoft's Security Essentials and Forefront -- its consumer- and enterprise-grade antivirus software, respectively -- issued a faulty malware signature update that deleted Google's Chrome browser from thousands of PCs.
Before that, all three of the world's largest antivirus companies -- Symantec, McAfee and Trend Micro -- had shipped defective definitions. In some cases, those mistakes have wreaked as much or more havoc as the Avira blunder.
In April 2010, for example, an update from McAfee paralyzed an unknown number of corporate PCs when it quarantined a crucial Windows XP system file.
According to security vendor Opswat, which reports on usage share every quarter (download PDF), Avira products accounted for 11.6% of all operating copies of antivirus software in the first quarter of 2012, putting the firm in second place worldwide behind Avast, and ahead of AVG Technologies and Microsoft.
In North America, where Symantec, Microsoft and AVG were the top three vendors, Avira had just 4.4% of the market.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is firstname.lastname@example.org.
Read more about Endpoint Security in Computerworld's Endpoint Security Topic Center.
- Mitigating Multiple DDoS Attack Vectors It's time to rethink and refine the enterprise security architecture, so organizations can remain agile and resilient against future threats. Download this infographic...
- EndPoint Interactive eGuide In this eGuide, Network World, Computerworld, and CIO examine two endpoint trends - BYOD and collaboration - and offer tips and advice on...
- Reducing the cost and complexity of endpoint management IBM now offers simpler, more affordable solutions for improving endpoint security, patch compliance, lifecycle management and power management within midsized organizations. Read this...
- Agility & Scalability for Oracle EBS R12 and RAC on VMware vSphere 5 This white paper outlines extensive performance and scalability testing of Oracle EBS applications on a Vblock™ Systems with vSphere 5.
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their... All Endpoint Security White Papers | Webcasts