Google probes AVG Chrome widget after 9m users exposed by bugs Google has banned AVG from automatically installing its Web TuneUp Chrome extension – after the widget wrecked the online security of nine million people. Tavis Ormandy, a Google Project Zero researcher who has been auditing antivirus software, found the extension was riddled with vulnerabilities. Web TuneUp is installed with …
>Been using...
Likewise. As an AV it's as good as any other but people are lazy and just accept a default installation which loads a pile of crap such as this web tune-up. Yes, it's optional but it's opt-out not opt-in. Go the custom installation route and just install the core AV module.
At the moment such user behaviour is a raw nerve, I've just cleaned my sister-in-law's laptop for the umpteenth time and the number of tool bars and stuff that starts when the machine does and is set to auto-update had me climbing the walls.
Most other companies that screw up in the AV field don't do so by leaking data or potentially opening up customers to MITM attacks, they release a messed up DAT file etc. This is a pretty major cock up in security by a firm which is meant to be trustworthy enough not to do exactly that.
White knight and defend it until you are blue in the face, this is a major balls up.
You're missing the point. If I am defending anything it's the core AV and in fact I'm criticising the bundling of other products along with that. Web-tune up and the other add-ons are different products to the AV which should not be bundled together with it. Take the AV core alone and you'll find it hard to jump on the slag off bandwagon. However given you can't distinguish between unrelated add-ons and the core product I doubt you'll be able to escape crowd mentality.
"'Apologies for my harsh tone, but I'm really not thrilled about this trash being installed for Chrome users,' Ormandy told AVG's engineers in his security bug report."
It's all relative. I don't consider Ormandy's to be a "harsh tone". To me, personally, a harsh tone would be "We're a-gonna kill your family and half a dozen of your relatives" whereas an appropriate and measured tone would be "We gonna kill you".
I can't tell you how many times I've had to fix a machine because someone tried to optimize something or other. Most of the time, these optimization programs only have negligible effects on the performance, but more often than not, will just prevent the machine from booting now, or a few weeks down the line. I've made so much money off of undoing CCleaner's messes that I might jsut be able to quite my day job...
Some of the more common messes I see:
* Attempts to 'optimize' the registry resulting in corrupted files
* removal of 'temp files' that were still in use
* old update files that were removed, but a later rollback needed them (Particularly with beta versions of the .net framework as needed for some beta versions of games)
* sometimes the load order of drivers will change causing systems with 3rd party disk encryption software to fail to load properly
Most of the messes just cause applications to fail to load properly (Or put them into a loop of 'This application isn't installed, install now?' 'This application is already installed, installation failed' because it can't find specific registry keys but finds its files.
IMHO, even the most remote risk isn't worth the possibility of increasing boot times by a few seconds or freeing up a even a few gigabytes of disk space.
"Seriously, have you tried turning it off and on again?"
Or, more specifically to AVG's case, turning it off and leaving it that way...?
I mean, if one's willing to pay for an AV -- a sound and recommended investment, IMO -- there are really great ones out there. But for the price of free, nothing is much better than Windows Defender.
Now, I'm not saying Windows Defender is any good, mind! I'm just saying most free AVs I tried are comparable to it.
AVG was good back in the Windows XP days, but ever since they started to support (or not) Windows 7 and later, they have gone downhill pretty fast, including installing all that additional web$h!t that doesn't work any better than a little bit of common sense (ok, I know, a rare commodity these days).
But as far as Windows Defender goes, well, it does something. If that is any good, I am not so sure, there ARE free anti-virus solutions out there, like Avast, that do a MUCH better job, though they also started to go down that dark rabbit hole of trying to install all kinds of crap that is of no use (how do they dare to tell me which programs on my PC are unnecessary for example)...
The only virtue Windows Defender has is it doesn't nag which is quite out-of-line with the rest of Windows. The defending itself isn't actually very good...
"The defending itself isn't actually very good".
Yes.
If someone held a gun to my head -- or any other body part, really -- and forced me to say something positive about it the best I could come up with would probably be "It's better than nothing, I guess...".
Seriously: buy a proper AV suite with a good firewall. It's extremely unwise not to.
Windows Defender for the general virus/trojan stuff.
EMET on max settings for the Zero Day stuff.
Unchecky for the adware/installer stuff.
AdBlock/NoScript etc. for the web stuff.
Cryptoprevent for the Cryptolocker stuff.
Well its what I use mainly. Big bonus is none of it is nagware or shoutware either!
@jjason 7 - substitute the free Malwarebytes Anti-Exploit utility for EMET, and run as a limited user, and you got a pretty good line up. I would include Secunia PSI to alert to vulnerabilities, and File Hippo's Application Manager to help keep your apps updated before zero day.
Yeah didn't like the Malwarebytes version as much as EMET. And Secunia just gets really annoying after a while. I make do with a ninite update script icon to run every couple of weeks to make sure most of my stuff is up to date.
Both worth using, I just don't like them personally.
Absolutely. Have we not been here before? Many, mamy times, and many moons ago, with things with shitty IE plugins that trash your online life?
Speaking as an IT admin that loves it when silent installs are possible, they are also simply disasterous for home users with vendors and the likes pushing what they think is best into other people's systems. If your users can't be persuaded to click a "Yes" box by your shitware, then perhaps fix your shitware.
As usual, as always, you give a business a little leeway, and they try to take over. And they're at least a little bit accountable. Imagine what the unaccountable agencies, who insist that you let them keep their loving eyes on you at all times, are up to?
Norton is not as bad as it used to be, but I sure would not pay money for it - AVG is much WORSE!
After reading a news item about AVG issuing bad updates, I got a call from two clients that their machines were hosed so badly they had to send them in to the factory to be repaired!
I just noticed that the one machine that I have that uses AVG has had the same tool added, but this time on Firefox. I'm not totally convinced that this is wholly a Chrome issue, especially if this tool is installed without prior permission, a bit like the cloud tool on Foxit Reader.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
