Why are there so many problems with AV software these days?

peterh337

Commendable
May 5, 2016
22
0
1,570
Back in the old DOS/win3.x days I used Norton. That just did a HD scan, looking for a few hundred virus signatures. Very occassionally it would pick up a false signature... usually from really old code e.g. a version of OrCAD which pre-dated NAV by 10 years :)

Then, for many years, I used Kaspersky. This worked solidly. The false detections were as above, plus some silly joke programs I had which made me wonder why KAV bother when they obviously knew they were not viruses. Presumably some corporate sysadmin reported them?

In recent years, KAV started to go off the rails. The program digs ever deeper into the OS and at each stage more unwanted things happen.

We run several "relatively mission critical" machines on winXP, and the last straw was a few months ago when KAV caused these to BSOD about once a day. All of them!

So I moved to AVG. This is a "low IQ dumb user" type of product, but with tricky config. I always config AV software to never delete anything automatically (because false detections outweight real ones by 100x IME) and it is easy to misconfig this on AVG because it has to be done in about 10 different places. Every scan mode has a separate config for it; no global config.

But AVG seems to work OK on winXP - once we put in a load of exceptions on directories to not scan... We have disabled everything in the overbloated scan functionality except simple file checking and infected website checking (which is really all you need in most applications).

But on a new win7-64, AVG suddenly (a week ago, and after an update) found some false virus called alexa.51. Well, Alexa is a tracking cookie. It "found" this in a whole load of progs which have not been used in years and definitely are clean. It then deleted some files somewhere.... the first manifestation was that the Windows Key + E no longer opened Windows Explorer. It just said Explorer could not start, do you want to restart.

The issue is all over the internet e.g.
http://www.bleepingcomputer.com/forums/t/604632/idpalexa51-detected-by-avg-please-help/
and there you get the usual conmen / fake computer specialists telling people to use various software (usually not free ;)) to remove the "infection".

Obviously the damage could be extensive...

There was no way to restore the deletions. They were done under the "Identity protection" feature which has its own well hidden config for whether to delete automatically or not.

Luckily I had a 1 week old Trueimage backup of the whole PC so I restored that, immediately uninstalled AVG (with no internet connection so it could not update and do it again) and have about a day's work to do to restore data created during that week.

I was also always able to boot the machine with an Ubuntu DVD, as Plan B.

So where to go now? Kaspersky is probably OK because win7-64 is a current OS for many users. Especially if I disable most of the features.

There is also the argument that AV software is not needed, if you get a well filtered email feed (Messagelabs, $600/year), are behind a NAT router, avoid probably dodgy websites, and don't use any Microsoft products especially Outlook.
 
I use Trend Micro (multi computer license) and Malwarebytes. Couple of years - so far so good.....

As for the "problems" it is not just AV related. People download all sorts of stuff and the bad guys are always looking for new ways to slip things in. Mulitple points of attack always make defense difficult.

I would prefer a few false positives over missing something. Which happens also.

Always a balance between user friendliness, the need for the software to take immediate action, performance impact on the host computer, etc..

Throw in the need to rush updates to market, control liabilities, and otherwise hype a product then we end up with the general mess of things we are seeing. Testing, QA, standards, and documentation are lacking. Appearance becomes more the mantra than actually really doing or fixing something.

Would be easy to go on and become a rant. But, summing up, the same problems extend into everything these days.
 

peterh337

Commendable
May 5, 2016
22
0
1,570
OK, but most serious computer users are running stable software. They are not going to have some piece of code getting "updated" every day and probing their machine for byte sequences and deleting the said file if such a sequence is found. This is the problem with AV software - it is always changing and your PC is vulnerable to getting trashed by it at any time.
 
And AV software gets a double whammy. Database must be constantly updated and the AV code itself needs to updated to look for new virus signatures.

And of course any given AV software must have (or appear to have) all the whistles and bells of competing software.

Plus more and more software is "phoning home" for any number of reasons. Usually somewhat dubious in my mind.

I think it will get worse: imagine "configuration as a service"..... I.e., you can only configure the software by visiting the manufacturer's website.
 

peterh337

Commendable
May 5, 2016
22
0
1,570
What seems really stoopid is making the "auto delete" the default option.

This carries the potential for a disaster, obviously, if you happen to do a false detection on something really popular e.g. some part of M$ Orifice! To limit the damage, the AV vendor should do immediate online reporting and then such an event would be discovered fast and the database could be fixed.