SANS ISC: AVG Update Bricking windows 7 64 bit

• SANS Site Network
  • Current Site
  • Internet Storm Center
  • Other SANS Sites Help
  • Graduate Degree Programs
  • Security Training
  • Security Certification
  • Security Awareness Training
  • Penetration Testing
  • Industrial Control Systems
  • Cyber Defense Foundations
  • DFIR
  • Software Security
  • Government OnSite Training

SANS ISC InfoSec Forums

More info here: http://preview.tinyurl.com/2f43nem

AVG help:
Everyone: updateissuehelp@avg.com
Home and Free customers: +1-877-367-9933
Business customers: +1-828-459-5436

Gentle reminder. If you are running Truecrypt or similar, you may need to decrypt the system disk before attempting a rescue.

There were issues for non 64 bit Win 7 boxes. With Version 9 (paid corporate edition), we experienced having our users receive interactive messages asking them to install the AVG toolbar. AVG told me that this was another issue with that update and the toolbar request should have only gone to home users. We intentionally don't install the toolbar on business instances. Another issue noted was that the "safe search" IE plug in feature would crash IE 7 and IE 8 if you had Bing or Live Search (same thing) set as your default search provider. We had to disable this feature until there is a fix.

This issue brings up the issue of AVG's QA processes. I dealt with the McAfee update from hell earlier this year with another customer. In both cases it appears that basic QA controls would have prevented the release of the problematic updates. I have had discussions with my customers about delaying updates to both definition updates and app updates so that testing can be performed. That is a catch 22 when you have 40K+ new malware variants identified daily. Anyone testing every definition and app update release in your environment?

This is one more case for whitelisting in combination with traditional AV. You could easily delay app/def updates for days for testing if you had a solid whitelisting solution in place. Food for though.

Saw this issue with XP 64bit, 7 64bit and SBS2008 so far.

Quicker fix then the above from AVG.

Boot using AVG Rescue CD or any bootable OS disk.
Delete the AVG directory under program files (x86), the system should now boot.
Use the AVG removal tool to remove remaining files and reg entries.
Reinstall AVG and update if needed.

AVG has had so many false positives I finally gave up on them. If this is not one of those situations, it is still only a matter of time before they err on a clean system file and similar to this happens.

I've been running AVG for awhile and just like any other app it definitely has its hiccups ... and it dang near bricked my Win 7 ... restore worked. What freeware AV is everyone running with now days?

GMDGeek, lately I've been recommending Microsoft Security Essentials to the people I used to recommend AVG to. The heavy integration with Windows is a big benefit for unsophisticated users, because they never have to manually install an update to keep it current.

Wanted to chime in here. I want to requote David's post. MSE is a very good AV. It's one of those set and forget AVs. I also suggest Avast as their recent overhaul of the UI makes it a pleasure to work with.

If AV companies keep up this trend of bricking computers, I may start up my own computer repair shop.

When I googled MSE, I found a link ranking it, with the spokesman for AVG dissing it as not any good. Irony lives.

@Nate - thanks for the reminder
@Adam - thanks that will certainly also do it.
@stw - it will be an intestine day when one av vendor says "you know what x's product is pretty darn good, better than ours even"

I usually suggest people use the MSE mainly because then they no longer call me to fix their machine. That is until MSFT bricks a machine through an AV update.

I will have to try MSE. I have tried all previous MS attempts at Anti-malware. First was MS Antispyware (rebranded), then Defender and then did a proof of concept of the first generation of Forefront end point. I was not impressed with any of them. Maybe they finally got this figured out.

AVG used to rock...now it's as bloated and ineffective as Symantec is...very sad.

"MSE is a very good AV. It's one of those set and forget AVs..."

Maybe. Maybe not:

- http://www.av-test.org/certifications.php
AV-Test Product Review and Certification Report - 2010/Q3

.

I was under the impression that "bricking" meant to render a device permanently useless (or at least requiring hardware firmware to be written). Has the definition changed to the point that bricking also means broken in software and not just firmware?

I too have given up on AVG. I used to recommend it, but now it has too many issues to continue use. It breaks Office 2000 Outlook often on WinXP with Adobe CS4 plugins, and on Windows 7 it gets too deep and breaks the built in security of it. More or less making all of Microsoft's own work a waste.

The Microsoft solution is not bad and does work well in most cases. You'll find some odd ones that make you say hmmm.. like Conficker (Down and Up.B) not being fully removed, but most of it's targets are hit dead-on! I also like Avast and Avira. Have been exploring the Viper lately, but find that it's corporate interface is weak. The rest (personal ed) seems okay.. so far.

-Al

@marcbl
I too wondered if the term "bricking" has changed definitions. I have only heard the term in reference to something hand-held or smaller where the firmware or ROM was changed to make the device unusable without a factory reset of the hardware.