TheJakartaPost
Please Update your browser
Your browser is out of date, and may not be compatible with our website. A list of the most popular web browsers can be found below.
Just click on the icons to get to the download page.
The trojan that never was
Here's a cautionary tale about why, if you're a computer user, you shouldn't trust anyone: Not even your antivirus software
Change Size
Here's a cautionary tale about why, if you're a computer user, you shouldn't trust anyone: Not even your antivirus software.
Avast, the free antivirus I've been using, and recommending for while, nearly gave me a heart attack the other day, via a nasty double whammy: wrongly identifying pretty much every program on my computer as a Trojan Horse virus, and then not telling me it had made a mistake.
Antivirus software works like this: It keeps a library of bits of viruses it knows about it, and it compares those bits with everything on your computer. If it finds a match, warning sirens go off.
It works pretty well. Except in two instances: When the virus is so new the antivirus boffins haven't seen it yet, and when the library of virus bits is when.
This is the case of the second.
An update to the Avast software, it turned out, will wrongly identify a lot of files as containing the Trojan called Win32: Delf-MZG, which in itself sounds pretty painful. But nothing compared to the recommended cure: Turning off your computer, performing what is called a boot scan and clearing out infections.
A boot scan basically means you let the antivirus software take over your computer and run through every single file and - if it finds something it doesn't like - tries to repair it, or, if that fails, delete it.
Which was what I did. And I watched horrified as Avast did not find one infection but dozens. In fact, Avast was happily deleting a lot of major program files, including those in the Windows directory.
That's when I started to wonder, and cancelled the operation.
And then I looked around online to see whether other people had been infected. They had, but some had gone a step further to see whether it wasn't an infection that was their problem, but an errant virus library.
Indeed, that was the case. The Avast software was finding a lot of what are called false positives - for example files that aren't infected but Avast thinks they are. It turns out that an update to the Avast virus database created the error - and has, apparently, since been corrected with a further update. But not before hundreds, maybe thousands, of users, did what I did: boot scan and religiously delete "infected" files.
Now this is bad. But what makes it worse, in my opinion, is that you wouldn't have found out any of this from Avast.
Their blog hadn't been updated for at least three days. There was nothing on their home page to suggest there's a problem. But do a Google or Twitter search and you will get a sense of the frustration; even more so on Twitter, which was throwing up a grumble every couple of minutes.
Even Yahoo! Answers was home to similar frustrations. Even Avast's own forums were lively with user confusion. But nothing from Avast, save a comment on one forum from a technician. Avast later acknowledged the problem had occurred, and been fixed within four and a half hours, but that didn't help those of us in Asia who had already deleted half our program files.
The apology and the information came a day late - which is ancient history in computer years.
The point here is that everyone makes mistakes. But Avast don't seem to have helped their users avoid panic by not only correcting the problem but in trying to ensure that their users find out about it easily and quickly.
This is not excusable in this era of the real time web. Avast should be using all channels to reach its users. Twitter is the obvious choice, but there was no sign of Avast on its official twitter feed at the time.
Of course, Avast is a small company and their consumer product is free - so we shouldn't really be grumbling. But that's not the point.
We need antivirus software out there because it's our only real defense against bad guys on the net. So we have to trust what it tells us.
We have to trust it to update our computer without us having to run off to Google and check whether the update is going to start telling us lies.
Indeed, antivirus sofware is a foretaste of how most products will reach us in the future everything that is digital will be updated on the fly. Indeed, it already is, when it comes to our computer or our cell phone.
But eventually everything will work this way - our cars, fridges, hairdryers, clocks, underpants (OK, maybe not our underpants) will get updates, patches or new versions over the air, silently and, mostly, without us knowing it.
Which is why the Avast debacle is a scary foretaste of what is to come if manufacturers don't anticipate how things might go wrong, and what they need to do if they do.
Avast is just probably not very experienced in this. It's not as if these guys deliberately kept us in the dark. But, sadly, most companies still think they can brush over glitches and pretend they never happened.
As our lives become more digital, the less smart that strategy is going to look.
c 2009 Loose Wire Pte Ltd.
This story cannot be reproduced without written permission from the writer. Jeremy Wagstaff is a commentator on technology and appears regularly on the BBC World Service. You can reach him via email at jeremy@loosewire.org
