Which antivirus solution is the best?

ON SECURITY

By Susan Bradley

Once upon a time, antivirus was the only thing that kept the attackers on the outside and protected your data on the inside.

Even though antivirus is still an important item in your security toolkit, it is by no means the only means of protection. These days, I look to security programs that provide a balance between protection, information, minimal or no performance impact, and rare false positives. In the days when Microsoft still released major Windows service packs, your antivirus solution often meant the difference between a successful upgrade and one that was painful.

Read the full story in our Plus Newsletter (20.07.0, 2023-02-13).

The case of the missing Win10 antivirus scan results

LANGALIST

By Fred Langa

Windows 10’s dialogs are sometimes laid out in funky ways and can lack headings and other visual cues to help you quickly locate what you’re looking for.

That, coupled with Windows’ inconsistent and variable naming and labeling conventions, can be an annoyance to most of us — but can actually enrage some users, as you’ll see in today’s first item!

Plus: An easy solution to a conflict between MS Office and LibreOffice. And: Finding a safe substitute for a laptop AC adapter.

Read the full story in the AskWoody Plus Newsletter 18.41.0 (2021-10-25).

Freeware Spotlight — Antivirus Removal Tool

BEST UTILITIES

By Deanna McElveen

One of the lesser-known causes of poor PC performance is the detritus left behind by uninstalled anti-malware programs.

Our shop regularly receives PCs whose owners have removed antivirus programs properly — but services and processes for those apps are still running!

As you probably know, I love independent software developers who make things easier for us geeks. One of those talented coders — who goes by the name “Alex C” — has given us the indispensable Windows Repair Toolbox. Now Alex gives us the Antivirus Removal Tool, a free utility that you can also run from a flash drive. It has the 29 most common antivirus-removal tools built into one utility

Read the full story in AskWoody Plus Newsletter 17.28.0 (2020-07-20).

Kaspersky antivirus places a unique identifier on every website you visit

I still swear by Microsoft Defender.

Dan Goodin at Ars Technica has the story:

For almost four years, AV products from Kaspersky Lab injected a unique identifier into the HTML of every website a user visited, making it possible for sites to identify people even when using incognito mode or when they switched between Chrome, Firefox, or Edge.

The JavaScript… was designed to, among other things, present a green icon that corresponded to safe links returned in search results.

Looks like Kaspersky ended its wayward ways in a June update. Four years later.

More problems installing the April Monthly Rollups if you have Avira antivirus

Remember the ongoing problems with the six (now nine) Win7/8.1/Server patches and the five-or-so incompatible antivirus programs? Bluescreens, extreme slowdowns and the like.

Earlier this month, when we switched over to MS-DEFCON 4, I was a bit skeptical about Avira. Here’s what I said in the Computerworld article:

In a private communication, an Avira spokesperson says that Microsoft is no longer blocking the problematic patches on machines running Avira.

And in fact an Avira spokesman told me on May 2:

Avira delivered an automatic update to all Windows users on April 17. MS also offers again all updates to Avira users. Unfortunately, MS has still not updated its KB article

Microsoft’s snazzy new Release Information page was updated on May 3 to say:

System may be unresponsive after restart if Avira antivirus software installed

Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493472. Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.

Next steps: Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

The Release Information page marks the problem as “Mitigated.” But there are many folks who would beg to differ.

@rhp52 has reported continuing problems getting the Win7 April Monthly Rollup installed while Avira Antivirus is running. Several posters have noted that Avira keeps updating versions — it’s now up to 15.0.1905.1249 — but no joy in Mudville.

For now, it seems like the best advice for those running Avira antivirus is to:

1. Make sure Avira is as up to date as you can get it.
2. Download the Monthly Rollup (which file depends on the version of Windows that you’re using)
3. Make a full system backup. I use EaseUS Todo Backup Free, but there are many alternatives.
4. Disconnect from the internet
5. Install the Rollup
6. Reconnect.

Any contrary opinions or experiences?

Massive March Patch Tuesday relaxes antivirus restrictions, but there are problems

With 74 separately identified plugged holes, every version of Windows and Office gets goosed. No known exploits for any “Critical” vulnerabilities, but there’s a report of more forced upgrades.

Computerworld Woody on Windows.

UPDATE: Win7/Win2008 R2 Monthly Rollup KB 4088875 and Security-only KB 4088878 are causing problems on Server 2008 R2 because the updates blow away virtual Network Interface Cards (VMWare hit bad) and on Win7 because it overwrites static IP addresses. Discussion on Reddit and an apprently related post on KB 3125574.

ANOTHER UPDATE: It looks like the Word 2016 security patch KB 4011730 causes Word 2016 to crash when you double-click on a file with a DOCX filename extension. Uninstalling the patch fixes the problem.

ANOTHER UPDATE: We’re getting reports that the beleaguered Win7 Monthly Rollup, KB 4088875, now appears in Windows Update as unchecked. It’s still available through the Microsoft Update Catalog, however.

Is Microsoft crushing the antivirus industry?

Eugene Kaspersky – founder of Kaspersky Lab – thinks so.

Microsoft’s long walked a tightrope in the antivirus and threat monitoring arena. With the introduction of Windows Defender (formerly GIANT AntiSpyware) in 2005, Microsoft entered the business, jumping into a ring with several billion-dollar competitors.

Now Kaspersky (who, according to Bloomberg, was “educated at a KGB-sponsored cryptography institute, then worked for Russian military intelligence”) is making distinctly antitrust rumblings. Iain Thomson at The Reg has a good overview.

Will the stink stick? Russian courts may prove sympathetic. American courts, likely not so much. The opponents have enormous war chests. Could be interesting.

UPDATE: Peter Bright has a detailed analysis, including a detailed step-through, on Ars Technica. One of his conclusions, which is spot-on, goes like this:

Regardless of how regulators respond, one thing is clear: they won’t move fast enough to change anything any time soon, because they never do.

Bogdan Popa at Softpedia notes that Russia’s already launched an antitrust investigation, quoting the Deputy Head of the antitrust department as saying:

Since Microsoft itself develops antivirus software – Windows Defender that switches on automatically if third-party software fails to adapt to Windows 10 in due time, such actions lead to unreasonable advantages for Microsoft on the software market. Our task is to ensure equal conditions for all participants on this market.

UPDATE: Paul Thurrott has a balanced essay on the topic on Thurrott.com (Thurrott Premium paywall).

So what say you, Microsoft? Will you work with Kaspersky and your other software partners to ensure that Windows users are both protected and respected? Or will you ignore this complaint and continue down a road that I and many others worry is too unilateral and too patronizing for many of your customers?

Precisely.

Go update Norton Antivirus right now

If you’re using Norton Antivirus, or any AV product from Symantec, you need to patch it right now.

Better, uninstall the furshlinger thing.

Lily Hay Newman at Slate has the details.

UPDATE: There’s a classic tweet on the subject.

Tavis (who discovered the flaws) emailed the exploit to Symantec in a password protected zip file. He included the password in the body of the email. The email server, running Symantec, grabbed the password out of the email, decrypted the zip file, and upon reading the exploit code, crashed itself.