|
|
AVG update kills iTunes
Author: Gareth HalfacreePublished: 27th July 2009
The update - available for a period on Friday until it was repaired - saw the AVG anti-virus package misdiagnosing iTunes files as being Trojan Horses.
According to an article over on I4U, the update – which came out on Friday – appears to be mistaking iTunes.dll and iTunesRegistry.dll for a Trojan Horse identified as Small.BOG. This affects all users of iTunes on Windows, with some unfortunate side effects: if AVG is allowed to quarantine or delete the files, iTunes will no longer operate.
Although a patch has now been issued by Grisoft which corrects the false positive issue, many users over at the Apple Support forums are left confused and bewildered. Some iTunes users have been left with the impression that Apple's software really was infected, with one user even stating that “even if you go back to Apple and get the [iTunes] setup again, [it] is infected."
This isn't the first time a false positive in an anti-virus application has wreaked havoc: back in 2008 a similar flaw in AVG left Windows systems unbootable as it removed the system file user32.dll – again mis-diagnosing it as a Trojan Horse. More recently, Computer Associates' Internet Security Suite claimed that files associated with the Cygwin Linux-style system environment along with Windows XP Service Pack 3 were infected with the Win32.AMalum.ZZQIA virus.
Do you believe that anti-virus vendors need to test their definitions more thoroughly before release, or does the rapid turnaround required in order to protect their users against the latest threats excuse them somewhat for the occasional false positive? Share your thoughts over in the forums.
Related
Comments (45)- Site Links:
- About
- Email Editor
- Newsletter
- Privacy
- RSS
- Score Guide
- Our Other Websites:
- Auto Express
- Channel Pro
- Computer Buyer
- Computer Shopper
- Den of Geek
All content © bit-tech.net 2000-2010
© Copyright Dennis Publishing Limited licensed by Felden
iTunes on Windows is offensively bad, almost like a virus.
+1
Andy
+1
classic :) go AVG
+1
Some iTunes users have been left with the impression that Apple's software really was infected, with one user even stating that even if you go back to Apple and get the [iTunes] setup again, [it] is infected." <- some clever people there...
Not sure about all the iTunes hate, though. It's never crashed on me, and I haven't run into any major problems to speak of - no more so than any other media software I've tried.
-monkey
This.
I abandoned AVG when their software got bloated, slow (AVG8) and false-positived on some very interesting files - msconfig.exe, hal.dll and lsass.exe among them. Another definition update later, it wasn't detecting them as trojans any more. To this day, I still wonder why AVG suddenly decided to mark my legit fear.exe (patch 1.08) as a trojan, when prior to that update it never had. The daft thing was, it didn't complain at the no-CD version.
All that aside though, I'm not a fan of AVG anymore. Lately versions of their program have been extremely slow and resource-hogging, and it never really worked too well for me in removing any problems - I'd often have to manually search down viruses and clean them myself because it was unable to remove them. I've been using Eset Smart Security happily for the last while, and it's by far the best general security program I've ever used.
Bit daft that AVG didn't test things properly first though. A false positive is better than not detecting anything at all though imo.
iTunes has never got better. It's always been a sluggish, badly ported piece of software. As more and more "features" get added, the more it slows down, and the larger the download gets.
POS, only used for updating the iPhone here.
My music, my videos, my choice. For now I tend to use VLC or Winamp. Far smoother running and less of a footprint on my system.
I've always been abit cautious of AV programs, always used and paid for Trend Micro untill it got so strick with the Firewall it would open ports for C&C Generals/Zero Hour (Start Game and the Allow box thing popped up, Alt Shift to desktop and the pop up disapears) I do use AVG on my NC10, and it's been fine on that, and i use AntiVir on this machine.
Sam
-monkey
I have to agree that iTunes is rancid.
Fine for your average joe who couldn't find music files on their PC unless some app like iTunes did it for them, but for anyone with a bit of computer savvy, I think it sucks.
Obviously just my opinion though. :)
As for false positives, they're just gonna get more and more frequent.
All the AV scanners do is search for patterns (aka definitions) in files.
The more definitions you add and the more files you have on your system, the greater the chances of there being a coincidental overlap of definition and innocent file.
I think what someone said earlier is right.
False positives in smething you can reinstall easily is fine.
When it takes out system files and renders a system unbootable, that's just poor testing.
Indeed you make a good point. But did you stop to think that Apple software just pulled the same hack in their software that a virus uses? If the file pattern is the same the instructions are the same. That's funny. I wonder what were the specific instructions that got flagged?
+1
I use both the Windows and OS X versions.
I don't think scanners can see the specific instructions that were in a snippet of code.
The source code is compiled and I think a signature is just a long pattern of 1s and 0s.
iTunes just happened to have the identical string in their compiled code.
At least, that's how I understand it.
Not sure how heuristics etc comes into it...
Never had a single problem with Avast, ever. And I'm not sure I've even heard of problems.
++1
Run iTunes on vista and XP never had any problems what so ever, I point it to my music directory, select the file types I want it to pick up and job done , no slow down and no hassle.
And I'm a self confessed apple hater.
you'd be better off with Avira :)
Me too. As a long time AVG user, I have been happy with it in the past, but this latest version has been the last straw. Not to mention the painful pop-ups I have been getting lately urging me to "upgrade" to the paid version. Where is the option to turn them off? You're being a pain in my arse AVG!
I'm running the Windows 7 RC, can anyone give me recommendations about a new AV I can use across Windows 7 and XP? I've been looking at Avast, but I can be persuaded by something better.
And no, Linux isn't a solution to Windows viruses! I'm already a convert.
Those 1's and 0's are executed code because the files flagged (iTunes.dll and iTunesRegistry.dll) have executable instructions because they are dll's. DLL's are nothing but software objects/functions rolled up into a library to keep access organized and under control. So those 1's and 0's from those apple DLL's were executed. Enough of the the 1's and 0's are the same in the virus and in those iTunes DLL's that's why it gave a false positive and matched whatever method of hashing AVG's uses in their software. AVG just needed to check a longer range of data to prevent a false positive. Fact remains the instructions for the virus and for iTunes are partially the same. Probably just harmless portion code but it's still funny that virus writers and iTunes developers come up with the same machine level code.
Same with Adobe's acrobat reader every time it wants to install a 130mb acrobat update. 130mb for a simple pdf reader wtf? Glad I uninstalled it and downloaded the incredible fast and small Foxit reader!
"Maybe Palm have a stake in AVG?"
Far too many Skype windows, and Sandbox2 is quite the resource hog. Photoshop has, more than once, topped 4gb of RAM on me.
When I'm trying to work on a map or in PS, I don't tend to want a media player hanging over my work area because I asked it to go 'next' on shuffle. No supposedly 'good' media player should crap itself at shuffling 50k+ tracks. Foobar certainly doesn't. If I open iTunes I can open Sandbox2 and load a map before iTunes is ready to use. If I open foobar, then it's ready to use inside of thirty seconds.
Call me picky, if you want, but I like my media player to do just that, play media, not hang and ask me to install Safari every time it thinks it needs an update.
I wish I could uninstall Quicktime, but no. Now iTunes forces it on you :/
Lemmings alert!
S*D
On topic:
People shouldn't setup their AV-tools to do something automatically and allways set them up to ask what to do in every case.
I suppose this is one of those your-mileage-may-vary situations. At home I have a dual-core Athlon with 2 GB of ram, and iTunes takes only a few seconds to open and go - certainly quicker than the 30 seconds it takes you on Foobar. Really, it takes me longer to make up my mind as to what music I want to play.
-monkey
The main reason I don't have an ipod is itunes. Horrible!
I've never had a problem getting my iPod to talk to Winamp... it's never even seen iTunes. Just Winamp.