bit-tech.net

AVG update kills iTunes

AVG update kills iTunes

The update - available for a period on Friday until it was repaired - saw the AVG anti-virus package misdiagnosing iTunes files as being Trojan Horses.

A glitch in virus definition updates for the popular AVG Anti-Virus software from Grisoft is mis-identifying libraries required by Apple's iTunes software as harmful – and disabling the software.

According to an article over on I4U, the update – which came out on Friday – appears to be mistaking iTunes.dll and iTunesRegistry.dll for a Trojan Horse identified as Small.BOG. This affects all users of iTunes on Windows, with some unfortunate side effects: if AVG is allowed to quarantine or delete the files, iTunes will no longer operate.

Although a patch has now been issued by Grisoft which corrects the false positive issue, many users over at the Apple Support forums are left confused and bewildered. Some iTunes users have been left with the impression that Apple's software really was infected, with one user even stating that “even if you go back to Apple and get the [iTunes] setup again, [it] is infected."

This isn't the first time a false positive in an anti-virus application has wreaked havoc: back in 2008 a similar flaw in AVG left Windows systems unbootable as it removed the system file user32.dll – again mis-diagnosing it as a Trojan Horse. More recently, Computer Associates' Internet Security Suite claimed that files associated with the Cygwin Linux-style system environment along with Windows XP Service Pack 3 were infected with the Win32.AMalum.ZZQIA virus.

Do you believe that anti-virus vendors need to test their definitions more thoroughly before release, or does the rapid turnaround required in order to protect their users against the latest threats excuse them somewhat for the occasional false positive? Share your thoughts over in the forums.

45 Comments

Discuss in the forums Reply
liratheal 27th July 2009, 15:28 Quote
I'm not entirely sure that is a glitch...

iTunes on Windows is offensively bad, almost like a virus.
mclintox 27th July 2009, 15:36 Quote
Quote:
Originally Posted by liratheal
I'm not entirely sure that is a glitch...

iTunes on Windows is offensively bad, almost like a virus.

+1
Sifter3000 27th July 2009, 15:58 Quote
LOLz, didn't St Steve of Jobs once describe it as a cup of ice water to people roasting in hell?
andrew8200m 27th July 2009, 16:03 Quote
iTunes rarely works properly anyway and often crashes... whats the issue? It just seems to me that all avg has done is highlight how awfuliTunes is and as a result seems to think its one giant virus in need of permenant deletion.

Andy
_DTM2000_ 27th July 2009, 16:21 Quote
I can just about forgive an AV software company if a new virus def screws up a piece of software that can be easily reinstalled as it's not like they can test it against every piece of software but when it screws up the OS it's designed for then that's a serious failure. AVG are obviously not testing their defs thoroughly enough.
Denis_iii 27th July 2009, 16:48 Quote
Quote:
Originally Posted by mclintox
Quote:
Originally Posted by liratheal
I'm not entirely sure that is a glitch...

iTunes on Windows is offensively bad, almost like a virus.

+1

+1

classic :) go AVG
clx 27th July 2009, 16:50 Quote
Quote:
Originally Posted by mclintox
Quote:
Originally Posted by liratheal
I'm not entirely sure that is a glitch...

iTunes on Windows is offensively bad, almost like a virus.

+1

+1


Some iTunes users have been left with the impression that Apple's software really was infected, with one user even stating that “even if you go back to Apple and get the [iTunes] setup again, [it] is infected." <- some clever people there...
Sir Digby 27th July 2009, 16:51 Quote
And nothing of value was lost :)
Xtrafresh 27th July 2009, 16:55 Quote
Quote:
Originally Posted by Sifter3000
LOLz, didn't St Steve of Jobs once describe it as a cup of ice water to people roasting in hell?
Well it does have the same effect to the usability of my PC as a cup of icewater...
supermonkey 27th July 2009, 16:59 Quote
I use both iTunes and AVG, and I admit I raised an eyebrow when the alert first came up. I figured it was a bug, and it looks like my initial suspicion was correct. Oh well. We patch and we move on. such is life in an age in which almost every part of our lives is run by a computer.

Not sure about all the iTunes hate, though. It's never crashed on me, and I haven't run into any major problems to speak of - no more so than any other media software I've tried.

-monkey
Paradigm Shifter 27th July 2009, 16:59 Quote
Quote:
Originally Posted by _DTM2000_
I can just about forgive an AV software company if a new virus def screws up a piece of software that can be easily reinstalled as it's not like they can test it against every piece of software but when it screws up the OS it's designed for then that's a serious failure. AVG are obviously not testing their defs thoroughly enough.

This.

I abandoned AVG when their software got bloated, slow (AVG8) and false-positived on some very interesting files - msconfig.exe, hal.dll and lsass.exe among them. Another definition update later, it wasn't detecting them as trojans any more. To this day, I still wonder why AVG suddenly decided to mark my legit fear.exe (patch 1.08) as a trojan, when prior to that update it never had. The daft thing was, it didn't complain at the no-CD version.
sear 27th July 2009, 18:10 Quote
iTunes is basically the most painful application ever made. Maybe it works okay on OS X, but on Windows it's slow and clunky, uses tagging formats incompatible with other programs, is missing support for tons of files like FLAC (in favour of Apple's inferior ALAC), lacks lots of functionality and customisation, and takes a downright sinful amount of memory and CPU to run. AVG should just go ahead and install Foobar in place of iTunes for those customers, I think they'd be happier... provided they're smart enough to figure it out.

All that aside though, I'm not a fan of AVG anymore. Lately versions of their program have been extremely slow and resource-hogging, and it never really worked too well for me in removing any problems - I'd often have to manually search down viruses and clean them myself because it was unable to remove them. I've been using Eset Smart Security happily for the last while, and it's by far the best general security program I've ever used.
dicobalt 27th July 2009, 18:51 Quote
Killing iTunes is a feature not a flaw, what's the problem here? Once the iTunes driver actually locked my cd drive and I couldn't use it. Even after uninstalling iTunes it wouldn't unlock the drive. Apparently the iTunes drivers didn't uninstall and I had to uninstall drivers with a special utility. What a PITA.
Omnituens 27th July 2009, 19:08 Quote
Ding dong, the witch is dead.
BioSniper 27th July 2009, 19:42 Quote
Whats with all the iTunes hate? I could swear people here must have used it back in version 4.0 and never tried at again since.

Bit daft that AVG didn't test things properly first though. A false positive is better than not detecting anything at all though imo.
liratheal 27th July 2009, 19:47 Quote
Quote:
Originally Posted by BioSniper
Whats with all the iTunes hate? I could swear people here must have used it back in version 4.0 and never tried at again since.

Bit daft that AVG didn't test things properly first though. A false positive is better than not detecting anything at all though imo.

iTunes has never got better. It's always been a sluggish, badly ported piece of software. As more and more "features" get added, the more it slows down, and the larger the download gets.

POS, only used for updating the iPhone here.
Rkiver 27th July 2009, 20:13 Quote
I've used iTunes on the PC I built for my folks (they got free iPods through my Dads work for some odd reason). Compared to what I was used to using it was bloated, and the way iTunes seemed to grab everything and say "mine" and not let anything else use it (with regards to music and videos) is rather annoying.

My music, my videos, my choice. For now I tend to use VLC or Winamp. Far smoother running and less of a footprint on my system.
knuck 27th July 2009, 20:35 Quote
Quote:
Originally Posted by
I freaking hate iTunes as well and that's the main reason why I didn't buy an ipod. However, I didn't realize the Zune software would be such a POS ... Is it really that hard when you're a company that programs complete operating systems to just make ONE application that's light and efficient ?I guess it is
Rkiver 27th July 2009, 20:39 Quote
Hehe, creative Zen ftw. Use whatever software you want!
samkiller42 27th July 2009, 20:51 Quote
iTunes is slow is it? Hum, not sure about that personally, loads up as quickly as firefox does for me. If you want a slow media player, may i present Windows Media Centre or Center for a American friends.

I've always been abit cautious of AV programs, always used and paid for Trend Micro untill it got so strick with the Firewall it would open ports for C&C Generals/Zero Hour (Start Game and the Allow box thing popped up, Alt Shift to desktop and the pop up disapears) I do use AVG on my NC10, and it's been fine on that, and i use AntiVir on this machine.

Sam
supermonkey 27th July 2009, 21:02 Quote
Quote:
Originally Posted by Rkiver
I've used iTunes on the PC I built for my folks (they got free iPods through my Dads work for some odd reason). Compared to what I was used to using it was bloated, and the way iTunes seemed to grab everything and say "mine" and not let anything else use it (with regards to music and videos) is rather annoying.

My music, my videos, my choice. For now I tend to use VLC or Winamp. Far smoother running and less of a footprint on my system.
Quote:
Originally Posted by liratheal
iTunes has never got better. It's always been a sluggish, badly ported piece of software. As more and more "features" get added, the more it slows down, and the larger the download gets.

POS, only used for updating the iPhone here.
Odd. When I installed iTunes it didn't grab all my videos and music. I specifically told it what folders to use, and it left my file associations largely alone. Same with Windows Media Player. A number of people have accused iTunes of being slow. Compared to what? When I click the little icon in my taskbar, it loads right up. And I don't buy the resource claims, either. I usually have it running in the background while I'm working in Photoshop, and I don't notice any performance hits. Really, what do you guys do with all your multiple gigabytes of memory and CPU power anyway?

-monkey
airchie 27th July 2009, 21:05 Quote
Quote:
Originally Posted by samkiller42
iTunes is slow is it? Hum, not sure about that personally, loads up as quickly as firefox does for me.
The clue is in your sig mate, i7 with 12GB RAM and an SSD... ;)
I have to agree that iTunes is rancid.
Fine for your average joe who couldn't find music files on their PC unless some app like iTunes did it for them, but for anyone with a bit of computer savvy, I think it sucks.
Obviously just my opinion though. :)

As for false positives, they're just gonna get more and more frequent.
All the AV scanners do is search for patterns (aka definitions) in files.
The more definitions you add and the more files you have on your system, the greater the chances of there being a coincidental overlap of definition and innocent file.

I think what someone said earlier is right.
False positives in smething you can reinstall easily is fine.
When it takes out system files and renders a system unbootable, that's just poor testing.
dicobalt 27th July 2009, 21:24 Quote
Quote:
Originally Posted by airchie

As for false positives, they're just gonna get more and more frequent.
All the AV scanners do is search for patterns (aka definitions) in files.
The more definitions you add and the more files you have on your system, the greater the chances of there being a coincidental overlap of definition and innocent file.

Indeed you make a good point. But did you stop to think that Apple software just pulled the same hack in their software that a virus uses? If the file pattern is the same the instructions are the same. That's funny. I wonder what were the specific instructions that got flagged?
OWNED66 27th July 2009, 23:09 Quote
YOUR DOING IT WRONG
koola 27th July 2009, 23:17 Quote
Quote:
Originally Posted by supermonkey
Not sure about all the iTunes hate, though. It's never crashed on me, and I haven't run into any major problems to speak of - no more so than any other media software I've tried.

+1

I use both the Windows and OS X versions.
airchie 28th July 2009, 00:40 Quote
I don't think it works like that dicobolt.
I don't think scanners can see the specific instructions that were in a snippet of code.
The source code is compiled and I think a signature is just a long pattern of 1s and 0s.
iTunes just happened to have the identical string in their compiled code.

At least, that's how I understand it.
Not sure how heuristics etc comes into it...
Quote:
Originally Posted by owned66
YOUR DOING IT WRONG
No, YOU'RE doing it wrong... ;)
Lazarus Dark 28th July 2009, 01:07 Quote
Whenever someone I know has a computer issue, the first thing I ask is "do you use AVG?" If the answer is yes, I tell them to uninstall it and get Avast. 75% of the time, this fixes it. AVG doesn't test anything and their software is horrible, it interferes with tons of popular programs, particularly media programs, it really doesn't seem to like media programs.

Never had a single problem with Avast, ever. And I'm not sure I've even heard of problems.
Timmy_the_tortoise 28th July 2009, 01:13 Quote
I've been sick of AVG's resource hogging for a long time now, and I'm going to replace it with Avast! soon.
Woodspoon 28th July 2009, 01:17 Quote
Quote:
Originally Posted by koola
Quote:
Originally Posted by supermonkey
Not sure about all the iTunes hate, though. It's never crashed on me, and I haven't run into any major problems to speak of - no more so than any other media software I've tried.

+1

++1

Run iTunes on vista and XP never had any problems what so ever, I point it to my music directory, select the file types I want it to pick up and job done , no slow down and no hassle.
And I'm a self confessed apple hater.
knuck 28th July 2009, 02:32 Quote
Quote:
Originally Posted by Timmy_the_tortoise
I've been sick of AVG's resource hogging for a long time now, and I'm going to replace it with Avast! soon.

you'd be better off with Avira :)
xprodancer 28th July 2009, 02:51 Quote
i must say that i hate itunes! its rubbish! i just set it up now days to put everything thats in the libary onto my ipod automaticaly so i dont have to use the bloody software! i have used AVG for years and found it one of the best anti virus's ever! and i wont change! the firewall is realy impressive too! but on that note tho it can be slow at scanning the entire system and can eat alot of ram but i would rather that and know that everything has been scanned, so i scan it when im at work over night! least i can get home to a nice none virus infected machine! once i find a better bit of kit to put my music on my ipod then for now i will leave it to it! any sugestions would be grateful!
Adnoctum 28th July 2009, 03:57 Quote
Quote:
Originally Posted by Timmy_the_tortoise
I've been sick of AVG's resource hogging for a long time now, and I'm going to replace it with Avast! soon.

Me too. As a long time AVG user, I have been happy with it in the past, but this latest version has been the last straw. Not to mention the painful pop-ups I have been getting lately urging me to "upgrade" to the paid version. Where is the option to turn them off? You're being a pain in my arse AVG!

I'm running the Windows 7 RC, can anyone give me recommendations about a new AV I can use across Windows 7 and XP? I've been looking at Avast, but I can be persuaded by something better.

And no, Linux isn't a solution to Windows viruses! I'm already a convert.
general22 28th July 2009, 04:37 Quote
itunes is a piece of crud on windows while it's perfectly usable on Mac. If you don't have it running in the background it takes ages to start up.
dicobalt 28th July 2009, 04:48 Quote
Quote:
Originally Posted by airchie
I don't think it works like that dicobolt.
I don't think scanners can see the specific instructions that were in a snippet of code.
The source code is compiled and I think a signature is just a long pattern of 1s and 0s.
iTunes just happened to have the identical string in their compiled code.

At least, that's how I understand it.
Not sure how heuristics etc comes into it...

No, YOU'RE doing it wrong... ;)

Those 1's and 0's are executed code because the files flagged (iTunes.dll and iTunesRegistry.dll) have executable instructions because they are dll's. DLL's are nothing but software objects/functions rolled up into a library to keep access organized and under control. So those 1's and 0's from those apple DLL's were executed. Enough of the the 1's and 0's are the same in the virus and in those iTunes DLL's that's why it gave a false positive and matched whatever method of hashing AVG's uses in their software. AVG just needed to check a longer range of data to prevent a false positive. Fact remains the instructions for the virus and for iTunes are partially the same. Probably just harmless portion code but it's still funny that virus writers and iTunes developers come up with the same machine level code.
Javerh 28th July 2009, 06:10 Quote
Quote:
Originally Posted by dicobalt
...Probably just harmless portion code but it's still funny that virus writers and iTunes developers come up with the same machine level code.
Or the compiler does.
[USRF]Obiwan 28th July 2009, 09:17 Quote
Apple software is spam anyway. Ever try to install quicktime and then get a update screen every hour to install update including itunes and safari. If you disable that options and close the updater window it comes back a hour later with all options checked again.

Same with Adobe's acrobat reader every time it wants to install a 130mb acrobat update. 130mb for a simple pdf reader wtf? Glad I uninstalled it and downloaded the incredible fast and small Foxit reader!
B1GBUD 28th July 2009, 09:29 Quote
iTunes sucks big time. It brings my missus' Laptop to it's knees..... begging for submission..... or extra cpu cycles, it doesn't care. OK so it's not the fastest laptop in the world but come on.... it's a frickin tool for organising audio libraries..... it shouldn't be so sh1t
phuzz 28th July 2009, 11:01 Quote
Best response I've seen:
"Maybe Palm have a stake in AVG?"
liratheal 28th July 2009, 11:13 Quote
Quote:
Originally Posted by supermonkey
Odd. When I installed iTunes it didn't grab all my videos and music. I specifically told it what folders to use, and it left my file associations largely alone. Same with Windows Media Player. A number of people have accused iTunes of being slow. Compared to what? When I click the little icon in my taskbar, it loads right up. And I don't buy the resource claims, either. I usually have it running in the background while I'm working in Photoshop, and I don't notice any performance hits. Really, what do you guys do with all your multiple gigabytes of memory and CPU power anyway?

-monkey

Far too many Skype windows, and Sandbox2 is quite the resource hog. Photoshop has, more than once, topped 4gb of RAM on me.

When I'm trying to work on a map or in PS, I don't tend to want a media player hanging over my work area because I asked it to go 'next' on shuffle. No supposedly 'good' media player should crap itself at shuffling 50k+ tracks. Foobar certainly doesn't. If I open iTunes I can open Sandbox2 and load a map before iTunes is ready to use. If I open foobar, then it's ready to use inside of thirty seconds.

Call me picky, if you want, but I like my media player to do just that, play media, not hang and ask me to install Safari every time it thinks it needs an update.
Quote:
Originally Posted by [USRF]Obiwan
Apple software is spam anyway. Ever try to install quicktime and then get a update screen every hour to install update including itunes and safari. If you disable that options and close the updater window it comes back a hour later with all options checked again.

Same with Adobe's acrobat reader every time it wants to install a 130mb acrobat update. 130mb for a simple pdf reader wtf? Glad I uninstalled it and downloaded the incredible fast and small Foxit reader!

I wish I could uninstall Quicktime, but no. Now iTunes forces it on you :/
Star*Dagger 28th July 2009, 11:59 Quote
I am still stunned at the concept of people paying for music that is easily available for NOTHING elsewhere.

Lemmings alert!

S*D
impar 28th July 2009, 12:21 Quote
Greetings!
Quote:
Originally Posted by Star*Dagger
I am still stunned at the concept of people paying for music that is easily available for NOTHING elsewhere.
Some people are worthy elements of society. Others are just parasites.
jrs77 28th July 2009, 15:40 Quote
As a professional in graphics and design I can only laugh at all the hate for OSX, as Windows does not deliver, where I really would need it to deliver. All professional media is done in OSX today because Windows fails to deliver.

On topic:
People shouldn't setup their AV-tools to do something automatically and allways set them up to ask what to do in every case.
supermonkey 28th July 2009, 21:17 Quote
Quote:
Originally Posted by liratheal
When I'm trying to work on a map or in PS, I don't tend to want a media player hanging over my work area because I asked it to go 'next' on shuffle. No supposedly 'good' media player should crap itself at shuffling 50k+ tracks. Foobar certainly doesn't. If I open iTunes I can open Sandbox2 and load a map before iTunes is ready to use. If I open foobar, then it's ready to use inside of thirty seconds.
I don't understand what you mean when you say that the media player is hanging over your work area. I decide what music I want to listen to, then minimize iTunes. The player sits on the taskbar in mini-mode (or whatever Windows calls it). All the necessary buttons are right there on the taskbar: volume, next, previous, play/pause, etc.

I suppose this is one of those your-mileage-may-vary situations. At home I have a dual-core Athlon with 2 GB of ram, and iTunes takes only a few seconds to open and go - certainly quicker than the 30 seconds it takes you on Foobar. Really, it takes me longer to make up my mind as to what music I want to play.
Quote:
Originally Posted by jrs77
As a professional in graphics and design I can only laugh at all the hate for OSX, as Windows does not deliver, where I really would need it to deliver. All professional media is done in OSX today because Windows fails to deliver.
What are you doing that Windows fails to accomplish? I also am a professional working in graphic design and video production, and I realize that each platform has something to offer. We typically use whatever program is most suitable for a particular application.

-monkey
mi1ez 28th July 2009, 22:51 Quote
I only use iTunes on my GF's laptop as she has an ipod and i can't be arsed hacking around the security to use somthing else.

The main reason I don't have an ipod is itunes. Horrible!
Paradigm Shifter 29th July 2009, 12:33 Quote
Quote:
Originally Posted by mi1ez
I only use iTunes on my GF's laptop as she has an ipod and i can't be arsed hacking around the security to use somthing else.

I've never had a problem getting my iPod to talk to Winamp... it's never even seen iTunes. Just Winamp.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums