Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus


December 4th, 2009

Apologies for Bad Definition Update

You may have heard that we released a virus database update early Thursday morning (or Wednesday night depending on the time zone). We are deeply sorry for releasing this update and the trouble it caused you. Of the users that received the update, most encountered no problems, some encountered minor issues, and some had significant problems.

I apologize to each and every one of you—I realize that security is fundamentally about trust and you have to trust your security provider. We made a mistake here and it won’t happen again.

We have highly automated systems and processes for testing and releasing virus updates. Updates are thoroughly tested before being released. But the process failed due to a “human failure”. This was an example of the old proverb “the road to hell is paved with good intentions”. Some engineers thought they were doing the right thing by sending out an out-of-cycle update to fix a problem. Unfortunately, they circumvented the automated systems and ended up sending out the wrong update—one that had not yet been tested.

There are detailed explanations of this issue and how to fix it on our support forum (http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=377). And our CTO has authored a detailed explanation of how this happened (http://forum.avast.com/index.php?topic=51783). In the next few days I will write another blog entry about how we are changing our processes to ensure this problem does not ever occur again.

In the meanwhile, please accept mine (and the company’s) apologies for the troubles we have caused you. We won’t let it ever happen again.

Categories: CEO's corner Tags:
  • http://www.geek-translation.com Stanley Komarniski

    I have been a big supporter of Avast for a long time. Since I do tech support, for alot of home customers I have recommended Avast. Now for the past few years, Avast has performed, until now. The Avast blunder has not cost me my reputation, thankfully my clients know to call me when they see such errors within software they trust.

    I remember when Symantec had created a blunder similar to this one a while back. Thats when I started looking for a more reliable A/V program. I was impressed with Avast, easy to install and maintain.

    Now since the blunder with Avast, the reports from my clients on false positives have climbed immensely.. Instead of the usual once a month, I now get several calls a day. My clients and I just do not have the time to report every false positive that we come into.

    I do not trust Avast any more and will not recommend it as a solution.

    Now the hunt begins for a A/V program that has not begun to fall apart. Even on my main system Avast detects this one application as a virus, and 7 to 8 times a day I have to tell it to ignore…

    Avast, if you guys don’t do something soon. You will lose a lot of business..

    You have lost mine, and that of my customers and friends…

  • Pingback: Aktualizacja Avasta groźniejsza od wirusów! | WebInfo

  • John

    Great work guys..

    It was not a big deal for me, when this happened, I just turn off the computer and fell sleep. On the next morning, another update fixed everything, I understand this things can happen once in a while, but the way it was fixed was excellent. Don’t worry about bad publicity, you’ll always have me, you help me trough some nasty trojans before and that weighs more than just a simple mistake.

  • Mike

    I think it wasn’t “just a simple mistake” from their point of view.These things can do really bad to a companies reputation such as Alwil.Trust must be regained,maybe the new version of avast! will help with that.

  • david

    well done guys for fixing the problem. appreciated. I was fortunate enought to not have any problems.

  • http://www.ppinfotek.com Yanto Chiang

    Chris P :
    Maybe it’s just me… but if you stop to read the posts about people complaining – and switching to another AV – it sure seems like
    1) they probably never had Avast! installed in the first place
    2) they are abusing this forgettable mistake by posting on here about what AV they have now switched to
    3) and have led me to believe that they are probably fake posters from other companies trying to sneak in some free advertising.

    HI Chris,

    I agree with your summary,

    Some people just only criticism people’s mistaken, but doesn’t give any contribution to constructive again.

    Regards,
    Yanto Chiang

  • greatwroth

    If I’m not mistaken, Avast doesn’t just completely delete things without at least a prompt, right? You should know your trusted files. Also, any good user keeps a spare anti-malware tool and backup firewalls just in case something bad happens, right? So how could this have caused such a big problem to users other than the highly inexperience. Luckily I didn’t experience this problem first hand so feel free to call me on it if I’m missing the true effect of this incident. Sorry if that sounded a bit harsh but I’ve gone through at least 3 computer crashes caused by pure incompetence (on my family’s behalf) mixed with some really bad malware so I’m really cautious now that I have my own laptop.

  • daz

    I never said anything about a virus, the when the update occured my wife removed the files that the antivirus told her to. that began the crashes, i imagine the crashes damaged the system files in question. I dont have a recovery disk which would take the computer all the way back to when it was first setup. Im trying to run restore from the winxp pro cd but the system wont let me, I tried another cd from my desktop with the same results,cant load the cd to reinstall or restore. I ran the dell hardware diagnostic cd and all hardware is fine including the dvd.@gizbar

  • daypet1

    This cock up would appear to be a direct result of a release Avast were forced to release in response to a complaint from me. From monday the 1st of December till Wednesday we were getting false positives from a bunch of Excel spreadsheets containing pivots tables. I recieved this email
    “Hello,
    thais false alarm was fixed by VPS update 091202-0
    Please update your VPS
    Regards Cernik”
    Wednesday 02-12-09 10:47 am

    This particular false positive has never been owned up to I’m afraid. So we are all being deceived..

  • Murad

    I’m sure that this is done by someone who don’t want avast to reach 100M users … stop trying to cover it and tell the truth ….

  • Vlada Cernik

    @daypet1
    This my answer was on your email from December 02, 2009 10:00 AM Subject: Probable false positive “MX97:CVE-2009-3127 [Expl]“

  • ~ jisuna

    huh!? people sometimes turned out to be dumb..
    mistakes happen! why would you untrust avast for that?
    after it saves you from viruses and malwares for free? you dont appreciate it?
    they are doing their best just to help us.. then for only one mistake avast will be untrusted? then transfer to avg? really stupid.. what if avg makes a mistake?
    you will transfer to avira? and if avira makes a mistake you’ll transfer to norton? and if norton makes a mistake you will try everything else and will only end up throwing your computer to the trash can? common sense please

  • Petr Bucek

    daypet1 :
    This cock up would appear to be a direct result of a release Avast were forced to release in response to a complaint from me. From monday the 1st of December till Wednesday we were getting false positives from a bunch of Excel spreadsheets containing pivots tables. I recieved this email
    “Hello,
    thais false alarm was fixed by VPS update 091202-0
    Please update your VPS
    Regards Cernik”
    Wednesday 02-12-09 10:47 am

    This particular false positive has never been owned up to I’m afraid. So we are all being deceived..

    Thank you for all your comments. daypet – your problem had nothing to do with a huge issue that is commented in this post. Vlada Cernik, our virus guru, replied to you and owned up the problem. It has been solved as soon as possible. We are indeed very sorry for what happened in VPS 091302-0 (the number is different from yours of Wednesday 02-12-09) . Also, there is no covering scenario. It was a disaster that happened and I hope that will not happen anymore.

  • Rody

    don’t be sorry everyone is making a mistakes
    as for me i don’t care if it happend again cus i love ya
    and cus the mistake is a humanity natere
    but don’t promise as that it won’t happend again…cus you can’t give a Thirsty :)

    by

  • http://www.avast.com Pavel Mourek

    @daz

    sorry but in case that even Windows CD is not working there is not much left to try. Let’s pretend that CD-drive is working then please get any bootable CD and use it at least for your data backup, you can of course use our avast! BART CD http://www.avast.com/eng/download-avast-bart-cd.html for it. Later get the working CD with Windows OS and install the new OS on your PC.

  • daypet1

    We are corporate customers and therefor not free !

  • Pingback: Gro

  • Sergio Ariza

    We have been using Avast for two years, and we had found 3 FPs, the problems is that two of them, had a very negative impact in our company, as “daypet1″ said, we are corporate users, expecting good support and a good product for the enterprise (as a home product I have no negative comments), some days ago, I sent a email to Daniel López (Prague) and Christian Cantoro (USA), with some key point to improve, I just received apologies, nothing about to solve the points in my email…

    Best Regards!
    Sergio Ariza.

  • Xastain

    1. Thank you for owning up.
    2. Thank you for fixing the problem.
    3. Thank you for being awesome.

    You are forgiven… Avast! still rulez!

  • Roldan

    All the software of the IObit Security 360, IObit Advance System Care at IObit Smart Defrag were detected as have a malware trojan. (win32.delf). I format my PC to solve the problem. I can’t uninstall IOBIT software because the uninstall.exe also affected by false positive of avast. suddenly all of the softwares in my PC are detected as malware (even is not a real malware). thus thank avast for apologize to all. we still konow that avast is still the best

  • popo

    I amnot speak english but i have a qestion persian:یکwormدرکامپیوتر من امده که حذف نمی شود چکارکنم؟pleaseپاسخ دهید بهpersian

  • Roldan

    The Microsoft Security Essentials is a large threat to avast!!!! because of very fast scan.

  • Roldan

    Can avast release an critical fix update for repairing their false update??? to the computers?

  • bob

    accidents happen and you got to thank them for admitting it and beeing honest about it. Theres alot of antiviruses even paid ones that wont even do that. Avast didnt have to appologize and didnt even have to admit it, theres a chance you wouldnt even know, it didnt cause me any problems btw, and most it wont. That just gave me more trust and respect for avast for what they just done here. Think before you speak and disrespect a awesome A.V. Program, This make me consider actually buying the paid version for what was done here and avast deservers every bit of it. And Roldan if your worried about a fast scan in a A.V. other than it beeing good thats sad. Comment about microsoft, This is on windows 7 64 bit and it involved there malware software tool, i had to accept or decline to install it why, well after i read it alot of garbage to hide it good try, that is could mess up windows and cause data loss etc and there not responsible for any data loss, ill put it that way.

  • Roger

    Thank you for the apology. The false positives were taken for real. Just deleting the “viruses,” instead of placing them in the chest, resulted in several key programs not working. Going to one of those programs to download and reinstall the program, they had a post about the false positives. Thus I reloaded my hard drive from a mirrored copy. At work, our most critical computer program quit working. Our engineer called in a highly paid software expert to fix it. He determined it was Avast!, deleted your Professional Edition and installed another virus protection program.

    While it was my decision to place Avast! Professional Edition on all of our computers at work, this incidence left me thinking that I should evaluate other antivirus programs so that when our multiple license subscription run out, we could switch. However, based on the CEO’s admission of human error by not testing the update before releasing it, his apology, and plan to implement new procedures to prevent this from happening again, I will not look for an alternative to Avast! Today we are deleting the other antivirus program at work and going back to the Avast! Professional Edition.

    I admire your CEO for openly admitting responsibility for the mistake of his staff, giving an apology, and developing a plan of action to prevent a repeat of the same error.

    Roger

  • gizbar

    @daz

    You said that the computer would not boot from a CD. I’m trying to tell you that if you want to boot from a CD/DVD then that would not be a problem with a virus as it would load from the CD/DVD before ever going into windows.

    I suggest you try running the system file checker. This will compare your system with the windows cd and replace/update faulty or corrupt files with known good versions from the cd or the repository on the hard disk that is there as part of windows self-protection.

    Put windows disk in cd drive. Click start and go to ‘run’. Type sfc /scannow and allow it to run to it’s conclusion.

    If it finds many files to replace, then you may need to run windows update after this as it may replace files with older versions that have been updated to newer versions.

    regards, Gizbar.

  • Ed

    I guess it depends on whether the update caused each one of you a problem or not. It is indeed good of companies to admit mistakes and to openly try to improve faulty procedures. If caught online during the update (after all it was only available for a couple of hours during the midnight hours of the USA) then the damage was huge.

    As a precaution, I instructed the program to move all suspected files to the Virus Chest, but the sheer volume made me think something else was wrong. Desperate users writing in blogs alerted me to the culprit (not the company) and once a new update was given out it has been impossible to RESTORE the removed files from the Virus Chest as designed. Most files give errors when you attempt to undo the damage.

    Ultimately, I needed to reinstall about 25 programs for them to work properly. And some could never be retrieved in their original state (no longer available, different versions published, etc.)

    In this particular case, the prevention mechanism (the antivirus software) was much worse than the potential illness. Indeed, it is now a trust issue. And it has been shaken big time.

  • //blog.avast.com/2009/12/04/apologies-for-bad-definition-update/ Colin

    Have had avast free edition for almost a year and a few days ago my router icon failed to turn blue indicating not connected to the internet but I am. It will not allow me to load windows mail however (but it does in safe mode) After reading the problems with the Avast update which is around the time I detected these problems I uninstalled Avast and purchased Avast4 Profeesional version 091209-0 which has been downloaded although the problem has not disappeared.On access scanner is only running 5 of the 8 providers and one of these that is not running is Internet Mail version 4.8.1368 and it is showing a message “The provider is waiting for a sub system to start”. I believe that the corrupt update has probably left some corrupt information on my hard drive which I cannot detect.Can someone help overcome these problems please

  • Treva

    Does this bad update have anything to do with the error messages I am receive whenever I select to ‘Program update?’ Error indicates “Last encountered error: Other HTTP error (307), while trying 74.86.125.44:80//iavs4x/servers.def”

  • Phil

    Detection messages went strange last week.
    After sending 2 or 3 warnings to the Virus Chest, I disabled Avast.
    Later, a System Restore was run and most returned back to normal.
    What seperates professionals from the rest is the abilty to admit a problem and rapidly fix it.
    I commend you on your professionalism.
    Job well done.
    Cheers

  • Trevor

    Thank You Avast for how many days counting…7 DAYS of PURE HELL SO FAR (WEDNEDAY TO WEDNESDAY.

    After the supposed False positives on Dec 2

    1. Trojans took over Avast, disabled Avast, and blocked any other antivirus from being installed. It also Disable the firewall and infected it.

    2. Block me from accessing my Windows login account – all I saw was the screensaver

    3. It keeps replicating itself on all the new Windows account I tried to create

    4. I had to do a system restore, but its still on this new profile I’m typing on. it keeps installing mrt.exe on a spare drive and hogging memory

    5. None of the rootkits, OR trojan skanner can detect it

    6. all of this when I HAVE EXAMS TO STUDY FOR

    7. AT THIS POINT I HAVE WELL AND PAID FOR YOUR FREE PRODUCT 20 TIMES OVER…and I’m demanding that money back!!!

  • Nate

    I had severe problems and uninstalled AVAST. I had just purchased the software and it locked my machine and made other updates impossible. No excuses. The release caused the problems.

  • Chris Herle

    The “update” has caused severe problems for my computer. Upon seeing the virus warning coming up so many times – I believed my computer was under a major attack. Once the vault was full – it was recommended that I delete entire programs to rid the virus – which of course I followed. It is totally disheartening to know that each of the now deleted programs was a “false” positive that can not be undone. I have programs that won’t uninstall or install after the Avast “update” virus. The cost of the programs lost far outweighs the cost of the Avast antivirus program. Up to this point, I was satisfied with the program working properly. Now, I really don’t know when a virus pops up what it might be – “trust me”.

  • Chokaho

    I own a small computer shop in a small town. We had been using and suggesting AVG to customers for years. Early spring of this year I noticed several systems coming into the shop with AVG installed that had various windows problems. Turned out AVG was detecting false +s and most people were deleting the files. I started searching for a replacement for AVG and after testing several AV programs I found that Avast was great. I used it on my system for about 4 months before suggesting that my friends and family switch to it. Turns out many of them uninstalled AVG rebooted then install Avast and before Avast even had a chance to update it started finding real viruses AVG never detected. I use to swear by Norton’s but then had AVG(free) remove viruses that $60 Norton didn’t even detect. Maybe a paid for AV might not be as likely to have false +s but then they dont detect viruses that free AVs do. Your either protected or your not. We are sticking with Avast.

  • Petr Bucek

    @Treva
    Hello Treva. No, this error is not connected with the false positive issue. If you have somne doubts about the program or you need technical help, submit a ticket from our support portal on web page http://support.avast.com/

    In this case please check, if a firewall is not blocking the communication.
    You should also adjust your connection in avast settings – Update (connection) – Proxy , choose Direct connection. This applies for ADSL. There is also possibility to do a test. If setting of connection does not appear, change value in avast4\setup\setup.ini file according to:
    [Common]
    NetAcc=0

  • http://www.avast.com Pavel Mourek

    @Treva
    No, nothing to do with this issue. HTTP error (307) is just temporary status connected with server maintenance.

  • http://www.avast.com Pavel Mourek

    @Trevor
    we are adding new virus samples every day, but we may still miss some malware. So if you have something avast is missing, please send the file(s) to virus@avast.com for analyses. Ideal way how to send such files is to ZIP them with the password ‘virus’.

  • http://www.avast.com Pavel Mourek

    @Colin
    you are getting avast Internet Mail – “The provider is waiting for a sub system to start”, because Windows mail is not running. It looks that your Windows OS is not complete or fully working, please boot from your Windows CD and click repair Windows installation there to fix the issue.

  • Renee

    Thanks for getting out an update and notices to correct the issue so fast! We only had 4 non-critical program executables deleted before we stopped to search the web for clues. We knew there was no way our system could have been infected as badly as was picked up.

    You’re still my AV program! I LOVE the twice daily updates. So far, you guys have been tops!

    The only other AV company I’ve encountered good rapport with was F-Secure. The guys over there personally saved my system about a year ago from one of those super hidden trojans that took over my desktop.

  • Pingback: tuantivirus.es BLOG» Blog Archive » Disculpas por una definición de actualización mala

  • dooste popo

    @popo

    ha ha ha ha , Popo be man ba yahoo messenger PM kon be in ID bego ke popo hasty man begam chi kar koni. brisk_mind hatman bego popo hasty az site avast

  • need advice

    We used avast on our computer last night. Now it locked up. I began searching for more information about avast. Found information that there is a serious problem with avast. Is this still as of last night?

  • San

    Apologie is very nice, but if you made a mistake, please try to correct it. I’m the Proffesinnel version user(actually i was, cus is no more working), & have no more resident protection. So, i’m connected to the web without any protection(exept Windows firewall). For shure my system will be destroyed in few days& than two days of full reinstallation, & purchase another antivir from the city(130 km), etc… What a HELL & waist of time(and money). THANK YOU GUYS, GREAT JOB. I think is time to go far away from the hell of Windows(& Avast, Norton etc..), for shure less suffering with MacOS or the others.

  • http://www.avast.com Pavel Mourek

    @need advice
    Nothing unusual happened last night, so it has nothing to do with update issue mentioned here. To help you, please provide us (support@avast.com) with details about the PC(s) having the problem with avast:

    What operating system are you using? (e.g. Windows 2000 Server…) Any Service Pack (e.g. SP2)
    What version of avast! are you using? (e.g. 4.1.319 – you can find this information in “About avast!…” dialog)
    What version of VPS file are you using? (e.g. 0312-4, 06/01/2003 – you can find this information in “About avast!…” dialog)
    What is the basic hardware configuration? (e.g. Intel Pentium III 800 MHz, 128 MB RAM)
    How do you connect to Internet? (e.g. dial-up, using proxy server, using firewall…)
    What is your e-mail client? (e.g. Outlook, Outlook Express, IncrediMail…)
    Do you use some other security software? Which one? (e.g. Norton Antivirus…)
    What are the steps to reproduce the bug again?
    Do appear some error messages? Which ones? Please send screen-shot if possible.

  • http://www.avast.com Pavel Mourek

    @San

    please, try to reinstall avast! program:
    1. Uninstall the current version
    (Use Add/Remove Programs from Control Panels)
    2. Restart PC
    3. Delete ALWIL Software folder from Program Files
    4. Download the latest version of avast program
    from: http://www.avast.com/eng/programs.html
    5. Install the new version.
    6. Restart PC

    Before installing avast:
    Please ensure that no other antivirus is installed, empty all your
    TEMP folders, run Windows scandisk. Also the latest Windows service
    packs and hotfixes are recommended.

    If still having issues, please contact support@avast.com

  • ajay

    avast

  • ajay

    avast for windows7 ultimate

  • E.W.

    I have now got 6 programs in my chest infected with win32:Trojan-gen and I wonder is this a false positive? also what should I do next with the programs in my chest? delete? restore? I dunno what to do with them. 4 of them are windows\system32 and 2 are AppData\local\temp.