Addsum web site and general info

Postings here will focus mainly on Advanced Accounting software updates, tips, and related topics. They will also include general comments relating to troubleshooting PC/Windows/network problems and may also include reference to our other software products and projects including any of our various utilities, or to the TAS Premier programming language. We considered setting up separate blogs for different topics so that users/others could subscribe to topics mostly aligned with their interests, but decided that it would be better to keep things simple since some topics cross over into others. We would nonetheless welcome your feedback/input in this regard. Our web site URL is www.addsuminc.com. Call us at 800-648-6258 or 801-277-9240. We also maintain www.advancedaccounting.us so that older Business Tools users in particular have a greater chance to find us.

Follow

We highly recommend that accounting software users "follow" this blog via e-mail (enter your address and click on Submit below) or subscribe to a feed (see also below) as a way to keep current on the latest updates and accounting software news and information. You may also want to whitelist this e-mail address: noreply@blogger.com.

Wednesday, October 14, 2015

Panda antivirus: not our favorite


The truth is that we really do not have a favorite brand of antivirus protection software. Like death and taxes, antivirus software is not optional in today's world.   Often the antivirus and related malware detection applications however behave at a level equivalent to some viruses.  And they typically steal processing power along with their incessant updates making computer use much less enjoyable and efficient.

Users are further placed into the unsavory position of having to choose sometimes between antivirus packages that have excellent detection but high resource utilization versus antivirus software that has lower detection accuracy but also lower resource usage demands.  

Often Norton/Symantec Antivirus and McAfee brands have been the causes of PC slowness. Over the years, however, we have heard of more rogue problems with Panda Antivirus than any other.  And today was no exception.

Yesterday we updated an end user's main executable with a newer version simply as a part of an update and because it might have helped with an issue they were having.   Everything was working fine until an automatic update occurred on that system this morning. The update at least in part involved Microsoft updates (this was on a Windows 7 Ultimate operating system). The 19 Microsoft updates that were installed rendered the PC unusable for a time, a story that is all to common (and we recommend managing these on a non-automatic basis for exactly this reason). The end user though was also using Panda Antivirus 2015, and we suspect that a Panda update also occurred. After these updates and after having used the executable associated with the software earlier today that we had updated yesterday, the executable simply vanished along with the desktop icon associated with it.

And it was Panda Antivirus 2015 that removed it.  When adding it back, naturally Panda still refused to allow access. Initial responses however were Windows permission and networking errors and nothing from Panda until finally:




What was suspicious about the file?  Because it was downloaded via a web service (in this case via file transfer protocol)?  Yet that's where pretty much everything comes from these days.   No other details whatsoever?  No indication of the publisher name or the digital signature date if that information is present (which it was) so that the user can make an informed decision?  How would the user otherwise easily, quickly and without having a somewhat high level of expertise know what to do?  How high of a burden is this to place on a end user without providing as much information as possible in a case involving a false positive as here?   Won't this then encourage the user without this information to "neutralize" (a euphemism for delete, kill, remove, etc.) the threat?   The "threat" once averted then cripples the end user system.

So at this point, the file can be "excluded" and the software was then again operational, but that alone is not enough.  Exclusions need to be added as we did here after this problem arose:






(Any antivirus program you use should allow for adding exclusions or exceptions.  If it doesn't, find another antivirus program.)

Prior to adding the exclusions above, Panda's settings reflected the fact that the files had been quarantined but then excluded.







And this is not the first time we have seen this happen.   A different system in 2013 that was using Panda and a software package that also uses the same executable suddenly experienced the same thing and that was on system that had not changed for some period of time. Yet, these are are simply completely valid, digitally signed executables with no compression and which have been widely used on many other systems and not falsely detected as being suspicious by other antivirus software.

Is it possible that users when presented with the "suspicious file" option are choosing "Neutralize" rather than "Exclude" since it is the first option and since it sounds less benign, and so the removal is actually being confirmed by the user?  Yes, that is possible, and we can't be certain that did not happen in these two cases, but there have been other reports of files deleted by Panda that did not appear to involve any user interaction.

In much older systems (and going back into the late 90's) we had several reports from users using Panda where false positives would occur on end user data files (and so not executable files at all) that could not possibly be infected with a virus, and yet in at least two cases Panda actually deleted the end user's data (files that just happened to not be open that Panda decided to quarantine and delete them) during daily operation of the software.  

We've never experienced these problems with any other commercial antivirus software programs.

This points out how critical it is to exclude critical software installations such as accounting software or heavily used production systems from real-time antivirus or malware scans.   False positives can and do happen with all antivirus software.   And if you use Panda, you are at even greater risk if you do not do this.

And also be very wary when updates occur.  While Panda is not alone in having update problems, earlier this year a significant problem arose with a Panda update, see this story published on March 11, 2015 in the iDigitalTimes:  Panda AntiVirus Update Problems Bricked Your Computer? Here's How To Fix Wiped Files And Restore Your PC Stability.

Is the cure worse than the disease?  Maybe not, but often it seems that way.









No comments:

Post a Comment