This morning a colleague handed me a USB memory stick. Without thinking, I inserted it into a USB port on my computer (Windows Vista SP1). When the AutoPlay options came up and offered running “deskinf.pif,” there was a split second where I thought it was odd but then shrugged it off because my colleague is a Mac OS X user and they always have funnily named files (like “DS_STORE”). I selected the option to browse the drive instead.
Within 20 seconds, I lost my external hard drive, a LaCie 1 TB Big Disk that had just about 500 GBs of data representing many, many months of work and years worth of accumulated data. Turns out, “deskinf.pif” whether you click on it or not, is a variant of W32.Xema.A, a worm that attacks removable drives. Not only did the functionality of your programme - the latest “professional” release, I might add - NOT protect me as a user from known security risks but your virus definitions - again, the latest - didn’t even trigger an alert.
Your virus information feature doesn’t even list this worm or variant (it does list a AA). Symantec offers this information:
http://www.symantec.com/security_response/writeup.jsp?docid=2007-061111-4435-99&tabid=2
The damage is pretty bad - painful, in fact. To say it could’ve been worse is to think the unimaginable but because I’m running Windows Vista instead of an earlier version of Windows, the worm was unable to completely intrude my system drive and registry. But all of my virtual machines, music libraries, video editing projects and things I can’t even remember at the moment are GONE. I am currently in the process of running TestDisk and if that fails to restore any data I’m going to run R-Studio but my experience with these types of “data recovery” programmes is mostly that they give you some time to accept the loss. I’ve never actually had any data restored by them.
I noticed when searching the forums on this topic that less than a month ago when asked the same question by a user who’d recently recommended to their boss that they deploy Avast! on their network - as I did over a year ago - that the collective reply from Avast! was “No, we don’t support that functionality. We blame Windows. Disable AutoPlay.” Well, I’m not sure that would’ve prevented infection on my computer this morning since your scanner didn’t even recognise the signature of a virus that has been in the wild for close to a year. Also, I opened the drive not the file - which wasn’t even visible on the drive, save for its entry in the AutoPlay options. I really would’ve expected a more pro-active response from Avast! especially since this functionality exists in the latest versions of McAfee and Norton. I should think any developer of a virus scanning application would be thrilled to discover a new threat so they could add a useful feature to what is mostly a bog standard feature set throughout the industry. I already have to deal with minor malware infections on my network that Avast! recognises but doesn’t remove - perhaps another rough edge that puts a dent in your promotion of a “professional” edition.
A virus scanner that works 98% of time I suppose is fine until you enter the 2% zone of time when it doesn’t work and you’re f*cked. Personally, I think the value of that scanner is pretty much based on the 2% of the time.
So when is Avast! going to offer functionality that immediately scans a USB drive when it is inserted into the computer, hopefully with the option to exclude certain drives either by drive letter or serial number?
And why wasn’t “deskinf.pif” recognised by your scanner?
As a pro license home user and a 20-seat small business user whose licenses are up for renewal within the year, I await a meaningful response.
Regards.