Avast update blocks legitimate Web sites

An automatic update to Avast's antivirus software falsely tags legitimate Web sites as infected with malware, forcing the company to push out a quick fix.

Lance Whitney Contributing Writer

Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.

See full bio

Lance Whitney

April 12, 2011 8:12 a.m. PT

2 min read

An update rolled out yesterday to Avast's antivirus product contained a bug that flags legitimate Web sites as malware infected.

In a blog post late yesterday, Avast acknowledged the false positive glitch in an update known as 110411-1, which was automatically rolled out to Avast AV users earlier that day. The error has specifically affected versions 4.x, 5.x, and 6.x of Avast's antivirus software.

In an e-mail to CNET, an Avast spokesman said today that the update was downloaded by around 5 million users, mostly on the Western Hemisphere due to the time in which it was launched.

In-house sensors discovered the problem just a few minutes after the buggy update was released, and Avast workers managed to create and release a fix within 45 minutes, according to the company.

Known as 110411-2, the fix must be manually installed. Avast is advising all users to update their antivirus definitions by right-clicking the Avast taskbar icon (the orange (a) ball), then selecting Update, and then selecting Engine and Virus Definitions.

The Avast spokesman said the problem was caused by a bug in the company's URL normalizer library, which is used to modify a Web site's address into a standard format.

Avast apologized for the "inconvenience," saying that since only remote sites and not local files were affected, the fix should completely resolve the problem. Despite Avast's solution, some of the more than 200 users commenting to the blog post are complaining that certain local files were in fact quarantined, forcing them to now restore those files.

The Avast spokesman said that for most users, the faulty update solely blocked access to certain sites. But if someone ran the software's on-demand scan of the hard drive, then any HTML files stored locally could have been quarantined. That scan was performed by some people when Avast first revealed the problem. But the spokesman expressed hope that these people have since been able to restore the files from the quarantine after the problem was resolved.

Some commenters criticized Avast for not communicating about the problem more effectively. An Avast employee responding to those complaints acknowledged that the company is trying to determine how it can better communicate in the future. Although it did spread work about the error through its Twitter stream and its Facebook page, Avast said its main focus was on fixing the problem as quickly as possible.

Other commenters on the blog post and on Facebook took the opportunity to praise Avast for its quick response and communication.

Updated at 10:00 a.m. PT with more details from Avast.