Avast Patch Management is Lying to You. They Have a Moral Obligation to Pull it From Shelves! You Could Be Exposed.
On June 24th I logged in to my Avast Business Console to check company-wide defenses. As a customer of Avast Business Antivirus, I rely on them for securing my endpoints and giving me a console of actionable items to rectify, ensuring corporate-wide security. To my shock, every machine in my network was reporting “In Danger” in big red letters. Seeing this kind of thing instills fear into the general population and to anyone in my position. Avast has a moral responsibility to secure business machines, and offer products that reliably protect. While still a business, they have a greater need to be truthful, transparent, and steadfast. When you see something like this, coming from them, you should emotionally react.
Upon further investigation I realized Avast had pushed a trial of their Patch Management product to my organization. This was done without my permission, without warning, and with no documentation on how to disable it. As marketing does, I was convinced to play with the trial and see what it had to offer. Over the next few days I received numerous email blasts and direct correspondence from the Avast sales team pushing the new offering. As you flip through their marketing materials and weblink, more fear is used, instilling a need to have their new, and additional, offering. As any good executive with a responsibility, I made the purchase and began licensing my organization.
This is where the lie begins…
As it turns out, Avast, who also owns AVG, has problems afoot. Their Patch Management software hasn’t been fully tested and was rushed to market. Anyone (on planet Earth) who received the software trial on or around June 24th received a problematic version that has scary consequences. Keep in mind, this trial was not initiated by their customers. This was something Avast pushed…unbeknownst to it’s users and patrons.
Once you received this trial, whether you purchased the product or not, your entire organization would start reporting itself as “In Danger”. It would also begin using additional network traffic and additional computer resources to check for patches and operating under-the-hood; a silent killer. If you decide to purchase the product, as I did, you received even worse news.
In addition to frightening messages and additional network traffic / processor utilization, Patch Management does not currently work. Even later iterations of the software have bugs preventing the product from working properly. As of the time of writing this article it is impossible for most people to use Patch Management as sold. As it turns out, there are a slew of bugs that cause the following:
- Endpoints reporting in as “Safe” when they aren’t. The product is just stalled and not working. You have a false sense of security. [One would think this is enough to pull it from shelves and issue refunds]
- Endpoints report in as “In Danger”, but are incapable of being fixed. Patches cannot be deployed as the software has bugs preventing this from happening. Some bugs actually stem from internal DNS being referenced in code and was never trialed outside of the Avast offices.
- Endpoints require manual intervention, at the workstation, requiring you to uninstall and re-install the product. This stems from faulty agents being pushed by Avast, to your workstations, without your permission. This means real labor and the need for onsite IT presence.
- The Console has false positives and cannot override schedules, meaning if patches are pushed manually, they may never get to the workstation or occur at times you didn’t plan on. This could cause users to get locked out of their workflow and having their machines reboot in the middle of a work-day.
- The Console has issues reporting the Patch Management module installation state and could cause IT personnel to chase false messaging when the product is, in fact, installed and potentially running!
- You cannot fully rid the Patch Management messaging. Even after the product is uninstalled and disabled, the Console will still report on patch statistics and create a sense of fear that the machines are missing out on updates, security, or progress.
- The current Console version behaves in a way that prevents you from using and administering your network with messages saying “inactivity timeout” and “unknown errors”. While this is random, it completely locks you out of being able to management you antivirus endpoints. I have even experienced machines putting files in the virus chest and then not being able to act on them because the console was unusable.
Security Software Company’s Should be Held to a Higher Standard.
I feel that the whistle needs to be blown on Avast. Technology is an integral part of every business on the planet. Security and Antivirus concerns are real. Anyone selling a solution to these problems needs to be held to a higher standard.Unlike mobile app developers, entertainment media houses and startup solution providers, certain software is mission critical. Fundamental software like Operating Systems, Cloud Solutions, Office Productivity and Security Tools need to be tested and released in a traditional manner. They also shouldn’t be marketed with fear and forced adoption techniques.
Technology companies have slipped in recent years and aren’t held to the standard they once were. Microsoft has gotten away with massive failures on it automatic updates. Cloud providers are treated like “betas” and sold as “gold standards”. Avast software isn’t something to “tinker” with. If you sell it on the market and create a sense of fear with people…your product needs to work.
At the time of this article, Avast pushed software automatically to global businesses that caused massive failures. It is not functional at this time yet it’s being sold aggressively. Avast management should be involved in these issues and be doing everything necessary to get it fixed. Instead it is being treated like any other software “bug”. The public deserves to know about things like this and the company should be held responsible for its actions. It is time to hold companies responsible.