This site may earn affiliate commissions from the links on this page. Terms of use.

AVG Antivirus has been a popular security suite for more than a decade. The company claims more than 200 million active devices, including 100 1000000 mobile installations. Over the past few years, the company has come under increasing burn down for installing its AVG SafeSearch toolbar without permission, and announcing that it would sell consumer data to advertisers. Now, the company may have finally gone also far, thanks to an enormous problems in its AVG Web TuneUp software that fundamentally bankrupt security for Google Chrome users.

avg_web_tuneup

The AVG Web TuneUp extension

On December fifteen, Google Security researcher Tavis Ormandy filed a bug report with AVG, noting that the software:

"[A]dds numerous JavaScript API's to chrome, apparently then that they tin hijack search settings and the New Tab page. The installation process is quite complicated so that they tin bypass the Chrome malware checks, which specifically tries to stop corruption of the extension API."

Ormandy followed upwards the bug report with a self-described angry email sent directly to AVG. In it, Ormandy writes:

"I'g really non thrilled about this trash being installed for Chrome users. The extension is so badly broken that I'one thousand not sure whether I should exist reporting it to you as a vulnerability, or request the extension abuse team to investigate if it's a PuP [potentially unwanted plan].

Nevertheless, my concern is that your security software is disabling web security for 9 million Chrome users, obviously then that yous can hijack search settings and the new tab folio.

There are multiple obvious attacks possible, for example, here is a little universal xss in the 'navigate' API that can allow whatever website to execute script in the context of whatever other domain." (The relevant code samples tin can be viewed at the initial problems report.)

AVG released a broken patch for the trouble on December 19, which Google promptly rejected. The company revised its patch again, but equally of December 28, Google is reviewing the extension to determine if AVG will be allowed to offer it at all.

A review of the most recent anti-virus comparisons at AV-Comparatives shows AVG's anti-virus performing at the peak of the heap. The same cannot exist said, however, for the foistware that the visitor has taken to pushing at its users. A litany of user complaints accept erupted in recent years, well-nigh of which say the same things: AVG'south supplementary software — Spider web TuneUp, SafeSearch, and the similar — are security disasters and rampantly disliked.

AVG's privacy policy

The fact that the company at present wants to sell consumer data (the information above is from AVG itself) may merely be the terminal straw for many users. AVG has traded bodily due diligence for pushing users towards products that don't office while selling the data of its userbase.