AVG has once again upset its customer base and proven that it lacks due diligence and competence needed in an antivirus company to stay afloat in the security business.
Just few weeks before the New Year, a research team from Google discovered that AVG Antivirus (AV) “force installed” an extension in the Chrome browser that surpassed the browser’s malware check, making user information vulnerable to online attacks.
It was a bug that made its way into a software product because of AVG team’s oversight. Chrome’s team was quick to report the bug to AVG, but the AV company responded with a broken patch that Google immediately rejected.
This is not the first time that AVG has been on the news for all the wrong reasons. Last year, AVG received a widespread public flak for announcing that it would trade consumer data – that they collect through free products – with third-party advertisers for profit. Over the years, they have been accused of force installing toolbars (such as SafeSearch) without user permission and making them the targets of aggressive malvertising.
Their rise to notoriety this time is a courtesy of AVG Web TuneUp, an in-line AV installation for namesake that broke Chrome’s security parameters. The extension is also available as a free for download plug-in in Chrome Store.
Google Security researcher Tavis Orlandy reported the bug to AVG and later rebuked the company for doing a languid work in patching the problem. His angry mails to the AVG team was widely circulated to users and media, and AVG was finally compelled to come up with a solution for the bug.
But it’s time for AVG to do a serious gut check if it wants to behave like a source of problems for online users or like an antivirus vendor who is responsible for securing user data.