[Explanation] Why old avast! versions are forcibly updated

[igor]

If we are talking about versions that were obsolete maybe two years ago, then I would guess yes, there will eventually be a forced update.

Stopping the virus definition updates is not an option. First, I'm not sure there's a technical way to do that (it would have to be something working even on those old versions, and there's no time machine to go back and change them), second I don't believe it would help (if people didn't update the program for two years, most of them would also ignore any warnings - be it about the unsupported program version or outdated virus definitions; actually, we have seen exactly this with v4 - there's no point in trying to tell people the program is gonna go unsupported), third Windows would interfere here (Microsoft is trying to get rid of outdated security software, so a policy on new operating systems is that if your antivirus is expired or noticeably outdated, Windows simply shuts the antivirus off and uses Defender instead.... - so you're not really in control anyway).


Eventually, the best "solution" could be to get rid of the program update option completely. There is already a lot of code (i.e. things that can affect the program behavior) in virus definitions, changing potentially daily - because to successfully fight malware, you need to be able to quickly react on new stuff. So distinguishing between "program" and "virus definitions" is a bit artificial already; it could be merged into one.

[REDACTED]

If we are talking about versions that were obsolete maybe two years ago, then I would guess yes, there will eventually be a forced update.

Stopping the virus definition updates is not an option. First, I'm not sure there's a technical way to do that (it would have to be something working even on those old versions, and there's no time machine to go back and change them), second I don't believe it would help (if people didn't update the program for two years, most of them would also ignore any warnings - be it about the unsupported program version or outdated virus definitions; actually, we have seen exactly this with v4 - there's no point in trying to tell people the program is gonna go unsupported), third Windows would interfere here (Microsoft is trying to get rid of outdated security software, so a policy on new operating systems is that if your antivirus is expired or noticeably outdated, Windows simply shuts the antivirus off and uses Defender instead.... - so you're not really in control anyway).

Eventually, the best "solution" could be to get rid of the program update option completely. There is already a lot of code (i.e. things that can affect the program behavior) in virus definitions, changing potentially daily - because to successfully fight malware, you need to be able to quickly react on new stuff. So distinguishing between "program" and "virus definitions" is a bit artificial already; it could be merged into one.

I would think it is simple to stop the VBS updates.....just change the Server where the Avast 9 (and 10) get the updates and leave the Servers where the older versions get the updates with the current (soon to be old) VBS file alone (ie. no updates).

I do get you "philosophical" point but in this case you need to provide a public statement on what you ARE going to support and what you are going to FORCE install with new program.  It is not fair to assume that 200+million people don't care.....we do !!!!!!  One of the first threads on this subject talked about what Avast "thinks" you'll support.....I would request a definitive line in the sand of what you'll not support and when....put it as a sticky in the top of the Forum.  If people's PCs are going to be "controlled" you need to inform them of what/when....if they ignore that then so be it......but you can't have people just wake up with no notice and machines under non-emergency conditions have been updated.  Take me as example, I'm a very techy person and while I read this Forum daily I intentionally wait to update program releases.....not just Avast but MS, iOS, etc....why ?......has saved me tons of headaches and possible unusable devices.  Just look at Avast 9/2014 when released last Fall.....very premature IMHO....lots of serious bugs and also tons of bloatware that no one knew the impact....waiting six months reading the Forum allowed me to assess not only when I updated but also how this would be done and what I'd install.  I think you'd agree a "program" install is better done in clean environment with backups already in place.  You see the world from "protecting and reacting to things quickly"......but your protection can turn into my nightmare....even with best intentions things go very wrong with new program releases.

So, really what I'm asking is notices...even in Forum...on Avast's intentions.  I was one of the AVG8 to AVG9 victims where they bricked PCs and luckily (because of luck of draw staged rollout) only hit one of my PCs overnight.  Their solution was akin to a FarBar blow-away of AVG....which sometimes worked...sometimes the O/S was hosed....which was my case.  They saw the issue within hours and pulled the rollout but the impact was already horrific to many....I just want Avast to protect yourself and your users from this type mistake and not be so eager to pull the trigger....give some notice and runway.  However, I get it that we are talking older versions....but I've been in the tech business 30 years and unless you have a formal policy on how you handle some manager in Avast is going to decide to just pull the trigger across the board for marketing reasons.

Anyway, just a suggestion.....I'm hoping the importance and risk of this discussion allows Avast to truly think through a definitive and publicized strategy.  Thanks in advance for your consideration and reading of the thoughts.

[REDACTED]

If we are talking about versions that were obsolete maybe two years ago, then I would guess yes, there will eventually be a forced update.

Stopping the virus definition updates is not an option. First, I'm not sure there's a technical way to do that (it would have to be something working even on those old versions, and there's no time machine to go back and change them), second I don't believe it would help (if people didn't update the program for two years, most of them would also ignore any warnings - be it about the unsupported program version or outdated virus definitions; actually, we have seen exactly this with v4 - there's no point in trying to tell people the program is gonna go unsupported), third Windows would interfere here (Microsoft is trying to get rid of outdated security software, so a policy on new operating systems is that if your antivirus is expired or noticeably outdated, Windows simply shuts the antivirus off and uses Defender instead.... - so you're not really in control anyway).


Eventually, the best "solution" could be to get rid of the program update option completely. There is already a lot of code (i.e. things that can affect the program behavior) in virus definitions, changing potentially daily - because to successfully fight malware, you need to be able to quickly react on new stuff. So distinguishing between "program" and "virus definitions" is a bit artificial already; it could be merged into one.

1) I've worked with IT many years and also have an IT background myself.  First thing I can tell you is that ANYTHING is possible.  I've been told by IT a number of times something can't be done, gone home, wrote up the basic code and slapped it down on their desk the next day.  If anyone in a technical capacity at your company is telling you something cannot be done, then they should be replaced.  Go find someone with some creativity that can think outside the box.  Plain and simply, the computers are contacting you and information is being exchanged.  Once the version of the application is identified you either choose to update or not depending on what version the user has.  Then broadcast a message saying that your definitions have been updated, or your sales ads or a message saying that this version is no longer supported and will not be updated.  If you can send people sales ads you can certainly control other aspects.

2) Again, it's  about personal choices... if a user receives a message either through the application or via email and chooses to ignore it and that message tells them either they are no longer protected or they will be forced to upgrade then comes on here and complains because they failed to act after being told for a month, then no one is going to have any sympathy for them and we wouldn't even be having this conversation.  To say thousands of users have their computers locked up because a couple of boneheads ignored your every attempt at contact is silly.  Due diligence, not reckless abandon, is the solution required now.

3) That would again fall under personal choices... if a user lets their coverage lapse and Microsoft then turns on windows defender for them then
a) The problem now lays in the hands of Microsoft and the user and you are in the clear and Microsoft can then deal with the backlash of invasive tactics
b) Defender would most likely be a better option if some user lets their coverage lapse so far behind

Again, it isn't right to crash people's computers "for their own protection" and I think the user's have made that abundantly clear.  Many people have left already and stated their discontent on their way out the door and more are talking about leaving.  The only people defending this policy are the same individuals that stand behind you no matter what decision you make and have made their bias clear to all on many issues (ra ra ra - siss boom ba), but when you have random people coming forward (like me, this issue doesn't even affect me other than the fact that I just dont like it in principle and find it hard to believe it was even put into place) and person after person (newbs) signing up for an account just so they can tell you how awful they think this decision is and to express to you that their computers which were fine yesterday are now junk, then that is a clear representation of there being a problem.

[RejZoR]

Forced update or not, you can't convince me with any argument that you had no time for 3 years to validate the new(er) version and update accordingly. Because any argument just hinting into that direction would mean you're just plain lazy. I understand when people wait for month or two after brand new major release for things to stabilize and calm down. But doing so for 3 years and still not being able to update to a newer version. Sorry, no, no and no.

If anyone asks me, avast! team should really only allow one older version and update every other older version without users having any control over it apart from being asked to restart the system, after the program update has been performed. So, when new version 10 will soon be released, version 9 should still be allowed, but anyone still using version 8 or older would be updated to latest version whether they like it or not. When version 11 will be released next year, version 10 would still be allowed and anyone still using version 9 would be updated to latest version. If you haven't bothered to update your antivirus in 1 year, you never will. Plain and simple fact.

EDIT:
Oh for god sake, cut the nonsense with "it isn't right to crash people's computers "for their own protection"". Now you're saying like they're intentionally crashing systems. WTF!? If system crashes because of avast! update, it would happen either way, whether you update it manually or by automatic update. If system was destined to crash (because all the right parameters aligned for crash to happen), it would either way. And at that point, does it really matter if you're next to it when it does or you see it crashed after you wake up in the morning, lets say 3 hours after the crash? It makes zero difference and makes it a very poor argument that some of you keep on re-using again and again.

It's not like installer or updater notifies you: "Hey there, i'll crash now, so don't update me". It doesn't. It just happens or it doesn't. And with such massive user base and so many different system configurations, it is bound to happen at one point to a certain % of users. It's unavoidable and thinking it can be avoided just means you're delusional.

[REDACTED]

@RejZoR,
In post #43,  you latched onto few of my opinion comments in post # 42.   
But I guess you did not notice or did not read or did not understand my most important point - the need for advanced notice to give us an opportunity to image the system partition.

Or do you consider that a stupid or trivial request?
In case you wonder why the need for an image, you may want to read about these old bloopers
Avira:  http://www.zdnet.com/blog/security/avira-antivirus-update-cripples-millions-of-windows-pcs/12129
McAfee:  http://www.cnet./buggy-mcafee-update-whacks-windows-xp-pcs/com/news

[REDACTED]

Forced update or not, you can't convince me with any argument that you had no time for 3 years to validate the new(er) version and update accordingly. Because any argument just hinting into that direction would mean you're just plain lazy. I understand when people wait for month or two after brand new major release for things to stabilize and calm down. But doing so for 3 years and still not being able to update to a newer version. Sorry, no, no and no.

If anyone asks me, avast! team should really only allow one older version and update every other older version without users having any control over it apart from being asked to restart the system, after the program update has been performed. So, when new version 10 will soon be released, version 9 should still be allowed, but anyone still using version 8 or older would be updated to latest version whether they like it or not. When version 11 will be released next year, version 10 would still be allowed and anyone still using version 9 would be updated to latest version. If you haven't bothered to update your antivirus in 1 year, you never will. Plain and simple fact.

EDIT:
Oh for god sake, cut the nonsense with "it isn't right to crash people's computers "for their own protection"". Now you're saying like they're intentionally crashing systems. WTF!? If system crashes because of avast! update, it would happen either way, whether you update it manually or by automatic update. If system was destined to crash (because all the right parameters aligned for crash to happen), it would either way. And at that point, does it really matter if you're next to it when it does or you see it crashed after you wake up in the morning, lets say 3 hours after the crash? It makes zero difference and makes it a very poor argument that some of you keep on re-using again and again.

It's not like installer or updater notifies you: "Hey there, i'll crash now, so don't update me". It doesn't. It just happens or it doesn't. And with such massive user base and so many different system configurations, it is bound to happen at one point to a certain % of users. It's unavoidable and thinking it can be avoided just means you're delusional.

Then I'm sure glad you don't work for Avast.....hopefully they will balance the risk/reward of these actions.

No, I'm not delusional......these new A/Vs by the nature of what they do are intrusive to the O/S....so they can/do on their own merit cause issues/bricks....do Google...it's happened....even Avast 9/2014 was a POS when released.
I've watched countless posts where Avast 2014 did cause the requirement to reload O/S.....many not Avast fault, many are.
These incidents have gotten fewer as V9 has matured/stabilized and of course your going to tell me how 200+million people don't have issues only the insignificant few who post on the Forum do.....blah, blah.....not insignificant to those few.
Point is.......you need to be careful and take steps to recover your system when doing a A/V "program" update.

So even you are saying that an older version should be allowed......SO, the only argument is "when" and "how" Avast cuts the cord to older versions.....common ground of agreement.  What I am saying is brute forcing a code update and reboot to a person's PC is just wrong and NOT the way. I have now posted the Avast EULA two times and asked where Avast has this right or where I have signed this right away......and no one has commented.....why ?......because I have not signed it away nor have they included the right to manage my PCs in that fashion.  Avast has an easy avenue to accomplish exactly what they want without doing it through heavy handed technique and all the mega-posters who are paid/incentivized to keep belching out the corporate BS does not make your logic right......especially when several of you guys are still on Windows XP. I do get it.....you are paid to beat down the comments of people who object....sorry, won't work with me.  I would hope what are very intelligent people like yourself can understand the distinction of not staying on an old software version versus the line Avast crosses with forced updates.  My only point in all this is Avast should figure out a better exit strategy than using the EMU as a way to force install and reboot peoples PCs for non-emergency agendas.

[bob3160]

Who owns the product and who determines what is considered an emergency ?
This isn't meant to argue a point but get your reaction to that question.

[RejZoR]

Of course i'm saying that. Unless if you can provide me a method where you could migrate all 200 million clients to a new version without causing a distruption in protection between old and new version. That's why. But since you clearly don't understand logistic problems behind it, I now know why you're repeatedly giving arguments that have very little with reality. It's not possible to release an update and deliver it to all 200 million clients in half an hour across entire world and after that time, entirely discontinue the old version. It's just impossible.

Giving a 1 year gap, gives even the most demanding users and admins enough time to adjust. If they can't in such time, then a security company that is delivering the product has to decide for them. Because they are clearly not fit to make such decisions if they failed to do it in 1 year time. Because that is plenty of time by all means.

Igor explained how it went with avast! 4.8. Despite notifying users well in advance there were still so many problems with it. So complaining over not notifying users, it just doesn't matter. Like i said, if you can't do it in 1 year time, you never will. Running 3 versions old security software because you think you know it better than a company that has been in security for over 20 years, then they have every right to forcibly update you whether you like it or not. If you'll stop using avast! because of this reason, i don't think they really care at this point, because if it wasn't for this, you'd come back and complain because you'd get infected later. With an outdated antivirus... or some other excuse/argument.

[Chim]

If we are talking about versions that were obsolete maybe two years ago, then I would guess yes, there will eventually be a forced update.

Stopping the virus definition updates is not an option. First, I'm not sure there's a technical way to do that (it would have to be something working even on those old versions, and there's no time machine to go back and change them), second I don't believe it would help (if people didn't update the program for two years, most of them would also ignore any warnings - be it about the unsupported program version or outdated virus definitions; actually, we have seen exactly this with v4 - there's no point in trying to tell people the program is gonna go unsupported), ...

Wait a minute.  What do you mean --- stopping the virus definitions updates is not an option and that for starters, there's possibly no technical way to do it?  Isn't this exactly what was done way back in the avast 4.x days when the Windows 98 users were given the heads up that the avast support for Windows 98 days were numbered and that we'd better prepare accordingly?  Back then the message was properly gotten out, spread and drilled that come the certain deadline, avast support for Windows 98 would end ... no ands, ifs or buts and those who didn't heed the warning and prepare accordingly would have no one to blame, but themselves for having an unprotected computer.

With me being a Windows 98 user at that time, I of course preferred that that not be happening, but I had to admit that at least avast was doing the right thing in giving us a Heads Up / Warning with plenty of time to either upgrade our OS, buy another computer or do whatever it was that our Plan B would be.

Courtesy of the heads up that we got with plenty of time, I did eventually finally managed to get my hands on a Windows XP computer in time before the 'avast support for Windows 98 cutoff' deadline.

So getting the message out CAN work if done correctly.
That said, IMO ... THAT is what avast should have in the current situation.  Instead of a surprise force fed version upgrade, a heads up / warning should have been gotten out that avast support for v7.x would end at so & so deadline.  People could choose to act and prepare accordingly or ignore the heads up.  But, then come the deadline, those who chose to ignore the heads up would have no one to blame, but themselves.  avast would then be within their right to pull the plug on the virus definitions for v7.x.

As good as avast 2014 might be, a force fed version upgrade would pose a risk of inconveniencing many users who didn't consent to it and now were encountering problems.

[REDACTED]

@RejZoR,
In post #43,  you latched onto few of my opinion comments in post # 42.   
But I guess you did not notice or did not read or did not understand my most important point - the need for advanced notice to give us an opportunity to image the system partition.

Or do you consider that a stupid or trivial request?
In case you wonder why the need for an image, you may want to read about these old bloopers
Avira:  http://www.zdnet.com/blog/security/avira-antivirus-update-cripples-millions-of-windows-pcs/12129
McAfee:  http://www.cnet./buggy-mcafee-update-whacks-windows-xp-pcs/com/news

....and here is AVG: http://lifehacker.com/5705582/avg-2011-update-crashes-64-bit-windows-7-pcs-heres-a-quick-fix

Point is.......by the nature of what these A/Vs must do....become integral to O/S they intrude on a lot of sensitive areas.
We are in a day and age where with these nasty attacks on PCs these A/Vs have to be what they are......BUT to say that a PC would already crash if the A/V program update caused it is TOTAL AND UTTER BS.......you just have to do a Google to find out how wrong that statement is.  SO, if Avast wants to "protect" its user base in all sense of the word then they should understand the potential impact and "protect" me by allowing me to manage the process......which I thought I was doing by setting to MANUAL.

[bob3160]

Sounds like an argument that's never going to get settled to the satisfaction of all sides.
Green becomes Blue and Black becomes white. Ultimately the answer will still be
what ever the maker of the product thinks will be best for it's customers and in this case the safety of their computers.
Write, wrong or, indifferent, no amount of argument or discussion by either or both sides will change that fact. 

[REDACTED]

Who owns the product and who determines what is considered an emergency ?
This isn't meant to argue a point but get your reaction to that question.

It is a good question..........in my opinion and EMU "emergency" is when Avast finds out they have a rogue VBS or code update that is going to cause or has caused problems in PCs.......it is not to upgrade from older versions to newer. 
As you know as a techy, small tweaks in code are usually helpful....it is the mass change from one version to another that can bork things up.  Good example of this is all the suggestions to do clean un-re-install....seems a needed step from major version changes of Avast. 

[REDACTED]

Sounds like an argument that's never going to get settled to the satisfaction of all sides.
Green becomes Blue and Black becomes white. Ultimately the answer will still be
what ever the maker of the product thinks will be best for it's customers and in this case the safety of their computers.
Write, wrong or, indifferent, no amount of argument or discussion by either or both sides will change that fact. 

Agreed.........I'm only posting here because I DO like and want Avast to be the best.....and have first hand experience (via AVG) of what this type action can do to the user......right now Avast had handful complaints....why ?, because they did not brick peoples PCs...........which did happen in MASS by other A/V companies.  My point is that there can be other options to force the migration as pointed our without a avenue that provides risk to both the users and Avast.  What would happen to Avast's market share if they rollout a forced update and it borks thousands or more PCs.  So, my point of all this writing and complaining is that there should be a better way.....they are engineers and smart people for goodness sakes...put some thought into it...I'm sure they are up to the task.  I just cringe when I see how dismissive folks are that this "method" could cause tragic results.

[bob3160]

put some thought into it...I'm sure they are up to the task.

I'm sure that's what they are doing. By now, I also think they've had more than
sufficient input to make an educated decision.

[REDACTED]

Forced update or not, you can't convince me with any argument that you had no time for 3 years to validate the new(er) version and update accordingly. Because any argument just hinting into that direction would mean you're just plain lazy. I understand when people wait for month or two after brand new major release for things to stabilize and calm down. But doing so for 3 years and still not being able to update to a newer version. Sorry, no, no and no.

If anyone asks me, avast! team should really only allow one older version and update every other older version without users having any control over it apart from being asked to restart the system, after the program update has been performed. So, when new version 10 will soon be released, version 9 should still be allowed, but anyone still using version 8 or older would be updated to latest version whether they like it or not. When version 11 will be released next year, version 10 would still be allowed and anyone still using version 9 would be updated to latest version. If you haven't bothered to update your antivirus in 1 year, you never will. Plain and simple fact.

EDIT:
Oh for god sake, cut the nonsense with "it isn't right to crash people's computers "for their own protection"". Now you're saying like they're intentionally crashing systems. WTF!? If system crashes because of avast! update, it would happen either way, whether you update it manually or by automatic update. If system was destined to crash (because all the right parameters aligned for crash to happen), it would either way. And at that point, does it really matter if you're next to it when it does or you see it crashed after you wake up in the morning, lets say 3 hours after the crash? It makes zero difference and makes it a very poor argument that some of you keep on re-using again and again.

It's not like installer or updater notifies you: "Hey there, i'll crash now, so don't update me". It doesn't. It just happens or it doesn't. And with such massive user base and so many different system configurations, it is bound to happen at one point to a certain % of users. It's unavoidable and thinking it can be avoided just means you're delusional.

Rejzor

1) Two things you don't force... an operating system update and an AV update... why, because by their very nature they are intertwined, crucial to each other, intrusive in that they, by themselves, alone or together, are affecting everything on your computer, and they have the ability to wreak havoc if something goes wrong.

2) Avast is not taking into account a full embodiment of what their actions might have caused and/or didn't care and did it anyway.  A cost/benefit analysis was looked at and they said, but we think it's in the best interest so do it... as such did exactly what you said, for your own protection, we are willing to take the risk with your data and equipment and crashed them, which they went through before last year when they did this same thing because of Microsoft and evidently didn't learn their lesson.

3) According to you, everything everyone has been telling you is a poor argument so pick your battles because you're killing any credibility you may have left.

4) As I try to understand even what I think is nonsense, I'd like to ask you two core questions:
a. If I understand correctly, your entire argument is that protecting people for their own good means it's ok to force an update on them (if that isn't it then I'd realllly like to know why you even care).  So you have some sense of protecting all of us poor defenseless folk... but then you make the next argument that you are not ok with someone just being lazy and screw em, they don't even deserve any kind of notification (keeping in mind that probably makes up a large % of people who even use computers).  So on the one hand you force yourself upon people and that's ok (regardless of consequences), but when it comes to any kind of customer service, empathy, caring, just being a decent person, then sending out a note is just too much with which to bother.  Doesn't that seem like a contradiction in your core philosophy?  Some people are saved and others explode and it's all dependent on who you think matters?  Are you saving us from ourselves or not?
b.  Let's take a scenario where you work for a company, completely arbitrary... Rejzor Corp., Inc.  A subsidiary of Saddam Hussein Enterprises.  Ok, so your company goes out of business because your CEO was caught in a spider hole and hanged... you then have to find another job.  So you go to work for another company and you are sitting in a meeting looking for a solution to something and they say any ideas... you say let's force it down their throats, they will bow to my whims or die.

The meeting organizer responds and says that's not an option what else do you have?

My question is this... assuming we don't live in a world where dictators run companies... and forcing it down the infidel's throats is not an option... what other alternatives do you suggest?