I had switched a few years back from Free AVG to Avast free version because my wifes machine had got infected. Since then I have been pretty happy with Avast free version and it's minimal impact on my machine and occasionally manually checking suspicious files from the interwebs and also running full system scans every now and then. However, a few days ago running the latest Avast 5 free version on a newly install Windows 7 Ultimate I got an infection.
I was doing my typical routines from a new OS install by installing all the key software I use regularly and decided the old version of WinRAR was out dated and browsed the internet for the latest copy. The download from WinRAR's website kept timing out so I did a search with my bit torrent client, found a copy and began the download thinking it could be infected but I'll just scan it when it's finished. Besides, there were no comments attached to the torrent indicating it was infected and there were a lot of seeders.
Nevertheless, upon completion I scanned the zip file (kinda funny, WinRAR packed in a zip)...moving on...I then scanned the extracted folder, both times Avast 5 free version found no threats.
The WinRAR 3.92 version installed normally and everything was fine for about 2 minutes, then all of a suddon all kinds of pop ups and warning dialogs started coming up. Some new "Dr Guard" had installed itself in addition to disabling Avast while making it look as though it was still running, the built in Windows firewall, Windows Defender had been disabled and a cloned version was running, the task manager was disabled and my browser was hijacked always redirecting to a "you're infected with blah, blah, blah, you need to purchase the full version to clean the infections..."
So this rogue had gotten through and in my opinion is worse than a virus even though it didn't destroy any "personal" files, it left traces all over the place, was a pain to remove and left parts of the internal OS broken...I finally resulted in a format and a clean install.
Since then I have re-installed and use Avast and Malwarebytes Anti-Malware which does catch the Dr Guard and now I perform 2 scans on any download.
So today I open up my email using Thunderbird V3.0.3 and find a suspicious email supposedly from UPS saying they failed to deliver a package and to print out the details from an attached zip file. Suspicious, since I am not expecting anything and I wonder why UPS would not just have a tracking number, I scan the attachment with Avast and it finds an infection with a W32.Trojan. I have TLS/SSL disabled in Thunderbird so Avast can scan my incoming and outgoing messages but I'm really now considering if Avast 5 free edition is really trustworthy. If it was scanning my incoming emails, why did this one get through? Why did I have to save the file to the hard disk and then run a scan on it to find the infection? Why did Dr Guard make it through? All this in a few days?
I know some of you would say that my actions in downloading the bit-torrent was like asking for a problem, but seriously, this is why we have these security programs and this is truly putting these programs to the test. I consider myself an above average computer user and can usually pin point when something looks suspicious. I am sure the average folk would still be dealing with the rogue or even worse, purchased the scammy software and would now also be infected with the back door from the email. I also think that a fully licensed Pro verison of Avast would have the same results.
I'm calling out Avast...can you truly advertise your software as trustworthy and reliable after the events I have experienced?