Saturday afternoon I was sat here burning some Debian Testing disks on a Windows 7 PC when all of a sudden I got a virus alert. I run BitDefender on the PC in question and it’s always been a reliable scanner. The feature I like best about it is that it’s not overly intrusive. I hate the Norton and McAfee practices of stuffing me with Toolbars and fitting every new PC with trial editions. No doubt it makes them lots of money but their profit isn’t my primary concern.
Anyway, first things first, disconnect from the network and scan my shared resources from another machine with a different scanner. Phew, no infections, my data is clean. Next, back to the infected (and now isolated) PC and run a full system scan. Big mistake as it instantly became clear that it was Quarantining massive numbers of binary files. I cancelled the scan and changed BitDefender’s options to no longer quarantine infected files. I wasn’t quite ready to disable real-time scanning completely as it could be that all these files were infected with something. Unlikely but possible. Next I set about restoring all the Quarantined files. This uncovered a shortcoming with BitDefender in that it doesn’t provide an easy way to do this globally for all files. It allows you to select multiple files but borks every time it finds one that already exists in the original location (restored presumably by Windows 7 trying to protect its own innards). As a result of this, restoring hundreds of files from Quarantine took a long time but at the end of it I had a clean system again. Soon after, BitDefender released an update that resolved the false positives.
Whilst this was a time consuming issue for me, it enforced an important principle: Never grant an application that does updates via the Internet with privileges to delete (or move) files. It’s bad enough that Windows is almost unusable unless you remain permanently logged in as an Administrator but that in conjunction with dozens of applications dynamically updating the system is insane. Better still would be a virus scanner that runs in read-only mode. It would still function perfectly as a virus detector but would remain totally passive until such time as the user elects to elevate its privileges. If BitDefender had run in this manner, there wouldn’t be thousands of their users currently rebuilding their bricked PCs.