Grrr Prevx uninstalled itself

So now you know why I was shocked Sunday night!

Thanks Joe!

Cheers,

TH

 

I would like to use this unwanted uninstall thread to request again that with password protection on on Prevx also asks for a password before uninstalling to prevent unwanted uninstalls, wether it is because of a bug, malware or other users using the computer.

 

Prevx will require a password on uninstallation if you've configured one provided that you aren't currently under an administrator account. The restriction is only applied on non-administrator accounts as a user is technically able to do anything they want under a full admin account anyway.

Hope that helps!

 

Is this set using "Password protect configuration options?" I might turn this option on.

 

@Triple Helix

No, did you send it UPS, or snailmail

@PrevxHelp

Good for you

 

Unfortunately, that seems slightly ridiculous in my book... what exactly can possess a responsible security software vendor to proactively uninstall software on paid up users computers?

I mean fair enough, anti piracy and all that....but leaving 500 computers without protection by invoking a silent uninstall remotely is ridiculous.....and how did this get past your testing procedures in the first place...and if it was a known feature why was such a situation not forseen?

I realise that software will always contain errors some of which slip past the net, but this is such a fundamental thing....who needs malware when security software uninstalls itself unaided.

Whats to stop malware "planting" whatever it is you are looking for on a computer in order to run this antipiracy measure and get prevx to auto uninstall?

 

Totally agree with you.

 

This bothers me.

 

It's not that I compare it to the McAfee scandal recently. But in this case your whole security is ripped off your system, leaving, in worst case, you unprotected. Furthermore, I was not running an RC-version of Prevx, so I was _not_ likely to get "hit worse" by this bug.

 

Just a simple enduser here: interesting thread: couple of things flashed up here, hope the Q's are not too clumsy:

So PrevX has installed some PrevXrootkit.exe uninstaller/script = "proactive anti-piracy measure" on all endusers machines which then get license cross checked in the cloud.

Zat it ??

Is that install in the EULA ??

Now I understand why you dont want a HIPS/BLocker ??

Or does something in the EULA specify that you can uninstall from the cloud ??
( can you do that ??)

If in some LUA account: how do you get Admin rights to run the uninstaller ??
Realistically: what gives you the right to run ANY .exe on my box,( if there has been one put there ??)

Come clean here please.

 

I don't think another process ran at all. Prevx has to be able to uninstall itself to auto-update. Somehow this uninstall ran due to a bug in the new protection and since there was no update, Prevx was removed from the PC.

I don't think you need Administrator permission particularly to uninstall things especially as Prevx runs as a process not an application.

 

I don't think that is what we are concerned about really...the issue here is the sort of closet DRM being employed by prevx to stealth remove the program without the authorization of the computer user. And it wasn't a one off either, by Joe's own post, around 500 computers were left completely without protection by this issue.

It wasn't a bug that appeared out of the blue, it is a bug that relates to some anti-piracy feature that we would like to know more about and get some reassurances that prevx will not be indiscriminately deleting itself from any more computers, why quality testing failed to spot this in release versions, and what is to stop malware invoking this anti-piracy feature to make prevx uninstall itself in future

 

Hello all,
To clarify - this was a bug, not an intentional process. Upon checking for updates, some users fell into a scenario where they were identified as fraudulent and our licensing system therefore invoked the uninstallation. This cannot happen by an external process and therefore cannot be invoked by malware. A similar aspect of our antipiracy measures has been reported here a couple times which is shown as a warning that says:

"Error: V911 - Please purchase a malware cleanup license to use the cleanup features of Prevx."

We had changed the behavior to uninstall instead of constantly show that annoying message but there was a span of about five minutes as we were rolling out the system which triggered the issues.

Also probably worth noting is that while around 500 users received the trigger, they did not all simultaneously uninstall as uninstallation would have only taken place on bootup and the issue was fixed fast enough for new users to significantly limit the scope likely only to "first adopters", many of whom are users here which explains the disproportionate amount of reports here.

Rest assured that we have fallen back to the previous system with the V911 warning message and uninstallations shall not take place automatically anymore - if you are erroneously experiencing V911 errors, please send me a PM or send an email to report@prevxresearch.com with your license key and we'll be able to reset you from there.

Sorry again for the inconvenience but I hope this helps answer the questions raised.

 

So if someone has Prevx Free installed all would be fine but if they try to install a cracked or some illegal license code it would of uninstalled itself but now you will get this "Error: V911 - Please purchase a malware cleanup license to use the cleanup features of Prevx."

Great stuff!

Cheers,

TH

 

Yes And this also inadvertently helps us as well - users who are trying to use cracked versions of Prevx will likely be infected with new threats... which means the Prevx community gets to learn about these threats faster

 

so the auto removal is still functional or not? Maybe it should flag that Error: V911 prior to unistall in case there are wrongful removals (at least user knows it is gone and to or not do something about it)

 

It's not - we've turned around on the concept just because of the benefit to ourselves (not saying we're greedy, but illegitimate users actually do provide quite a lot of intelligence into the Prevx database We've made changes to our cleanup routines in the latest version which will prevent cleanup from properly taking place if the user doesn't have a valid license key so we have no risk to allow them to remain installed anymore).

 

Just as long it will not affect real customers

TH

 

Still smells "Fishy" to me.

 

Check your boots they might be wet? My fellow Canadian! Montreal 4 & Pitsburgh 2 ATM

TH

 

That sounds good.
No objection to license checking.
Strong Objections to unattended uninstall routines.
Nice to have Wilders early adopters as the "early warning system"

That Error V911 message seems a bit clunky ??
Why not a window:

"We have detected you are using an unlicensed Version of Prevx.
PrevX will continue scan functions.
You are unable to use the cleanup facility.
Please purchase a license for full functionality" ....or such ??

lateral thinking: Luv it.

Add:

Maybe a funky version:
"In brightest day in blackest night no sneaky bastards escape our sight.
You No Pay: You Cant Play.
Scan away, but no soup for you"

??

 

I would say why let them know? Let them feel secure when there not! Just as long we know what the code means!

TH

 

I use the free version and this happened to me twice. First time I thought I must have uninstalled Prevx myself by mistake. Second time I came here and saw this thread. And just to be clear, I didn't "try to install a cracked or some illegal license code".

 

lol! Longboard

And your buying that response

They stepped in their own "do-do" and now their trying to back away without stepping in any more.

 

This comes to mind. - "hoist with his own petard"

http://en.wikipedia.org/wiki/Petard

http://www.phrases.org.uk/meanings/hoist by your own petard.html