AVG Security Toolbar is the worst foistware I've ever seen

AVG Security Toolbar is the worst foistware I've ever seen

Summary: It's one thing to have an installer that pushes foistware onto your computer. It's another thing to have an uninstaller that doesn't properly remove and revert everything that it did. AVG is a security company that needs to learn how to act like one.

TOPICS: Security, Malware

Update at 5:00PM PST - AVG responds: Plans to update its toolbar installer, uninstaller


If you've ever installed PowerISO without looking very closely at the installer, you're in for a nasty surprise, courtesy of AVG. Over on the AVG forums, a user by the name of "superasn" has filed the following complaint:

I recently installed a software (PowerISO) and without consent it installed AVG toolbar and other software on my system which has completely modified my computer without my knowledge.

My browser (Chrome) now goes to your AVG homepage and Google search has also been replaced by AVG. The same is happening in Firefox and Internet Explorer. This has caused me hours in productivity and unnecessary frustration. The same is also happening after I uninstalled your toolbar (from inside Program and features)

I did NOT want this and modifying my computer like this is totally unacceptable. Your call yourself a anti-virus company while in fact the behavior is exactly that of a mal-ware which hijacks your browser and causes problems.

What does AVG have to say for itself? One of the company's "TechBuddy Ambassadors" by the name of "_malchys_" gave the following response:

We would like to inform you that installation of AVG Security Toolbar and AVG Secure Search is optional (as you can see on this screenshot). Please contact the PowerISO company because it looks like bug in their installer. They have tools for debugging their installation process and finding the glitch. We cannot change the PowerISO installer from our side.

Please follow this guide to remove AVG Security Toolbar and AVG Secure Search from your browsers.

Do not hesitate to provide us with the feedback to our services by filling in the AVG Product Feedback Form.

I've embedded the screenshot above. The user had no idea this was being installed on his or her computer because he didn't spot the following checkbox, which was checked by default: "Improve my internet protection with AVG Security Toolbar. Set, keep and protect AVG Secure Search as my homepage and default search provider."

As my colleague Ed Bott notes, this type of software is called "foistware" (personally I would have gone with "crapware" but apparently that already refers to pre-installed software).

This is the type of software that sneaks onto users' computers because they hit the "Next" button without reading. Some would argue that this is their fault, and while I understand that point, it's still completely unacceptable to have checkboxes like this one checked by default.

I have to say that this AVG toolbar is the worst kind of foistware. Implementation aside, as the victim notes, AVG is a security company. This type of behavior is simply deplorable.

I'm therefore not surprised superasn was not satisfied with _malchys_'s answer:

You had the audacity to change my settings in the first place just because I was tricked into clicking a shady checkbox, why should I have to read a FAQ and manually revert them after? Do you have no respect for your user's time? I'm sure the programmer who wrote the program to change my settings in the first place could definitely write a uninstaller to revert them too. But you would not do that.

It's a shame that of all the unscrupulous companies who would use such ploys, an anti-virus company like AVG is doing it instead! I'm sorry but this is just too fishy.

I would still like to give you benefit of doubt that you didn't know about it, but now that you do, will you do something about it?

Again, _malchys_ replies by blaming PowerISO and asking superasn to fill out the feedback form:

Please accept our sincere apologies for these inconveniences with AVG product.

Please contact the PowerISO company regarding implementation of the AVG Security Toolbar and AVG Secure Search into their installer.

Please fill in the AVG Product Feedback Form to contact product management directly.

We are ready to help users which have difficulties removing AVG Security Toolbar and AVG Secure Search. Users can post here on AVG Forums and also contact AVG Technical Support for further information. We would welcome tips how to improve our guides to be more user friendly.

A checkbox for extra nonsense like this toolbar and changing your homepage should start unchecked. The problem is that users don't want to check such a box, so PowerISO and others like it make a point to have it checked by default.

PowerISO isn't the AVG's only partner (in crime). This toolbar is installed along with other software, including: TuneUp Utilities, SlimCleaner, SlimComputer, SlimDrivers, FixCleaner, DriverUpdate, DriverMax, Soda PDF, RadarSync's Drivers update, Soft32 Download Manager, GOM Player, as well as other applications that use Open Install's Online Installer.

While I agree that PowerISO is at least partly to blame here, I think it comes down to AVG in the end. The security company should have policies in place so that its partners' installers and uninstallers work properly.

I have contacted both AVG and PowerISO about this issue and will update you if I hear back.

Update at 5:00PM PST - AVG responds: Plans to update its toolbar installer, uninstaller

See also:

Topics: Security, Malware

Emil Protalinski

About Emil Protalinski

Emil is a freelance journalist writing for CNET and ZDNet. Over the years,
he has covered the tech industry for multiple publications, including Ars
Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Bye bye Windows 7, hello Metro IE

    No more toolbars is what I'm looking forward to in Windows 8.

    I have a beef with another big company: Conduit. The company should just be disbanded.

    They produce this software kit for making your own browser toolbar, and too many malicious websites are picking it up and installing the toolbar without consent using existing browser exploit code. Once they install the toolbar, they hijack search and homepage settings, redirecting to fake search engines that include poison search results that infect the computer further. The software should be listed with every anti-malware vendor because I can't count how many infected machines I see in a week with "Community Toolbar" installed without the customer realizing where it came from.
    • Seriously

      I could not agree more. Conduit sucks. 100%
    • No more toolbars is what I'm looking forward to in Windows 8.

      Really? Windows 8.x will go the way of ME and Vista. Windows 9 is already on the drawing board and is scheduled for late 2015. Enjoy your Metro/Tile interface for now, the rest of us will wait to see what Win 9 brings.
  • AVG users get what they deserve

    IMHO, anti-malware IS malware by its very definition. E.g it installs crap you don't want and slows down your system.

    I always chuckle when I hear people argue about which anti-malware is the best. I've not run any form of anti-virus/anti-malware on my personal machines for 20 years. Here's a pro tip, if you don't use your computer like a complete moron, you'll be ok without it 99.9% of the time. For the other 0.01% it's a trade-off that is worth it for a faster more responsive computer.

    If you still feel you need your security blanket, why not just use MS security essentials?
    • This affects non-AVG users too

      As long as you install one of the programs which bundles the toolbar like PowerISO mentioned here and you miss the checkbox during setup, you get that crap installed even if you don't use AVG Anti-virus.

      Coming from a security company, I don't think that toolbar bundling as well as homepage and search engine changes are acceptable behavior. I expect that from crappy companies like Ask, but not AVG, I'll now file them as such, a crap company (McAfee is already there trying to send me something when I want to install Flash or Reader).
    • Why not use MS security essentials?

      Because it's garbage, that's why.
      • Misinformation

        To say that its garbage is a gross overstatement. What you've said is worthless.

        MSEssentials is an excellent extension to the basic Windows Environment after installation. While I see the need for an internet security package like most people do, its a very simple yet effective way of ensuring that you're protected at least until a security suite can be installed.

        It serves a purpose, one that it does well - even if its simple.
        • Well for a corporate tool like you...

          ...I would expect a canned answer like that.

          It's pretty mediocre for what it does.

      • no , ms security essentials is not garbage

        wrong, ms security essentials is not garbage
    • Pro Tip?? You are kidding right?

      (why not just use MS security essentials?)

      Why not?

      Well because Microsoft Security Essentials opens backdoors for Gov't sponsored malware

      HERE is a pro tip for you...

      You think I just made that up so you need evidence?

      Evidence is easy to get, just install Security Essentials on XP-SP2 or earlier


      SP3 adds its own backdoors and confuses the results you may get

      XP-SP2 can be made to block ALL incoming traffic by using an aftermarket firewall such as SYGATE

      Vista and Windows 7 leave you no real option to block ALL incoming traffic by using a software firewall so they will not be discussed here

      Block ALL incoming and outgoing traffic with the firewall and then update Microsoft Security Essentials "WHILE" it is blocked in the firewall

      It updates just fine proving that it makes a backdoor around your firewall

      THAT is extremely dangerous!

      It is almost as bad as Microsoft "allowing" a Gov't to use Windows Update to install FLAME on so many computers and then simply cancelling the certificates used to install that spyware

      Do we need to wait 5 years to find the next Gov't spyware on our machines only to have Microsoft cancel "THAT" certificate once it it found

      Gee, only 5 trillion certificates to go

      Some security...

      Who's security are they protecting anyway?
      • correction


        Vista and Windows 7 make it impossible to block ALL incoming AND OUTGOING traffic
    • They do?

      2 Things:
      1) What if AVG users didn't want AVG in the first place....like most of them; and,
      2) What about that other 0.09% [of the time] you leave unaccounted for?
      Hans Persson2
    • great advice spackle

      great advice spackle
  • Double Shame on AVG

    Of course, the trickery itself is most deplorable -- and yes, SHAME ON AVG.

    But "_malchys_" -- the AVG rep's responses which nonchalantly placed all the blame on PowerISO and all the burden on the user (hey user, you contact them and you fix it yourself) -- shows up AVG's company mentality as well. DOUBLE SHAME ON AVG!

    AVG -- when I download your software, I LOOK TO YOU to make sure that THE ENTIRE PACKAGE does what it is supposed to do, and it's free of any trickery and foistware!
  • There are two axioms nowdays

    1) toolbars are absolute evil;

    2) security companies are mothers of all evil.
  • AVG Security Toolbar is the worst foistware I've ever seen

    Very sneaky. I've seen this type of thing in other software. You really have to look at those check boxes and know what is being installed. Some actually say it like "to support us please install this toolbar" and that I don't mind because they are honest. Its where they try to trick you like this PowerISO example which is what gets people mad.
    Loverock Davidson-
  • Web browsers are not blameless

    Sometimes it is almost impossible to get rid of some changed settings due to convoluted configuration and plugins in the browsers. I once spent few days trying to get rid of automatic redirection to ask.com when mis-typing URL in Firefox. It appeared to be some kind of setting that is indirectly accessible from GUI by typing some obscure URL into address bar. Why is that?
    Why it is impossible to put all configuration in one place? User should know how data comes to the browser and how it leaves browser without any hidden translators, toolbars or redirectors.
  • I've Noticed This with Peazip Installation

    I've noticed this when installing Peazip on people's computers. I've never missed unchecking the box, but this would be the result if I didn't always do that.

    I hate foistware. A company distributing software as foistware is enough for me not to use the product even if I normally may have been interested in it.

    I realize that the products that allow the foistware installation to be placed in their install scripts are doing it for funding, and a lot of them probably couldn't survive without that type of revenue. However, though I am sympathetic toward them to an extent (though I will still avoid the software under most circumstances), I have no sympathy for the company that creates the deal, especially when the software is so invasive (which is often the case).
    • Ah-ha!

      So pea-zip was the cuplrit...eh? It's the only thing I can guess as to where it came from. How it happened is beyond me though, considering I always uncheck those stupid boxes and make sure to look for them. Pea-zip sucked anyways. I'll stick with my 7-zip, thank you.
  • thanks for the support!


    I'm the original poster of the complaint on the AVG forum and reddit. I'm thankful for your support and bringing this issue to light.

    Your article has helped make a very positive change and I hope AVG follows through with its promise of updating the installer, making the toolbar less intrusive and telling users about the modifications being made to the computer very clearly and upfront.

    Hopefully other companies who do such shady things, will also take heed.