Feeds

back to article Malwarebytes declares Windows 'malicious', nukes 1,000s of PCs

A dodgy software update for virus-killer Malwarebytes disabled thousands of PCs before a fix was issued this week. Malwarebytes' database version v2013.04.15.12 erroneously flagged core Windows system files as malicious, resulting in unstable - and in some cases unbootable - machines. Windows system files were wrongly identified …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge
Facepalm

This is not rocket science...!

How can any anti-virus company release an update without comprehensive testing on a range of machines with various generally expected software configurations to ensure that this sort of thing doesn't happen?

27
0
Silver badge

Re: This is not rocket science...!

Wow in future they're going to do basic testing. Wtf where they doing before?

28
0
Silver badge
Meh

Re: This is not rocket science...!

"How can any anti-virus company release an update without comprehensive testing on a range of machines with various generally expected software configurations to ensure that this sort of thing doesn't happen?"

If it's free, are you getting what you paid for? Quite seriously, if they aren't charging, is it reasonable to expect much in the way of testing (or development, or anything, really)? I'm a happy freetard, using a range of free software, but I accept that there's no redress.

2
13
Facepalm

Re: This is not rocket science...!

Its free for personal use, but commercial users have to pay for it, so yes I'd expect them to at least have tested that it doesn't go berserk once installed.

7
0
Silver badge
WTF?

@Ledswinger - Re: This is not rocket science...!

"Quite seriously, if they aren't charging, is it reasonable to expect much in the way of testing (or development, or anything, really)?"

I would ask "Are you serious?" but you appear to be...!

If someone is offering a product which is designed to protect your computer from software which may damage it, but which has been inadequately tested and so *causes* damage to your system, then they cannot simply disclaim liability for that failure by saying "well, it was free, so people shouldn't expect it to work properly"!

More importantly, the idea of the "free product" is to get people to sign up for the paid product, so making such a monumental cock-up as this is liable to damage confidence in your business and mean they go to another, more reliable, supplier.

6
0
Bronze badge
Linux

Re: @Ledswinger - This is not rocket science...!

"designed to protect your computer from software which may damage it"

Windows IS a virus.

10
14
Rob
Bronze badge
FAIL

Re: This is not rocket science...!

Whether it's the paid version or free version both products will still be using the same definition database.

0
0

This post has been deleted by a moderator

Bronze badge
Linux

Re: Windows IS a virus.

And the only cure is a Linux live CD!!!

3
4
Silver badge
Boffin

Re: This is not rocket science...!

Ah, Eadon, you never fail to disappoint.

How can a Software company release an OS that is VULNERABLE TO VIRUSES in the first place?

Because it's impossible to release an OS that is invulnerable to viruses?

7
2
Anonymous Coward

@Steve Knox - Re: This is not rocket science...!

No, it's not impossible. Take z/OS for instance or Linux for IBM pSeries....

You seem to be young but you must know there actually was computing before Facebook.

4
5
Silver badge
Holmes

Re: @Steve Knox - This is not rocket science...!

@AC -- Neither z/OS nor Linux are invulnerable. There may be no know viruses targeting them now, but that is by no means the same thing.

As for my age, I've written assembler code for the Z80 processor. That should give you some idea.

4
1
Bronze badge

@Steve Knox

This is just an algebra of predicates. You hear the statement "Ted is an A Math and Physics student, while John can barely get a D". You're rushing with "Ted is not Einstein!" Yes it most probably is a true statement, however this won't change and doesn't contradict the fact that Ted is still a good student and John is a really poor one.

1
0
Anonymous Coward

Re: @Steve Knox - This is not rocket science...!

Can't speak with absolute certainty for Linux, but I can for z/OS. z/OS is immune to all known virus technologies, not just known viruses.

Inside z/OS it's impossible for a virus to execute replication code, and because the OS won't execute EoP, DoS, spoofing or pivoting exploits (buffer overrun and similar are equally non-applicable) which in other systems may allow execution even when the Execute bit is set to Off, the operating system can effectively be considered to be immune.

Enough major systems run on z/OS to make it an absolutely golden target for malicious software writers, so it's by no means security by obscurity.

1
1
Silver badge
Facepalm

Re: @Steve Knox

No, eulampios, I heard the question "How can a Software company release an OS that is VULNERABLE TO VIRUSES in the first place?" The implication is clearly that any vulnerability is unacceptable.

So I stated that invulnerability is impossible.

AC then provided examples of some very secure operating systems, specifically to refute the statement that invulnerability was impossible.

So a better parallel to the preceding conversation would be:

Eadon: "How can a sports program produce an athlete WHO CANNOT FLY in the first place?"

Me: "Because it's physically impossible for humans to fly?"

AC: "No, it's not impossible. Look at how high Javier Sotomayor and Stefka Kostadinova can jump!"

Me: "Sure they can jump very high, but that's not flying."

I don't believe that invulnerability should be the standard, because it's an absurd standard. That was my point.

0
0
Silver badge
Boffin

Re: @Steve Knox - This is not rocket science...!

...z/OS is immune to all known virus technologies...

Agreed, but note the highlight.

All we can ever do is ensure that the baddies have to be cleverer than we are.

0
0
Bronze badge

Re: @Steve Knox

Okay, Steve, let me give you my own view on this (and not only mine, as I believe).

MS Windows originally unlike the POSIX standards and Unix-like OS' did get a failing grade for security in both code and system design. So, to cover this void a whole AV industry had been created. MS have lately been partially improving their original amateur standpoint on this, not to the point when this industry would be totally redundant. AMOF, their code is getting more and more bloated and the Windows OS directory structure is still messy.

The point is that a particular system or a design is not made impregnable, but that it well-designed to minimize the risks versus when it still relies on some extraneous database-based and empirical scanning tools.

0
0
Bronze badge
Gimp

@Eadon: Re: This is not rocket science...!

"Here's another rhetorical question. How can a Software company release an OS that is VULNERABLE TO VIRUSES in the first place?"

You forgot to end with:

MS-RELEASE-VIRUS-VULNERABLE-OS FAIL

0
0

This post has been deleted by its author

Pint

Re: @Steve Knox - This is not rocket science...!

@AC 19th April 20:09

The only way for a modern OS to be invulnerable to viruses is to not run programs at all.

Or... to have the OS loaded in ROM, like a computer from the 80's (in this case the OS is safe, but the virus still can damage YOUR files).

0
0
Thumb Up

Re: @Ledswinger - This is not rocket science...!

Windows IS a virus.

Wrong - viruses are small and efficient in what they do...

Source: Linux fortune cookie.

1
0
Bronze badge

Re: This is not rocket science...!

I remember a handful of years ago, Symantec put out new definitions and any Windows system running in Chinese got whacked.

It happens, it shouldn't happen, but it does. Insufficient testing or in this case, apparently, zero testing.

0
0
Bronze badge

Their response

"Antivirus updates from Malwarebytes will now get tested on a virtual server before they are pushed out "

Sweet Jesus........

21
0
Bronze badge

Re: Their response

I had to read that a couple of times as I just could not believe it.

3
0

That explained why after running a Malwarebytes scan my pc got crippled and I had to do a system restore!

0
0
Facepalm

So malwarebytes ends up as malware.

Kinda ironic.

5
0
Anonymous Coward

I remember Norton doing that... a lot

At uni had norton installed on my PC, suddenly "Virus detected, deleting infected file" okay fair enough "explorer.exe deleted" wait what?

Computer dies and I cannot do anything anymore, had to copy explorer.exe over manually and replace it, only for norton to try pulling the same shit again.

12
0
Anonymous Coward

Cure worse than disease

What's wrong with MS Security Essentials etc?

Google: Symantec Sucks - start at bottom.

3
1
Anonymous Coward

Re: Cure worse than disease

MSE is nice, but it's not effective enough. I tested it myself in a vitual enviroment several times on live malware links and it really could not detect a lot of ransomeware from hijacking my virtual PC. The best combo that I found, after loads of extensive testing was using PrivateFirewall together with Prevx/Webroot. Stopped EVERYTHING in it's tracks, one way or another, nothing else did as an effective job, and no false positives that I can recall.

1
0

Re: Cure worse than disease

It's rates as one of the worst at catching problems. What did you expect from a freebie that generates no revenue?

0
5
Silver badge
FAIL

Re: Cure worse than disease

Erm, MSE is the 'free for personal use' version of MS System Center 2012 Endpoint Protection.

It's no different to the other 'free version of paid corporate' AV systems.

As to whether it's any good - well, none of them are substitutes for good surfing practice.

0
0
Anonymous Coward

Re: Cure worse than disease

"What's wrong with MS Security Essentials etc?"

A user's PC came in recently with XP running slow. The installed MSE had not detected any problems - but an offline Norton scan found a "high risk" Trojan. After it had deleted it the XP ran smoothly again. The user is now going to use Norton.

A few year's ago a PC had the free AVG belatedly installed - which found over twenty infections. However it still had obvious problems. A Norton scan found another twenty and fixed the problems.

Norton obviously isn't perfect - but it does seem to work for my idiots user base.

1
3

Re: Cure worse than disease

Unless something's changed in the last few years, the usual advice is that users should be running 2 or 3 different AV programs as none of them catch everything.

0
0
WTF?

Not even signed

Four of the files included in the download are not even digitally signed.

An anti-malware firm wants me to download and run unsigned executables? That's what I call setting a good example!

(Yes, I realise that just 'cos it's signed, doesn't mean it isn't malicious, but it's a good start).

4
0

This post has been deleted by its author

Anonymous Coward

Re: Not even signed

Well spotted, I also noticed the same issue last year. I kicked up a big fuss about it with them, but they were arrogant and in my opinion dumb. They may be smart script kiddies, but they are ignoring the fundamentals.

I evenetually replaced their software as both an on-demand or realtime extra layer and got Hitman Pro on-demand, run nightly, takes only 2-3 mins, and which uses about half a dozen other AV vendor databases. It's a great concept although it did quarantine one false-positive on one occasion, thankfully did not delete this digitally signed MS file which one of their vendor databases flagged as malware.

No vendor is perfect, you just need to always ensure you have regular image backups....which reminds me, ahem!

0
0
Gold badge
Facepalm

Re: Not even signed

Why does this not surprise me? Ah yes, if they knew about digital signatures, they would understand the wisdom of white-listing anything signed by the Windows kernel team.

These idiots are now the umpteenth AV firm to destroy installations by allowing their "advanced heuristics" to trump the mathematical near-certainties of a digital signature. It's getting beyond a joke. This is not an unfortunate mistake. This is a fundamental design flaw. This is *negligence*.

1
0
Gold badge
Facepalm

Don't worry.

Eadon will be along in a minute to tell us that Malwarebytes has actually got it right.

13
1
Pint

Re: Don't worry.

Maybe he wrote the update?

0
0
Silver badge
Joke

Why apologise?

Unless it was for not nuking Windows much earlier?

4
0
Silver badge
FAIL

Testing eh?

Always, it's the testing!

0
0
Bronze badge

Testing updates prior to release

really does seem to have fallen out of fashion, in the software industry. Anyone know why, or is there just a general view that it's better to be seen to be busy, rather than actually being busy behind the scenes?

3
0
Silver badge
Meh

Re: Testing updates prior to release

More people adopting scrum perhaps? At least the traditional waterfall method had a clearly defined sequence of 'develop then test'. I do like scrum but with increased freedom comes increased responsibility and a careless developer could forget to create a separate testing task for their PBI.

Also pressure of management who just want a product out of the door on a certain date. Scrum aids that by allow efficiency gains but in a weak environment the gains could come through corner cutting.

2
0
Silver badge

Re: Testing updates prior to release

Because testing doesn't add value from a management perspective. Testing either reveals problems with the software, which then have to be fixed, which costs more time. Or Testing shows that everything is ok, in which case you might as well have skipped it anyway because it was obviously a waste of time.

Testing gets labelled as non-productive time and sidelined.

Until something goes wrong. Then some poor developer gets a kicking for making a mistake and not correcting it. Which is difficult when there's no decent testing process.

10
0
Silver badge

Re: Scrum Development Process

If you're using a Scrum development framework, shouldn't you be designing unit tests as you go?

1
0
Silver badge
Meh

Re: Scrum Development Process

shouldn't you be designing unit tests as you go?

Absolutely but with some management styles standing up at the review meeting and saying you spent half your time writing code that would never be shipped to the customer could be unpleasant. There's nothing wrong with scrum if it's done properly but it seems to me that there is greater opportunity for steps to be missed or poorly executed. A team is after all a largely self-contained and self-policed entity. That's one of the advantages of the system - but also a weakness.

1
0
Bronze badge

Re: Testing updates prior to release

From a management perspective, testing is a cost that needs to be cut, as it does not increase shareholder value.

EOS!

0
0
Gold badge

Re: Testing updates prior to release

There's a perfectly good economic reason. Testing costs time. If your competitors reach the market first because you are stuck in testing, then even if you eventually deliver a better product, all your potential customers are now locked-into your rival. Your customers are then faced with the cost of switching to you versus the benefits of doing so. Therefore, unless your testing has produced a *markedly* better product (perhaps because your rival is truly dreadful), it doesn't make sense for the customer to switch and so you go bust.

Doing no testing is idiotic, but so is trying to expunge all bugs. The sweet spot is somewhere in between and that means the sweet spot is "slightly buggy". For a complex product, the sweet spot will be "really quite buggy, actually".

1
0

Re: Scrum Development Process

"If you're using a Scrum development framework, shouldn't you be designing unit tests as you go?"

Unit testing wouldn't have caught this issue...

In fact the only thing that Unit testing does is save the real testers a little time at the cost of developer time. After all, integration, runtime, and clicky clicky user issues don't show up on unit tests.

0
0
Bronze badge
Flame

Oh come on its not like Norton,AVG,Microsoft and other free or paid services haven't done the same thing with their updates at least they were quick enough to pull them off the shelf.

2
0

Page:

This topic is closed for new posts.