Oops.
Webroot antivirus goes bananas, starts trashing Windows system files
Webroot's security tools went berserk today, mislabeling key Microsoft Windows system files as malicious and temporarily removing them – knackering countless PCs in the process. Not only were people's individual copies of the antivirus suite going haywire, but also business editions and installations run by managed service …
COMMENTS
-
-
-
-
-
Tuesday 25th April 2017 13:37 GMT handleoclast
Re: AFAIK that makes it the only anti malware tool actually doing its job
Ummm, look again at what you quoted from the article:
Webroot's security tools went berserk today, mislabeling key Microsoft Windows system files as malicious and temporarily removing them
See that word "temporarily"? It might have been doing a better job than other AV s/w but then it screwed up by not removing the files permanently.
-
-
Tuesday 25th April 2017 09:57 GMT Anonymous Coward
Re: Kaspersky No Better
The problem is, you need a balanced approach, risk by doing something vs risk by not doing something. This is something my people don't get.
We had a AV signature update silently delete some of our compiled support EXEs from our build server during the build process (as the guys in charge of AV don't understand what heuristic means). It wasn't spotted by the testers (as it was tested as an upgrade), only when it hit the field, did customers spot that our latest software release wasn't complete, making the company look like idiots. Of course the team in charge of AV, it wasn't THEIR fault, it never is...
-
-
-
Wednesday 26th April 2017 12:29 GMT Anonymous Coward
Re: Kaspersky No Better
A good virus detection program has good positive detection and LOW false positives ratios. Kaspersky fails badly on the later metric, it's also regularly screwing up systems here, deleting important files, and refusing to boot the system. It's extremely invasive, unreliable trash.
-
Thursday 27th April 2017 18:19 GMT TheVogon
Re: Kaspersky No Better
"A good virus detection program has good positive detection and LOW false positives ratios. Kaspersky fails badly on the later metric, it's also regularly screwing up systems here, deleting important files, and refusing to boot the system. It's extremely invasive, unreliable trash."
Thanks for the info. I have experience of Symantec, Sophos, McAfee, and Microsoft amongst others but not that one...
-
-
-
-
-
Tuesday 25th April 2017 00:45 GMT bombastic bob
a crowning moment of AWESOME!
this made my day! (Shadenfreude)
Anti-virus is SO overrated.
"Safe Surfing" works better, In My Bombastic Opinion. That is no MS browsers, aggressively use the 'NoScript' plugin, don't view HTML e-mail as HTML, don't auto-view e-mail attachments, no MS Outlook (aka 'virus outbreak'), and NEVER access the internet or e-mail while logged in with ADMIN privs [unless you're doing a software update with a legitimate source, and then be vewy vewy caweful...]
It would've been even funnier if MS's anti-virus had caused this
-
-
Tuesday 25th April 2017 12:45 GMT Mr.Bill
Re: a crowning moment of AWESOME!
The masses should by now no longer be using PCs as a personal connected device - only used in professional/business environments properly locked down and maintained by IT. (not that that would have changed the outcome of this particular situation)
Thankfully the masses seem to have moved on as shown by the drop in PC sales over the years and prevalence of safer devices like tablets, smartphones and chromebooks.
-
Tuesday 25th April 2017 13:35 GMT Infernoz
Re: a crowning moment of AWESOME!
Other devices can be even less safe, especially when the manufacturers or providers fail to provide OS updates, or the OS is provided by spy driven businesses like Google!
I have Android devices but I seriously restrict what personal content is on them because I expect it to be vulnerable.
-
-
-
-
-
-
Tuesday 25th April 2017 14:58 GMT Anonymous Coward
Re: a crowning moment of AWESOME!
companies can choose to implement a safe surfing approach
Only against the obvious NSFW sites. Unfortunately safer-surfing and white-listing won't protect a company from watering hole attacks, and I'd suspect that the main corporate threat is from well organised crims who won't be relying on some dumbo looking at that sort of content.
-
-
-
Tuesday 25th April 2017 13:29 GMT Infernoz
Re: a crowning moment of AWESOME!
I barely tolerate spyware behaviour in Win. 10, because it can be disabled/blocked, but I won't tolerate malware like behaviour in application software, so SRWare Iron instead of the spyware Chrome, LibreOffice instead of Microsoft Office, Firefox instead of Edge, Avast (several false positive plugins disabled) instead of conflict of interest (Chocolatey false positives) Avira etc.!
I use NoScript, but uMatrix is also useful for protecting multiple browsers, because by default it blocks frames and other sites, and allow selective enabling/disabling of cookies, css, images, plugins, scripts, XHR (XML requests), etc. for each domain and sub-domain, in a drop-down table pane.
With some sites I even disable images, because they are not essential for the content and mostly used for annoying adverts.
I will rarely trust/use Microsoft anti-malware because it will allow their OS spyware and may add other malware like behaviour.
-
-
-
Tuesday 25th April 2017 05:08 GMT Trilkhai
That actually made sense
I saw the same BBC headline and was thrown by it until I read the article. Turns out that the request actually makes sense: their health problems (cardiovascular issues, diabetes, extreme obesity, etc.) mean that the sedative to knock them unconscious might not work properly, leaving them to suffer horribly during execution. Witness accounts on whether each did or not are conflicting.
-
-
Tuesday 25th April 2017 03:47 GMT allthecoolshortnamesweretaken
"The timing of the file classification blunder couldn't be worse for at least one employee. Gary Hayslip was hired earlier this month as Webroot's chief information security officer, and this can't be a fun first few weeks on the job."
Ooh, I geddit - haze the new guy! Really funny, guys.
-
Tuesday 25th April 2017 09:51 GMT Anonymous Coward
Not sure the new CISO will G-a-F. If he's doing his job properly then he'll be a million miles from the technical activities that buggered up his company's customers. His job is to protect the information assets of Webroot (intellectual property, employee and customer data) though arguably he'll have less to protect as the existing customers go elsewhere.
-
-
-
-
Tuesday 25th April 2017 08:34 GMT K
Re: They're running Norton Antivirus too...
For home use?
I recommend Sophos, they offer the full product (AV, Web Protection etc) for free to home users, including Cloud-based managed.
As the "family's PC repair man", I have the whole family on this, so I can manage everything from 1 console, including the kids and grand parents!
-
Tuesday 25th April 2017 12:23 GMT CrazyOldCatMan
Re: They're running Norton Antivirus too...
I recommend Sophos, they offer the full product (AV, Web Protection etc) for free to home users, including Cloud-based managed.
I wondered about using them (but then, I only have one Windows desktop and it only gets used for Word/Excel type stuff) especially as I'm using what used to be called Astao Linux (now Sophos UTM - and even more amazingly, they don't appear to have broken it).
Sopfos UTM comes with built-in management for the Windows & Mac Sophos AV.
Mind you, if I think need AV on my Mac, I'd be using clamav..
-
Tuesday 25th April 2017 14:56 GMT Anonymous Coward
Re: They're running Norton Antivirus too...
My advice would be to steer well away from Sophos.
They have been particularly bad with false positives causing big issues with key software. They managed to take out many of the key apps on all PCs, including their own software updater (which meant that you couldn't easily fix it as you couldn't download an updated definition file).
It had gone through 5 layers of testing which should have picked up the issue but none managed to spot the problem (let me reiterate, it borked their own software!).
After that I left them and since then they have had more issues, even towards the end of last year they killed winlogon.exe and disabled PCs. Luckily we had moved on since then.
-
-
-
Wednesday 26th April 2017 07:58 GMT Anonymous Coward
Re: They're running Norton Antivirus too...
F Secure have been around a long time, as has been Kaspersky, both with a rather low error count on signatures that nuke your computer's OS. That said, Kaspersky on macOS* is thoroughly disappointing so I can't really recommend it.
In addition, I recommend a rebuild every year if possible, especially Windows machines appear to accumulate the electronic equivalent of kettle fur and a rebuild speeds them up - just make sure you have all the license codes and passwords and a damn good (tested!) backup before you do it.
I'm about to do the same on macOS, but that's because it's gone weird after making installing Office 365 (client request, but that project is finished). I won't make that mistake again.
* Yes, macOS and anti-virus, I believe in facts rather than marketing.
-
-
Wednesday 26th April 2017 12:22 GMT Kiwi
Re: They're running Norton Antivirus too...
Serious question from a habitual Norton Antivirus user who's sick of it -
What do folks recommend as a superior and safe alternative?
Well. Nothing.
Seriously. Running nothing would protect you more than Norton!
If you're looking for paid, and what IME is best overall (as of a couple of years back when I last looked), I would recommend Eset.
Free.. MS's own program wasn't too bad IME, but I found Avira and Avast better. But one of the two did a lot of advertising. Bit Defender is currently one I like as well (paid or free), largely because of how good their rescue disk was and how not-crap the rest of their system was.
I've heard good things about Trend Micro and Comodo but have never tried them. I did set up Comodo's firewall at one workplace, and the place never had a problem despite the best efforts of the retard who did most of their filing (I do not have the language to describe how bad this guy was). It was a whitelisting firewall comparable at least to Zone Alarm back then.
Overall though I recommend Eset, however it has been a while so my information may be out-dated. Part of that is based on the customer service I got from them, which was pretty good.
-
-
Tuesday 25th April 2017 07:04 GMT Ken Hagan
Quarantined *signed* files?
If WebRoot are aware of a way of faking a signature, perhaps they'd be willing to share this major breakthrough in cryptography that undermines the security of all e-commerce everywhere.
If not ... it is surely criminally negligent not to whitelist files that are signed by Microsoft.