Antivirus update broke our interwebs, howl Win XP users Thousands of Windows XP users were blocked from accessing the internet this week after they applied a misfiring antivirus update from Kaspersky Lab. The issue affected both consumer and business versions of Windows XP. Vista or Windows 7 users were untouched by the snafu. Even so, Kaspersky's support forums quickly filled up …
Not by my arithmetic.
Core Windows executables are all signed and have been for years. We've now had just about every AV vendor give a false positive to one of these executables at some point or other. Over the same period, we've had no indications that the signing key is in the wrong hands. If your suspect executable is signed by that key then the smart money is on "false positive" every time.
The evidence to date suggests that AV companies are just trigger-happy.
I always hated the concept of checking signed OS files however;
1) core parts of operating system that checks signature can be cracked,deactivated
2) the certificate itself would get stolen or leaked
3) users are click happy
4) impossible occurs and the OS vendor itself may release malware as update.
Kaspersky users want to have an extremely paranoid Russian security chief in their machines. With the ever increasing OS complexity, these things will happen from time to time.
While on it, vendors like Kaspersky already do a great deal of white list, cloud "common wisdom" etc. Things really changed. Personally I like their "security first, ignore couple of 'it is heavy, slow' trolls" approach so far. They could blindly trust all Microsoft signed executable files and they could be rated "fastest", "lightweight" etc. That is way easier.
"Actions have been taken to prevent such incidents from occurring in the future."
Like the million-and-one previous occasions by just about every AV vendor there is.
And what actions? Putting the damn software you're writing on a single test machine (or even test VM) running one of the (claimed) support platforms once per release? Otherwise known as the most primitive testing regime known to man?
Bull, they are doing quite well - so well they have been running a share buy back program.
Part of the reason they're doing so well is because they also flag government spyware as the malware it is. It's not that well known they do this (it's generally not a topic any party wants to see in the news too often) but it's a fact. That alone puts them for me pretty much at the top of my selection process for Windows as well as OSX.
Not always so. If Internet access or booting-up fails then standard practice should include disabling your AV product product to see if that makes a difference. Where you really have problems is when the AV destroys or quarantines something essential.
But it DOES sound like a lack of basic testing.
I used Kaspersky for many years but I found that on older machines (I look after the family computers) it was causing them to slow down with the newer versions. I replaced Kaspersky with Avast and noticed a big difference in performance of the machines.
no doubt I'll be doing the same again in a few years
I had their AV product, which was fine. But when after a year or so I wanted to upgrade to their security suite (Kaspersky PURE?) the upgrade bricked my machine. It took a lot of calling and complaining to get everything straightened out, and by"straightened out" I mean getting Kaspersky off my PC and replacing it with WebRoot.
indeed, I was using kaspersky until it ground a dual core 3.1Ghz machine into the ground, making simple file copy operations so slow the system was unusable. I disabled kaspersky and holy-cow-it-was-fast-again. uninstalled kaspersky from all my systems and went back to MSE, which has not caused me any performance problems. still virus free here after all these years.
"Kaspersky Lab would like to apologise for any inconvenience" Statements like this really annoy me!
It should be
"Kaspersky Lab would like to apologise for THE inconvenience"
My wife nearly threw her laptop out of the Window it was so infuriating!
since a botched AV software update convinced me that virus makers are less dangerous for my system when and if they will finally get to my system.
And before you tell me, yes I know I could use non-Microsoft OS for increased safety online.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
