Slashdot Mirror

← Back to Stories (view on slashdot.org)

Anti-Virus Bug Briefly Identified Windows Explorer as Malware

Posted by Zonk on from the err-oops-pay-no-attention-to-your-OS dept.

SJ2000 writes "Windows Explorer was quarantined last week by Kaspersky Lab's antivirus software after being falsely identified as malicious code. The security company's systems had decided that a virus called Huhk-C was present in the explorer.exe file, leading to its confinement or, in some cases, deletion. The bug was only live in the wild for two hours, and ended up affecting just one corporate customer and a handful of home users."

131 comments

  1. I don't get it... by Anonymous Coward · · Score: 5, Funny

    Windows identified as malware... why is this a bug?

    1. Re:I don't get it... by Anonymous Coward · · Score: 5, Funny

      > Windows identified as malware... why is this a bug?

      Because it only identified the explorer component.

    2. Re:I don't get it... by iamacat · · Score: 4, Funny

      Here is an explanation why it is a bug

    3. Re:I don't get it... by Anonymous Coward · · Score: 0

      mycity spam

    4. Re:I don't get it... by Harmonious+Botch · · Score: 1

      Windows identified as malware... why is this a bug? Because it failed to take the proper corrective action ...loading linux andfirefox
    5. Re:I don't get it... by BCW2 · · Score: 1

      I agree! Since IE is the home of 50%+ of all Windows vulnerabilities, it is mal-ware!

      --
      Professional Politicians are not the solution, they ARE the problem.
    6. Re:I don't get it... by weicco · · Score: 1

      So the real news is don't trust Kaspersky Lab's antivirus software.

      --
      You don't know what you don't know.
    7. Re:I don't get it... by dolo724 · · Score: 4, Funny

      In the late 90s and into the early 00s a few MS components and some legitimate DLLs were identified as virus laden. I solved the problem on my work machine by formatting the HD and installing RH-7, then VMWare for the only windows-dependent executable I couldn't get to run on wine. I had the fastest software package in-house and it made a kick-ass Quake server.

      maybe that's why I got laid off...

      --
      But you just gotta have another sigarette
    8. Re:I don't get it... by the+honger · · Score: 1

      "...best thing for it, really...it's therapy was going nowhere..."

    9. Re:I don't get it... by AmyRose1024 · · Score: 3, Funny

      The actual patch is here: http://www.kubuntu.org/

    10. Re:I don't get it... by Heembo · · Score: 1

      At least you didn't use the entire corporate network to find the next prime number. :)

      --
      Horns are really just a broken halo.
    11. Re:I don't get it... by Anonymous Coward · · Score: 0

      Because malwares are efficient and fast; Windows is not. Malwares don't interrupt computer users with endless [allow][cancel] questions and Window does. Thus, Windows can't be a malware.

    12. Re:I don't get it... by kdemetter · · Score: 1

      well at least you are more honest about your spam .

      --
      Slipping shoelaces ?
    13. Re:I don't get it... by Opportunist · · Score: 1

      Well, to keep their signature files small, a lot of AV companies started tracking only the most damaging parts of a malware kit.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    14. Re:I don't get it... by inkspot78 · · Score: 1

      They are referring to Windows Explorer (explorer.exe), not Internet Explorer (iexplore.exe).

    15. Re:I don't get it... by Schraegstrichpunkt · · Score: 1

      So the real news is don't trust Kaspersky Lab's antivirus software.

      Perhaps. I'd say the "news" is that Windows is a stupid, broken OS where stuff like this is bound to happen because it's designed to need antivirus software in the first place.

      If someone pulls on one of these doorhandles who's more to blame? The designer or the user?

      The designer.

      --
      http://outcampaign.org/
    16. Re:I don't get it... by jansegers · · Score: 1

      Reminds me of an old joke about Windows 95 being a virus... http://aryhma.oy.cx/damu/humor/win95_virus.html Could apply to Vista as well, I'm afraid...

    17. Re:I don't get it... by weicco · · Score: 1

      Please run this as root: rm -rf /

      So every *nix version is a stupid, broken OS where stuff like this is bound to happen? How on earth OS is able to tell which command or executable is a valid one and which should be ignored?

      When you have answer for that, patent it and sell it to some major OS vendor. You'll be very, very rich then.

      --
      You don't know what you don't know.
    18. Re:I don't get it... by Schraegstrichpunkt · · Score: 1

      Please run this as root: rm -rf /
      So every *nix version is a stupid, broken OS where stuff like this is bound to happen?

      On the contrary. "rm -rf /" doesn't violate user expectations.

      "Screensavers" and "games" that can do malicious things with files unrelated to their own operation, for example, violate user expectations. I find it amazing that Microsoft---a company that makes US $14.06 billion a year in profit---still hasn't produced an operating system that does proper sandboxing. That the same company can barely compete technically with a few geeks hacking in their basements is a testament to its utter lack of innovative ability.

      --
      http://outcampaign.org/
    19. Re:I don't get it... by weicco · · Score: 1

      Eh. How about I put "rm -rf /" inside a file which I cleverly name fetch_pictures_of_pamela_nude.sh? User expects to see large breasts but ends up with a very screwed OS. Of course it doesn't work unless user runs it as root but same goes for Windows and Vista especially. Just because there aren't a lot of stupid attacks like this targeted on *nix system doesn't mean that it isn't possible.

      The problem with Windows is users. I know a heck lot of users who, as you correctly said, install every goddamn Messenger add-ons and screensavers (what an oxymoron, just switch off that stupid monitor). And of course they run everything as admin and that's something which can be blamed on MS. Vista is a step for better but it comes too late and is probably too little. And I don't really see how sandboxin everything solves the problem with trojans.

      --
      You don't know what you don't know.
    20. Re:I don't get it... by Schraegstrichpunkt · · Score: 1

      Just because there aren't a lot of stupid attacks like this targeted on *nix system doesn't mean that it isn't possible.

      I'm not proposing *nix as a solution to the problem.

      And I don't really see how sandboxin everything solves the problem with trojans.

      I wouldn't say it completely solves the problem, but it would go a long way. If everyday things could be installed into some sort of sandbox, then a user could be taught to think twice before giving some process extra privileges. (Which is partly why *nix is somewhat better in practise---you don't generally run stuff as root---but it doesn't go far enough in that respect.)

      --
      http://outcampaign.org/
    21. Re:I don't get it... by weicco · · Score: 1

      I wouldn't say it completely solves the problem, but it would go a long way. If everyday things could be installed into some sort of sandbox, then a user could be taught to think twice before giving some process extra privileges. (Which is partly why *nix is somewhat better in practise---you don't generally run stuff as root---but it doesn't go far enough in that respect.)

      Well for instance spam bot doesn't have to be run as root. It only needs connection to outside world to recieve orders and send spam. Plenty of malware doesn't need root privileges so basically it doesn't matter are you running your system as root/admin or not (well of course it does but not in this particular case). And I'm talking about desktop systems. Servers are a totally different ball game of course.

      --
      You don't know what you don't know.
  2. Obligatory fixed by Anonymous Coward · · Score: 4, Funny

    Anti-Virus Bug "Correctly" Identified Windows Explorer as Malware

  3. If there was a tag that was needed by Anonymous Coward · · Score: 0

    Someone please use !falsepositive, lol

    Ironic: my captcha is "deleting".

  4. Windows Is Not A Virus! by filesiteguy · · Score: 5, Funny

    Viruses are small and efficient.

    --
    The Kai's Semi-Updated Website Thingy
    1. Re:Windows Is Not A Virus! by Anonymous Coward · · Score: 0

      In 1992 they were. A Trojan/Virus nowadays will rarely fit on a whole floppy.

    2. Re:Windows Is Not A Virus! by NeverVotedBush · · Score: 1

      You are correct!

      It is a trojan!

    3. Re:Windows Is Not A Virus! by Opportunist · · Score: 1

      Nope. Trojans are being streamlined to hide better from the user's eye, usually have a fairly small footprint (less than 100k normally, and few are bigger than 500k), get updated at the very least every other week, are tested and tried until they are bug free and will never ever blow up in the user's face.

      Windows is not a trojan.

      It is a bug.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  5. jk by wizardforce · · Score: 3, Funny

    that's not a bug, it's a feature

    --
    Sigs are too short to say anything truly profound so read the above post instead.
    1. Re:jk by Phroggy · · Score: 1

      Not a bug

      --
      $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
      $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
    2. Re:jk by Anonymous Coward · · Score: 0

      Maybe it's a tumor!

  6. um, don't they test these things before releasing? by Anonymous Coward · · Score: 5, Insightful

    Shouldn't this have been caught by even the simplest test before releasing?

    That's my first reaction, now I'm off to RTFA

  7. Re:um, don't they test these things before releasi by ubrgeek · · Score: 5, Funny

    You're right. But sometimes MS is in a hurry to get their product out.

    Oh, you mean Kaspersky Labs ...

    --
    Bark less. Wag more.
  8. That's the proof by notenslaved · · Score: 0

    Windows IS a virus.

  9. Re:wow, what a bunch of crap. typical by Anonymous Coward · · Score: 0

    It sounds more like anti-Kaspersky Lab rather than anti-ms

  10. Re:um, don't they test these things before releasi by Anonymous Coward · · Score: 2, Funny

    Shouldn't this have been caught by even the simplest test before releasing?

    [X] In Soviet Russia, IE tests YOU!
    [X] Only old Koreans bother with testing!
    [X] "But it IS malware, boss!"
    [X] Netcraft confirms it - testing is dead!
    [X] I don't run IE, you ignorant clod!
    [X] "We tried to test it on Vista, and we will, as soon as its finished booting ..."

  11. O rly? by Dunbal · · Score: 5, Funny

    The bug was only live in the wild for two hours, and ended up affecting just one corporate customer and a handful of home users.

          And yet it still made the front page of Slashdot.

    --
    Seven puppies were harmed during the making of this post.
    1. Re:O rly? by Matt867 · · Score: 0

      It made the front page of Slashdot because a corporate user shouldn't be stupid enough to use Microsoft Explorer over a real browser.

    2. Re:O rly? by Anonymous Coward · · Score: 0

      Huh?

      Corporate users are often the ones that don't have a choice, and this article is NOT about web browsers.

      Windows Explorer is a file manager.

    3. Re:O rly? by Shohat · · Score: 1

      I use IE7 (due to policies and ) at work and FF at home. Why am I stupid ?

      --
      My Starcraft 2 Blog
    4. Re:O rly? by rhizome · · Score: 4, Insightful

      It made the front page of Slashdot because a corporate user shouldn't be stupid enough to use Microsoft Explorer over a real browser.

      So what does that make people who are stupid enough to mistake Internet Explorer for Windows Explorer?

      --
      When I was a kid, we only had one Darth.
    5. Re:O rly? by The+Anarchist+Avenge · · Score: 1

      When gp talked about corporations as an entity, he was referring to the people in the corporations to make software policy. So you aren't stupid, the people above you are.

      --
      Today's lucky number is: 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
    6. Re:O rly? by Anonymous Coward · · Score: 0

      Yes. And I bet it will again. (I'll be here all week).

    7. Re:O rly? by MMC+Monster · · Score: 2, Interesting

      I was under the impression that explorer.exe was the MSWindows file manager. As a file manager, it actually is quite nice and has some interesting (good, or at least different) properties compared to nautilus. Such as copying a folder with the same name as a folder in the target will perform a merge of the two folder contents rather than deleting the original contents or the target.

      --
      Help! I'm a slashdot refugee.
    8. Re:O rly? by Matt867 · · Score: 2, Informative

      "I use IE7 (due to policies and ) at work and FF at home. Why am I stupid ?" For starters your sentence should have been typed like this: "I use IE7 (due to job-related policies) at work and FF at home. Why am I stupid?"

    9. Re:O rly? by marcello_dl · · Score: 1

      The idea of merging is cool, but if a merge is the most intuitive outcome of a folder copy for you, it sure isn't for me. Hopefully the user is notified about the proposed merge? else it's housekeeping time for me when i get back to work.

      --
      ---- MISSING MISCELLANEOUS DATA SEGMENT --- [sigdash] trolololol
    10. Re:O rly? by MMC+Monster · · Score: 1

      I'm not sure if it is more intuitive or not. Presumably MSFT has good usability lab to figure that out. It is less destructive, though.

      It's been a while since I got burnt by it in nautilus. Does nautilus warn you if it's about to delete the entire contents of a folder because another folder with the same name is being copied over it?

      I know that at at least until a year ago, on filesystems that are case retentive but not case sensitive (ie: fat32 and ntfs), nautilus aborts without any warning if it copies a file with the name abc.jpg into the same folder as a file ABC.jpg. (This happens surprisingly often if you have more than one digital camera.) I think it was just fixed in the latest release of the gnome desktop.

      --
      Help! I'm a slashdot refugee.
    11. Re:O rly? by bigstrat2003 · · Score: 1

      It's a bit rich to call anyone who uses IE stupid, considering calling IE not a real browser is pretty stupid in itself. IE7 works beautifully, thank you very much. Bully for you if you want to use Firefox (or any other browser), but that doesn't mean you should come in here insulting IE users.

      --
      "16MB (fuck off, MiB fascists)" - The Mighty Buzzard
    12. Re:O rly? by Decameron81 · · Score: 1

      So what does that make people who are stupid enough to mistake Internet Explorer for Windows Explorer?


      Yeah, completely stupid people.

      It's like mistaking Windows Vista Starter with Windows Vista Home Basic or with Windows Vista Home Premium or with Windows Vista Business or with Windows Vista Enterprise or with Windows Vista Ultimate.

      Or like believing that Plays For Sure plays for sure.
      --
      diegoT
    13. Re:O rly? by atraintocry · · Score: 2, Funny

      So what does that make people who are stupid enough to mistake Internet Explorer for Windows Explorer?

      The Windows Team, circa 1998.

  12. windows? a virus? no wai by Anonymous Coward · · Score: 0

    Hey, I wonder if anyone else will make jokes portraying windows negatively in this thread.

    1. Re:windows? a virus? no wai by Entropius · · Score: 0, Redundant

      only the dumb windows users.

    2. Re:windows? a virus? no wai by Anonymous Coward · · Score: 0

      I was wondering why you got modded -1 Redundant for that comment. Then I realised that the redundancy was in calling windows users dumb.

  13. Re:wow, what a bunch of crap. typical by Anonymous Coward · · Score: 0

    you've been trolled, my friend.

  14. Today's virus are not efficient at all! by JcMorin · · Score: 1

    I agree, today virus are not efficient at all, most of time customer discover they have virus because their system is getting very slow.

  15. Where is the Obligatory Gay Male Coprophilia Porn by NeverVotedBush · · Score: 3, Funny

    Any story that puts MS in a bad light or makes fun of them almost always gets the story about some guy enjoying another's feces.

    I guess it's just too early still in Seattle... Maybe they will post it later.

    Merry Christmas Bill!

  16. Re:um, don't they test these things before releasi by Anonymous Coward · · Score: 0

    Now that you (might have) RTFA, you know that Kaspersky's system automatically identified explorer.exe as a virus and deleted it - no human interaction or patching involved, the way antivirus software should work.

  17. Random Thought by Cruicky · · Score: 1

    Why not have the virus scanner, upon detection of a virus, check for a Microsoft digital signature in the binary, and maybe behave differently in this situation? Might just save a few systems in the future from incorrect signatures. I can't see this change in logic being beneficial to malware writers as they won't have a Microsoft signature, and if they can somehow change the anti-virus program to check for digital signatures against a different public key, you are already compromised.

    1. Re:Random Thought by Warbothong · · Score: 1
      "Why not have the music player, upon detection of a track, check for a Microsoft digital signature in the WMA, and maybe behave differently in this situation? Might just save a few systems in the future from incorrect signatures. I can't see this change in logic being beneficial to song writers as they won't have a Microsoft signature, and if they can somehow change the music playing program to check for digital signatures against a different public key, you are already liberated."

      Just an analogy to the whole DRM issue on music. My point is that trying to add a brand new, whizz bang, undefeatable layer of security never works. Those who it is targetting will figure out how to bypass it, every legitimate user is stuck jumping through hoops to do their legitimate activities. After a while such a monstrousity of a security cake is layered up higher and higher as the same model is tried again and again, a lot of the time with bugs further down the cake being used to break the upper layers. The better long-term strategy is to try and fix what is wrong with the current layers of the OS, but Microsoft's problem there is that it may affect program compatibility (which they REALLY don't want to mess with, since if the massive amount of Windows programs out there needed to be rewritten to run on a fixed OS then one of the biggest reasons to use Microsoft's technology over the competition is gone)

    2. Re:Random Thought by Al+Dimond · · Score: 1

      That doesn't make sense at all as an analogy. This idea assumes that all Microsoft-signed binaries are clean and that any virus signatures found in those files should be ignored. It's not an extra layer of security, it's a way to prevent the annoyance of false-positives in an existing layer. I can't think of a direct analogy involving DRM; it would have to involve exempting files meeting certain criteria from restriction.

      If an AV scanner decides to let all MS-signed binaries go, they might also consider letting through binaries signed by other reputable vendors. But they should be sure not to open the door too wide (the story of Apple shipping iPods with Windows viruses on them comes to mind).

    3. Re:Random Thought by niteice · · Score: 1

      So...you imply that this "security cake" is more useless, more of an illusion as time goes on....

      so you're saying that the cake is a lie?

      --
      ROMANES EUNT DOMUS
  18. Have you even used windows lately? by pcgabe · · Score: 2, Funny

    "Windows Explorer was quarantined last week by Kaspersky Lab's antivirus software after being
    falsely identified as malicious code.
    "Falsely?"

    It's not a virus, sure. Viruses tend to mature, become more efficient...

    But Explorer sure feels like malicious code...
    --
    Don't put advice in your sig.
  19. Dumb article by Anonymous Coward · · Score: 2, Funny

    From TFA:

    As Windows Explorer is the graphical user interface for Windows' file system, this made it difficult to perform many common tasks within the operating system, such as finding files.

    Gee, makes it sound like losing explorer.exe is only mildly inconvenient.

    1. Re:Dumb article by BlueParrot · · Score: 1

      Gee, makes it sound like losing explorer.exe is only mildly inconvenient.

      Wel at least they didn't claim it was "bricked" ...
    2. Re:Dumb article by Ant+P. · · Score: 1

      In that situation you can still use the task manager and the original windows 3.1 program/file managers. They might've stopped including those two after XP though, I dunno

    3. Re:Dumb article by iivel · · Score: 1

      progman.exe and winfile.exe no longer execute in XP (though they were still there in win2K)

    4. Re:Dumb article by Tired+and+Emotional · · Score: 1
      > As Windows Explorer is the graphical user interface for Windows' file system, this made it difficult to perform many common tasks within the operating system, such as finding files.

      Hmm:

      Start/run: enter "c:\cygwin\bin\bash.exe

      click ok

      find . -name thingee.wot

      How is that hard?

      --
      Squirrel!
    5. Re:Dumb article by Anonymous Coward · · Score: 0

      It's pretty hard to click on the Start button without explorer.exe

  20. AND???? by lorenlal · · Score: 1

    Nothing to see here, move along. If it made news every time someone released something that broke explorer, we couldn't read about our beloved Beowulf clusters of toasters!

    What's funny is, if I saw that explorer was missing on my system, by the time I reloaded the OS (cause *obviously* it's infected/broken/normal operating procedure), I never would've known the cause. It was pulled by the time I would've finished installing.

    Of course, then I'd have to go and find my Gentoo CD so I could reload GRUB. That would've been more painful than the rest of the OS reload that I expect to do every six months anyway.

    1. Re:AND???? by cbiltcliffe · · Score: 1

      What's funny is, if I saw that explorer was missing on my system, by the time I reloaded the OS (cause *obviously* it's infected/broken/normal operating procedure), I never would've known the cause. It was pulled by the time I would've finished installing.
      You'd reload Windows because explorer.exe is missing? Holy crap, is that ever overkill.

      Run WinUBCD, change the shell to cmd.exe, reboot, and run sfc. That would fix you right up, in about 10 minutes. And it would also give you the opportunity to figure out what happened...
      --
      "City hall" in German is "Rathaus" Kinda explains a few things......
    2. Re:AND???? by bcmm · · Score: 1

      How is reinstalling Grub more painful than an XP install?

      Also, had you thought of just backing up and restoring the MBR with dd?

      --
      # cat /dev/mem | strings | grep -i llama
      Damn, my RAM is full of llamas.
    3. Re:AND???? by TheCarp · · Score: 1

      Duh.... read the comment...

      Its because he fucked up the order of operations and reinstalled windows before finding the ubuntu cd. When you add searching for a CD you haven't seen in 6 months to the complexity of a task, it can become far more daunting, (YMMV, I guess not everyone has trouble in this area, you could be an anal retentive organized freak).

      -Steve

      --
      "I opened my eyes, and everything went dark again"
    4. Re:AND???? by bcmm · · Score: 1

      Linux != Ubuntu, contrary to currently popular beliefs.

      --
      # cat /dev/mem | strings | grep -i llama
      Damn, my RAM is full of llamas.
    5. Re:AND???? by TheCarp · · Score: 1

      Whops. Mea Culpa.

      Ok, so _I_ would generally be searching for an ububtu CD, since its what I use on the desktop and a desktop is the only think I would consider dual booting. Though, Ubuntu, gentoo... they sound so similar... pure accident that I upgraded him to ubuntu :)

      -Steve

      --
      "I opened my eyes, and everything went dark again"
  21. Slow news day by jamesl · · Score: 1

    Very slow news day.

    1. Re:Slow news day by angus_rg · · Score: 1

      Maybe, but regardless of the news day, anyone incorrectly identifying a file native to Windows is Front Page(TM) news.

  22. Re:wow, what a bunch of crap. typical by Anonymous Coward · · Score: 0

    I don't know about kdawson but Zonk is easily the worst editor Slashdot ever employed. If I wanted to read some hipster's "tech" blog I would do so (or more likely, in a moment of clarity, kill myself for being a hipster dumbfuck). I don't, which is why I'm on Slashdot. Zonk is also responsible for spamming the games section with mind-numbingly stupid (and slightly creepy) stories on the non-issue of women in gaming and therefore considerably raising both my blood pressure and my nicotine intake.

    Blogging is killing the Internet. It must be stopped.

  23. Seen it all before... by Alioth · · Score: 2, Interesting

    ...last year, when Symantec flagged part of the Windows Server 2003 resource kit as a trojan. That one stayed in 'the wild' much longer, probably because the resource kit in particular wasn't a widely installed piece of software.

    We've also had Norton 'false positive' on the Windows version of Oolite.

    One of these days, a widely used, automatically updated virus scanner is going to detect something like KERNEL32 as malware and kill a whole lot of machines. Wasn't there a problem like this with the Chinese version of Windows earlier this year?

    --
    Oolite: Elite-like game. For Mac, Linux and Windows
    1. Re:Seen it all before... by Ash+Vince · · Score: 2, Insightful

      Both of the items you mention I can just about understand making it through a software testing process. It is feasible that none of the test machines had the two peices of software you mention installed. But if you can find me a windows box without explorer.exe I will show you a borked installation.

      It is not an optional component to install last time I checked so all of their test machines should have had this file. At least some of their test machines should have had exactly that same version of this file as the one they decided was a virus. So how the hell did they not notice when it quarantined or deleted it? Windows would go tits up at the next boot, if not earlier.

      The only way I can think this could happen is if the skimped on testing. In which case this is most definitely the sort of news I would like to read on slashdot as it will give me a reason not to use their anti-virus solutions. An Anti-Virus solution without a very well defined and effective testing procedure is not one I want to use.

      --
      I dont read /. to RTFA, I read /. to offend people in ignorance.
  24. HUHK = Hamburger University of Hong King by SlappyBastard · · Score: 2, Funny

    http://www.huhk.com/intro_background.html Hmmm... Truly viral marketing.

    --
    I scream. You scream. I assume that means we're both acquainted with the problem. We proceed.
  25. Because the AV business ain't about solutions by SlappyBastard · · Score: 1

    Building fail-safes would make sense and might work.

    --
    I scream. You scream. I assume that means we're both acquainted with the problem. We proceed.
  26. Not as slow as yesterday by strcpy(NULL,... · · Score: 2, Informative

    Yesterday, we read about a dork playing jingle bells by hitting his video card fan. This story is an improvement.

    --
    echo 'cat sig | sh' > sig
    1. Re:Not as slow as yesterday by armareum · · Score: 1

      Strangely, I want a link to that story. :s

      --
      Is this a rhetorical question?
    2. Re:Not as slow as yesterday by Anonymous Coward · · Score: 0

      Yesterday, we read about a dork playing jingle bells by hitting his video card fan. This story is an improvement.

      Says the guy whose Slashdot nickname incorporates the name of a C function. Not that I disagree with you, but "strcpy in a Slashdot username is WAY BETTER than jingle bells on a videocard fan!" sounds a lot like "duh everybody knows Spiderman could beat up Batman!".
  27. Re:um, don't they test these things before releasi by i.of.the.storm · · Score: 1

    Haha, I haven't seen netcraft confirms it in a long time - is netcraft dead? And Vista boots near instantly on my computer, but I understand it's a joke and also that I built my computer two months ago seeking out the best low-cost components possible, so my case may be something of an anomaly. But it's kind of funny because with XP I would usually hit the power switch, go take a piss or something, come back and find out that it still hasn't finished loading antivirus, firewall, etc... but that's more because of the sucky hardware than the OS.

    --
    All your base are belong to Wii.
  28. Anti-Virus Bug Briefly Identified Windows Explorer by tristian_was_here · · Score: 2, Funny

    So what does that mean? are we all fucked?

  29. Re:Anti-Virus Bug Briefly Identified Windows Explo by realdodgeman · · Score: 5, Funny

    So what does that mean? are we all fucked?
    No, just you. We run Mac, Linux and BSD.
  30. No Mistake by BanjoBob · · Score: 0

    What? Windows Explorer is malicious code. In Vista, just try and move a file to another device and you can wait for the rest of your life for the copy/delete functions to take place ;)

    --
    Banjo - The more I know about Windoze, the more I love *nix
    1. Re:No Mistake by Anonymous Coward · · Score: 0

      Supposedly the major file operation performance problems will be addressed (somewhat) in SP1. The fact they're there in the first place is pretty incredible though, there's just no excuse for OS fundamentals like file management getting worse after ~5 years of development and much faster hardware.

  31. Correction by Kazymyr · · Score: 0, Redundant

    What do you mean falsely identified?

    --
    I hadn't known there were so many idiots in the world until I started using the Internet -Stanislaw Lem
  32. bug? by saxoholic · · Score: 0, Redundant

    according to wikipedia, "Malware is software designed to infiltrate or damage a computer system without the owner's informed consent."

    Sounds like windows to me...

    1. Re:bug? by Kopiok · · Score: 1

      Except for the part where they give their consent. (Informed that only dirty hippies use OSX).

    2. Re:bug? by saxoholic · · Score: 1

      but it says INFORMED consent

  33. What do you mean... by Taelron · · Score: 0, Redundant

    wrongly? Sounds about right to me...

  34. Handful of consumers? by slicenglide · · Score: 1

    I know a guy who is Kaspersky happy, and installs it on everything he touches. All of the machines he touched were affected by this bug. I think it's more than a handful.

    --
    John Walsh once found me while looking for some other kid. He was not amused.
    1. Re:Handful of consumers? by brown-eyed+slug · · Score: 1

      Yes, there are plenty of jokes, or 'insights' here gleefully playing on the irony of explorer.exe being identified as 'malware', but out here in the real world it caused real problems.

      My sister is a normal person who doesn't know a great deal about technology but bought a PC, uses it for a bit of entertainment, and a bit of home office work. Runs firewall and anti-virus and is intelligent enough not to do stupid things.

      She rang me a few days ago to say she'd deleted a virus and now her PC wouldn't work.

      I visited to see what I could do, and after a few minutes investigation was surprised to find that explorer.exe was missing. I copied my version onto her drive and Windows loaded fine, only for Kaspersky to fire up its warning, saying that the only thing it could do was delete explorer.exe.

      My natural concern then was that something (well this "Huhk-C") was embedded in the system and I'd have to find an alternative method to remove it. That led to some googling and eventually the realisation that this was actually a Kaspersky bug.

      So I skipped the deletion, let the machine reboot again, and by that time Kaspersky's update had kicked in and I was able to clear all the warnings without further incident.

      I guess that's just an everyday story of 'tech support', but the fact is that this wasn't funny. My sister had half finished invoices on that machine that she couldn't get at for several days until I was able to visit (she'd had lots of advice from friends, colleagues and forums which didn't help). I was obviously inconvenienced by the time I had to spend sorting the mess out, and this situation must have been repeated in hundreds or thousands of locations around the world.

      Not the end of the world, but serious enough to cause distress to users. I didn't have an opinion about Kaspersky before, but I certainly do now!

    2. Re:Handful of consumers? by Anonymous Coward · · Score: 0

      Yeah but is she hot?

    3. Re:Handful of consumers? by siegfri3d · · Score: 1

      it happened the same to my girlfriend, she's a standard user as well, so she deleted the file.. i contacted Kaspersky saying that i was angry but they didn't even bother to answer.

  35. Re:Anti-Virus Bug Briefly Identified Windows Explo by Anonymous Coward · · Score: 1, Funny

    So what does that mean? are we all fucked? No, just you. We run Mac, Linux and BSD. Quite right. Mac, Linux and BSD users are rarely if ever fucked. ;)
  36. Re:Anti-Virus Bug Briefly Identified Windows Explo by Phroggy · · Score: 1

    Touché! Well played, sir.

    --
    $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
    $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
  37. Why things like this happen by Opportunist · · Score: 4, Insightful

    Now, of course they should not. Never. But they do. A few years ago, McAfee found MS Excel as malware (and acted accordingly, including detention or deletion, just like Kaspersky did with explorer now).

    But how? Don't they test?

    Of course they do. AV developers usually have some way to test against the most common software (and a few more software packages) before issuing a new signature. Though, as you can hopefully imagine, that takes time. The "whitelist" box that contains those "known good" files contains literally gigabytes (and soon terabytes) of software. As you can imagine, it takes a LOT of time to scan it all.

    Time, though, is of the essence in the malware fight. You NEED that signature out before the proverbial shit hits the fan (i.e. before your customer opens that infected spam mail that was just distributed a few billion times globally). So your sig update has to go out NOW. Preferably it should've been out an hour ago.

    How do you solve that quandary?

    There are a few strategies. But they all come down to one single problem: Having a current version of every file you want to whitelist. So what most likely happened is this:

    MS pushed an update for the file in question, most likely another of their infamous "silent" updates. You know, the ones you don't even notice. Now, if it wasn't a "silent" one, then one should wonder whether Kaspersky was sleeping (because they didn't fit it into their whitelist box in time) or whether it was pushed JUST at that time when they committed that update. Unfortunately such coincidences do happen.

    Now, I'm not working at Kaspersky. Rather, I'm working at one of their fiercest competitors. So I should probably rejoice at their blunder (and I'm fairly sure my boss will be in a GOOD mood on Thu, time to ask for a raise, I guess). But it can, did, does and will happen. To anyone in the biz. No matter how good you are and how good your false positive alarms and nets are, it can happen to everyone. If anything, this proves it. Kaspersky IS one of the key players in the business, and they usually know what they're doing.

    That's one of the reasons why I do highly recommend that you set your AV tools on "ask me before any action" mode. Yes, it bugs you every now and then, but it also means that things like this won't happen to you should your AV tool manufacturer have a similar problem one day.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:Why things like this happen by osssmkatz · · Score: 1

      Can I ask where you work? Because Mcafee does not impress me at the moment. You can send me an e-mail.. smkatz@gmail.com if you would prefer not to say so publicly. (I'm not worried about spam, because Gmail filters it.)

    2. Re:Why things like this happen by ydrol · · Score: 1
      That's one of the reasons why I do highly recommend that you set your AV tools on "ask me before any action" mode.

      Your average end users cant really make that decision. Thats the whole point of them *trusting* an AV product.

    3. Re:Why things like this happen by umonkey · · Score: 1

      So how do you know if that was an AV malfunction or something had really infected your explore.exe?

    4. Re:Why things like this happen by Opportunist · · Score: 1

      Take the file in question and send it to VirusTotal. There you can see whether your AV tool is the only one who claims an infection, or whether more AV manufacturers consider it a threat.

      Now, this is of course not a 100% surefire way to detect a false alarm, but it usually is a good indicator. Especially when it comes to system files. Infectors are today a tiny minority of malware, malware (especially commercial malware) comes in the form of trojans which don't infect files but try to dig into the system and become part of it. So, I'd wager in about 99% of all cases, such an alleged infection of a system file is a false alarm.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  38. Re:Anti-Virus Bug Briefly Identified Windows Explo by tristian_was_here · · Score: 1

    Know what all that means? shit...

  39. Who needs explorer? by SEMW · · Score: 1

    Ctrl-Shift-Esc, Alt f n, "powershell.exe" (or "cmd.exe" for old-timers).

    Bah. Explorer. Who needs it?

    --
    What's purple and commutes? An Abelian grape.
  40. Thats funny by Micro$will · · Score: 1

    Yesterday, AVG Free identified Quake4.exe as a trojan on my machine. I had to disable AVG and run the Quake 4 update to get it running again.

    1. Re:Thats funny by pembo13 · · Score: 1

      Was is a "legal" copy of Quake? or a warez version?

      --
      "Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
  41. Yes by SEMW · · Score: 1

    Hopefully the user is notified about the proposed merge? else it's housekeeping time for me when i get back to work. You get a "Confirm Folder Replace" dialogue.

    BTW, is pressing "ctrl-z" ( / edit -> undo) really that much housekeeping work?
    --
    What's purple and commutes? An Abelian grape.
    1. Re:Yes by marcello_dl · · Score: 1

      Control z is not going to help much if I had merged folders months ago unknowingly. I said "when i go back to work", even. Luckily there is the dialog so I likely never borked anything.

      --
      ---- MISSING MISCELLANEOUS DATA SEGMENT --- [sigdash] trolololol
  42. Windows is what is used @ work mostly, which = $ by Anonymous Coward · · Score: 0

    Dumb? For what??

    You call folks dumb for using Windows' 32-bit NT-based OS users dumb (& they're most likely of the NT family base like the modern ones are) @ home, + getting used to from nearly birth for a decade++ now there but also in the workplace worldwide.

    The most flexible & peripheral hardware + 3rd party application for good purposes laden platform there is. Ubiquitous, & flexible + a great API to work with on many levels. Complete with great tools to do so from MS & others as well like Borland.

    So folks are dumb in their utilizing the OS that truly is overall used the most for the most varied of tasks, from network client nodes, up thru departmental servers of all kinds, thru enterprise class servers driving enterprise class applications (both CUSTOM, & BackOffice engines driven (ala Exchange, SQLServer, IIS, etc. et al), beacause face it:

    Windows IS used the most used by people.

    I guess it is dumb to get used to the tools that people will most likely use the most on the job, where they make their living, the MOST with (in Windows)... this is dumb??

    I'd call it job preparation, & it's been this way for decades now. Get with it.

    APK

    P.S.=> Nobody says any OS or platform's perfect, but Windows is what the general public majority are on & have chosen for personal computing thusfar @ least, & for QUITE a while now.

    Posting this, for "posterities' sake": One thing I know is this - I know all OS platforms have gotten better in my time around them, & by huge leaps every 10 yrs. or so. Watch what the next 10 bring, & it'll all get better then too, & yes, including Windows (or, some future variant of it) & others like Linux, MacOS X, etc./et al... apk

  43. Re:Anti-Virus Bug Briefly Identified Windows Explo by shannara256 · · Score: 0

    Obligatory XKCD

  44. If Language is a Virus.. by cavebison · · Score: 1

    Then it's a good thing Kaspersky doesn't have voice recognition. I don't want to be confined for something I say.

    oops. shh, don't want to give the government any more ideas here..

  45. Pre-emptive paranoia by Waccoon · · Score: 1

    Note to anti-virus companies: ask the user what to do, instead of automatically deleting files you don't own. I stopped using all anti-virus software on my Windows machine because of rubbish like this.

  46. Re:um, don't they test these things before releasi by bigstrat2003 · · Score: 1
    Netcraft is dead... Netcraft confirmed it!

    Also, always good to see another Vista user. Now I'll have someone to get my back when I defend Vista against haters. ;)

    --
    "16MB (fuck off, MiB fascists)" - The Mighty Buzzard
  47. Re:Windows is what is used @ work mostly, which = by causality · · Score: 1

    Hmm where to start... first, you have been trolled and possibly unintentionally (by giving a serious response to a joke). Second, while you might have had a valid objection to the GP, you failed to use it; thus the entirety of your post can be summed up as "Follow the crowd and no one will ever think you're dumb!" That's great, if being a sheep and taking the path of least resistance is what makes you feel fulfilled.

    To claim that the popularity of Windows is an inherent virtue of the OS is just plain silly. It's an arbitrary decision that was heavily influenced by marketing and made in large part by people (regular end-users, phb's, etc) with no real computing expertise. This is a hell of a business accomplishment and what Microsoft has done in the computing industry is what every other company would like to do in its own industry. That's great for Microsoft and their shareholders, but you have done nothing to defend the intelligence of users who go along with it.

    P.S. if the near-ubiquitous quality of Windows means anything, it means that Microsoft's software failures are automatically magnified (think botnets, which are greatly facilitated by a monoculture). They will care about this only to the degree necessary to ensure that it doesn't become a marketing failure.


    Now make sure that, whatever you do, you do NOT reply to my post. That way you can follow the crowd and be like every other AC who can't follow the discussion.

    --
    It is a miracle that curiosity survives formal education. - Einstein
  48. Re:um, don't they test these things before releasi by i.of.the.storm · · Score: 1

    Yeah, I'm sure as time passes more and more people will be using Vista and realizing there's nothing really fundamentally wrong with it once you disable UAC (which I didn't really want to do because of the security feature but I really know what I'm doing and don't need 3 prompts when I want to change something in Program Files). And by the time Windows 7 rolls around everyone will be like "You can pry my Vista SP2 from my cold dead hands!" etc.

    --
    All your base are belong to Wii.
  49. "Just a handful" of home users by ozsynergy · · Score: 1

    Yeah, I don't know where they got there numbers from. But I was apart of the handful....
    Without any information about the "virus detection" at the time, I took the only safe path I could...
    Doing a full backup and reinstalling Windows and Linux. Wasted an entire day, thanks kasperkey :(

  50. Re:wow, what a bunch of crap. typical by Anonymous Coward · · Score: 0

    Yeah Zonk is a huge fag but I'd still say Jon Katz was worse.

  51. Re:Windows is what is used @ work mostly, which = by Anonymous Coward · · Score: 0

    "thus the entirety of your post can be summed up as "Follow the crowd and no one will ever think you're dumb!" That's great, if being a sheep and taking the path of least resistance is what makes you feel fulfilled." - by causality (777677) on Wednesday December 26, @01:49AM (#21819548) I never stated a thing about being "fulfilled": I just stated people are wise to use something that IS the most used, so they are ready for it in the workplace, so they can get paid. Job requirements & training for them is what running Windows @ home does for most folks.

    "To claim that the popularity of Windows is an inherent virtue of the OS is just plain silly." - To claim that the popularity of Windows is an inherent virtue of the OS is just plain silly. oh really? What better gauge is there?? I guess in YOUR world "the majority = dumb"... yea, ok. That would make you the "all knowing one" & the rest of us, just clueless... right???

    APK

  52. Re:Windows is what is used @ work mostly, which = by Anonymous Coward · · Score: 0

    I think that AC you are giving a tough time to is correct and you are the one off base here causality.

  53. Chinese version of Windows killed by Norton AV... by Anonymous Coward · · Score: 0
    Tens of thousands of WinXP PCs were rendered unbootable by a bad Norton AV update in the Chinese case

    http://texyt.com/Norton+Anti-virus+disables+thousands+of+PCs+in+China+00089

    Symantec's compensation offer was... interesting

    http://texyt.com/symantec+china+compensates+antivirus+victims+angry+reaction+00112

  54. I just had to repair a system this happened to by Impecca · · Score: 1

    A customer brought in their computer because they thought they had a virus because the computer was running slower. So they installed Kaspersky and it "found a virus" which happened to be explorer.exe. Sadly for this guy, it ended up costing him $120. Is it possible he could get his money back from Kaspersky? I doubt it. I seriously doubt it happened to just a handful of people if I happened to get a customer with this issue.

  55. This isn't all of it by Master+of+Transhuman · · Score: 1

    Kaspersky has made TWO major mistakes in a week's time.

    First, back on the 14th, they screwed up and issued update that had SERIOUS consequences for quite a few people running large networks. One guy had 700 machines down. Turns out they had a bug in the code since 1996, which was only discovered when they switched Microsoft compilers for version 7. The Linux compilers caught the bug and so the Linux version of KAV didn't have a problem. But the Microsoft compilers compiled the bug with no warnings or error messages, so it slipped through. At least that was the explanation Eugene Kaspersky put out on the forum.

    Second, this latest bug with Explorer which was fortunately caught within a couple hours. My client's machines never even saw it because their update cycle was longer.

    I've just started installing KAV 6.0 on one of my client's machines. He was suspicious of using a Russian company in the first place, but I told him it was okay since they're a high detector, got a management kit, good price for his 24 machine, etc.

    Then this shit happened. Doesn't make me look good, either. Fortunately it didn't drop our machines, it just caused a message to pop up saying the application launch didn't work.

    And recovering has not been easy, since the Admin Kit apparently still has the crap in it's source directory used for installing KAV on client machines. I'm going to have to uninstall and reinstall the Kit to make sure the buggy components are not there as I finish installing the rest of the machines.

    But what someone else above said is likely true - sooner or later some AV is going to drop thousands of scores of thousands of machines. This is obviously true when you consider that AVs are programs that burrow deep into the OS AND have almost continual updates of both signatures and software components. It's like running Windows Update every hour of every day! Sooner or later there's going to be a catastrophe. It's just not a sustainable process.

    --
    Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
  56. Re:Windows is what is used @ work mostly, which = by causality · · Score: 2, Insightful

    I never stated a thing about being "fulfilled": I just stated people are wise to use something that IS the most used, so they are ready for it in the workplace, so they can get paid. Job requirements & training for them is what running Windows @ home does for most folks.

    The point I was making, which should be clear to you, was that there is no merit in making a choice just because it is popular. I can choose to eat food because "everyone else does" and it means nothing; I can choose to eat food because my survival as an organic being depends on it and this is a rational decision. You could claim that jumping on the Windows bandwagon is a sign of intelligence due to business realities; you could conversely claim that the truly intelligent find ways to deal with compatibility issues without needing to use a single Microsoft product. Both claims mean next to nothing without some reasoning and perhaps evidence to back them up, and for all I know a serious study might determine no correlation with intelligence at all. The only reason why I used the word "fulfilled" is because some of us make decisions using additional criteria other than how much cash is invested in something. You can treat that concept as a stumbling block and willfully miss the point I was making if you like, but this does not negate what I am saying.

    "To claim that the popularity of Windows is an inherent virtue of the OS is just plain silly."
    oh really? What better gauge is there?? I guess in YOUR world "the majority = dumb"... yea, ok. That would make you the "all knowing one" & the rest of us, just clueless... right???

    All I said is that popularity does not determine actual merit. To say that this must mean I think I am the "all knowing one" is an emotional knee-jerk response that attempts to turn this into a personal matter and does nothing to address what I was saying. You don't like what I am saying, that's fine, but to act like this gives you license to automatically declare it false and make assumptions about my character is the very arrogance of which you seem to be accusing me.

    The bottom line is, whether the popularity of Windows is due to inherent merit and good design cannot be assessed objectively in the current marketplace (I am putting this mildly). That claim could only be made if 1) all PCs were shipped with blank hard drives and did not come with an operating system of any kind and it was up to the user to separately obtain and install one and 2) all users were technically skilled enough, as well as willing and able, to independently evaluate the stability, performance, and security of all major (PC) operating systems before choosing the one to use. Unless you could arrange for both of these to be true, what popularity is measuring is the marketing skill, business acumen, and incumbency of Microsoft and not the actual merit or design of Windows.
    --
    It is a miracle that curiosity survives formal education. - Einstein