Slashdot Mirror

← Back to Stories (view on slashdot.org)

Botched Security Update Cripples Thousands of Computers

Posted by samzenpus on from the houston-we-have-a-problem dept.

girlmad writes "Thousands of PCs have been crippled by a faulty update from security vendor Malwarebytes that marked legitimate system files as malware code. The update definition meant Malwarebytes' software treated essential Windows.dll and .exe files as malware, stopping them running and thus knocking IT systems and PCs offline, leaving lots of unhappy users and one firm with 80% of its servers offline."

33 of 274 comments (clear)

  1. Microsoft Security Essentials... by Frosty+Piss · · Score: 5, Insightful

    ...is all I use these days.

    Of course since Windows is "out of favor" here, one does not necessarily mention that Microsoft's "Security Essentials" is easily as good as most commercial Windows anti-malware packages, and much more "light weight". And free. And yes, everyone knows that Microsoft purchased the original technology (so what?) ...

    --
    If you want news from today, you have to come back tomorrow.
    1. Re:Microsoft Security Essentials... by H0p313ss · · Score: 3, Interesting

      Same here. But you should be aware that every time this topic comes up MSE is highly praised by Slashdotters.

      --
      XML is a known as a key material required to create SMD: Software of Mass Destruction
    2. Re:Microsoft Security Essentials... by Anonymous Coward · · Score: 5, Insightful

      NO, it hasn't been getting bad reviews, it has had some negative press based on some dodgy tests that try to use essentials for something it isn't really meant for. They throw zero day malware to test its heuristics, which are not wonderful. however in known malware (the stuff 99.9% of people need protection against) it is exceptionally good.

    3. Re:Microsoft Security Essentials... by ozmanjusri · · Score: 4, Informative

      MSE is highly praised by Slashdotters.

      Only by those who don't pay attention to current reviews. Like many recent Microsoft products, MSE started off well, but has been in steady decline since its release.

      --
      "I've got more toys than Teruhisa Kitahara."
    4. Re:Microsoft Security Essentials... by UltraZelda64 · · Score: 4, Informative

      Meh, who wants to keep checking the anti-virus reviews all the time and constantly switching, tossing money out here and there? These programs have the ability to cause enough problems on their own, and their effectiveness at "catching" things changes with the weather. You're better off just picking one and sticking with it, avoiding all the extra headaches. In the end, they're all pretty questionable (I wouldn't trust any of them over good old common sense), so you might as well get the one developed by the same people who make the OS to prevent any stupid little problems like what TFA is about. It just happens to be a nice bonus that Microsoft's product is free (well, beyond the Windows license fee at least...). IMO most of the "anti-virus industry" is just a bunch of whiny crooks themselves, and neither they or their software can really be trusted much more than the malware they claim to be fighting.

    5. Re:Microsoft Security Essentials... by inflex · · Score: 3, Insightful

      All I use and recommend now as well. Previously good AV suites have become pointlessly (for the consumer) bloated and I'm having a higher occurence of machines being bought in with faults explicitly attributable to the AV suites.

      I'm no fan of Microsoft, but I have to say that MSE does tend to do an acceptable job given that inevitably all AV suites let stuff slip past.

    6. Re:Microsoft Security Essentials... by oldlurker · · Score: 3, Informative

      Of course you can not produce unbiased reviews that actually say this...

      Actually, the leading security software reviewer site, AV-Test, gave MSE a bad review in the last round, they did not pass "AV-Test certification".

    7. Re:Microsoft Security Essentials... by donscarletti · · Score: 3, Interesting

      ...is all I use these days.

      Of course since Windows is "out of favor" here, one does not necessarily mention that Microsoft's "Security Essentials" is easily as good as most commercial Windows anti-malware packages, and much more "light weight". And free. And yes, everyone knows that Microsoft purchased the original technology (so what?) ...

      MSE is good for what it is and what it does, I first tried it after reading unanimous praise of it here on Slashdot. It's the only AV I've ever seen that does not conspicuously cause the system to become slow, unstable and/or quirky.

      I am feeling smug about this and is not about Microsoft or Windows itself, I just simply could not understand how a professional sysadmin could ever be in a position where they must run anti-virus on a server, which seems to be common practice amongst Windows admins.

      Antivirus is for checking that executables and libraries are free of malicious code. I just cannot possibly fathom why an executable or library could be running on a server if nobody had checked it beforehand. A good admin should scan and monitor tools that come from untrusted sources before putting it on a live server. A great admin should scan and monitor tools, even if they're from trusted sources before putting it on a live server. This is basic stuff and is why almost all servers are infected through network bugs, which can be easily prevented by keeping services up to date and non-essential services shut down or at least firewalled off.

      Why then do you need an Anti-Virus? It won't protect your services from buffer overflows or other infection vectors, it won't protect you from new rootkits unless it has wicked-sick heuristic analysis and you get lucky. So what does it guard against? Maybe someone using a zero-day attack vector and installing an old rootkit?

      So for a sense of security against unknown threats, you give an autonomous, externally controlled process, that is by design almost impossible to analyse, unfettered administrator access to your entire system. Now this happens, I feel smug.

      --
      When Argumentum ad Hominem falls short, try Argumentum ad Matrem
    8. Re:Microsoft Security Essentials... by Anonymous Coward · · Score: 5, Informative

      that is possibly the most biased of all reviews and testing sites as it takes money from the top AV vendors, the part it didn't do well in is zero day stuff, the part of an AV product that matters the least as nothing is reliable enough for zero day (not even the best products). The fact that AV-Test puts such significance on that part of their test really calls their whole process into question.i.e. DON'T trust them.

    9. Re:Microsoft Security Essentials... by Joce640k · · Score: 5, Insightful

      Only by those who don't pay attention to current reviews. Like many recent Microsoft products, MSE started off well, but has been in steady decline since its release.

      Face it, they're all shite... the viruses change every single day and no anti-virus of them will protect you from the latest ones. Not one. Virus infection is 100% due to the warm squishy thing between the keyboard and chair, not the flavor of antivirus installed on the machine.

      OTOH, MSE doesn't constantly annoy, slow your PC to a crawl or constantly ask for credit card details just to keep on running.

      --
      No sig today...
    10. Re:Microsoft Security Essentials... by Joce640k · · Score: 4, Insightful

      Experience has shown that it makes NO difference what anti-virus I install on people's machines.

      --
      No sig today...
    11. Re:Microsoft Security Essentials... by Samantha+Wright · · Score: 5, Insightful

      But if it doesn't slow the computer down to an unusable crawl, how will anyone ever feel safe?!

      --
      Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
    12. Re:Microsoft Security Essentials... by terjeber · · Score: 5, Funny

      This is considered the leading AV review site in the world

      I have a very, very nice bridge for sale, and just for you, I have a very, very good price. You should jump on this, it's a once-in-a-lifetime chance.

    13. Re:Microsoft Security Essentials... by cbhacking · · Score: 3, Interesting

      Have mod points, but what the hell: Win8 ships with MSE (well, with a version of Windows Defender that coincidentally has an antivirus capability that strongly resembles MSE) built in. You can of course disable it, but it's protected out of the box.

      That said, I think some of the old anti-trust restrictions on MS expired recently; this may be why they went ahead and bundled it with Win8 but didn't do the same for Win7.

      --
      There's no place I could be, since I've found Serenity...
    14. Re:Microsoft Security Essentials... by Joce640k · · Score: 5, Funny

      Don't forget the constant popup windows to tell you how well it's doing.

      They're very comforting.

      --
      No sig today...
  2. Meanwhile, at Malware Bytes HQ by girlintraining · · Score: 4, Funny

    "I don't understand... it worked fine in the lab."

    --
    #fuckbeta #iamslashdot #dicemustdie
    1. Re:Meanwhile, at Malware Bytes HQ by Aranykai · · Score: 4, Interesting

      And to think, just the other day I was being berated for delaying updates on system critical boxes...

      --
      If sharing a song makes you a pirate, what do I have to share to be a ninja?
    2. Re:Meanwhile, at Malware Bytes HQ by sabri · · Score: 4, Funny

      And to think, just the other day I was being berated for delaying updates on system critical boxes...

      Time for a salary increase request :-)

      --
      I'm not a complete idiot... Some parts are missing.
  3. Doh! by All_One_Mind · · Score: 3, Insightful

    For once I'm happy that I'm too lazy to regularly update programs like that.

  4. The cure is worse than the disease by tftp · · Score: 5, Interesting

    How many viruses your antivirus caught recently? How many CPU cycles the same antivirus burned through as you were opening files on your computer?

    Maybe I'm doing something wrong, but I haven't seen a virus in a decade. The majority of successful attacks are based on social engineering and on 0-day exploits of vulnerable code. An antivirus is not such a great help here. But antivirus companies are sitting pretty because the audience is conditioned that any PC must have an antivirus.

    1. Re:The cure is worse than the disease by Anonymous Coward · · Score: 4, Insightful

      I've yet to see an AV that actually can deal with browser add-on attacks.

      The only thing that might help is Malwarebytes because it blocks by IP address.

      If you want protection, use an ad blocker. Ad servers seem to be one of the chief causes, if not the top infection vector these days.

  5. 1 in 20 by tuppe666 · · Score: 3, Insightful

    Maybe I'm doing something wrong, but I haven't seen a virus in a decade.

    ...or maybe as http://eugene.kaspersky.com/2013/03/25/one-in-twenty-is-the-sad-truth/ "Even those who care nothing for their health still get sick – it’s just that the infection goes undiagnosed" as much as you may find it comforting blaming users, 1 in 20 infected machines implies there is something wrong. Its no wonder users are not buying PC's anymore.

  6. Re:Production by gweihir · · Score: 4, Informative

    AV software (or rather its definition files) has to be updated very fast if it is to have any value at all. You cannot qualify it for production, that takes too long. This is one reason the whole concept is fundamentally flawed, because it is still too slow.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  7. scoring 71% percent vs. the industry average 92% by tuppe666 · · Score: 4, Interesting

    Microsoft's popular Security Essentials anti-virus software has failed to gain the latest certificate from the AV-TEST institute. http://www.theverge.com/2013/1/17/3885962/microsoft-security-essentials-fails-anti-virus-certification-test "In antimalware testing against a range of products, AV-TEST failed to certify AhnLab V3 Internet Security 8.0, Microsoft Security Essentials 4.1, and PC Tools Internet Security 2012 out of a total of 25 different vendors. Microsoft's own anti-virus software failed to adequately protect against 0-day malware attacks, scoring an average of 71 percent vs. the industry average of 92 percent."

    Nobody cares whether its original they care if it works.

  8. malwarebytes finally gets it right by mevets · · Score: 4, Funny

    It identified the malware, disabled it, and everyone gets upset...
    no pleasing some people

  9. Re:scoring 71% percent vs. the industry average 92 by Frosty+Piss · · Score: 5, Interesting

    "AV-TEST institute" is well known to require financial investment for a top rating, their recommendations - such that they are - are highly suspect.

    --
    If you want news from today, you have to come back tomorrow.
  10. Re:scoring 71% percent vs. the industry average 92 by Dahamma · · Score: 3, Informative

    The problem is the solutions that may do a bit better catching the 0-day malware are also the ones that are so heavyweight they noticeably affect the performance of your system. There is a tradeoff at some point between resource usage and coverage. One thing MSE definitely has going for it is it doesn't badly degrade performance like McAfee, Norton, recent AVG, etc do.

  11. Re:One major reason why AV is a dead-end by Spikeles · · Score: 3, Insightful

    There is no way to prevent these things from happening

    Sure there is. Kaspersky Anti-Virus Security Center has a Update Verification module built in, that allows a sysadmin to install the update to a known-clean test group and then run a virus scan BEFORE the update is applied to the rest of the machines. If the scan fails(ie, finds anything), the update is aborted and an email is sent to the admin. If Malwarebytes had that kind of thing(or if it did and the sysadmins actually used it), this wouldn't even be an issue.

    --
    I don't need to test my programs.. I have an error correcting modem.
  12. Re:scoring 71% percent vs. the industry average 92 by Electricity+Likes+Me · · Score: 5, Insightful

    Basically "stop doing stupid things with your computer".

    Why a firm needed Malware Bytes on it's servers in the first place is the real question here.

  13. A few points... by waspleg · · Score: 5, Interesting

    1.) I've been using MS Security Essentials for YEARS without issue and have it running on many machines also without issue, not it does not catch EVERYTHING; but nothing does. It does a pretty damn good job for something ad-free, shitware-bundle free. Other than the occasional annoying "OMG YOU HAVEN'T SCANNED ANYTHING!@#!@ orange flagged monopoly house ! warning, is pretty unobtrusive.

    2.) All Windows versions prior to 8 could also use Windows Defender in addition, if you want to, but they've been rolled together under the Windows Defender name and are included by default in Windows 8.

    3.) Microsoft also has a Malwarebytes-like scanner called Safety Scanner although it auto-expires after 10 days and has to be reinstalled for subsequent use; no idea why.

    4.) 0-day exploits by definition would be more or less impossible to defend against, wtf is the problem? I'm no MS fanboy, but the hate here is unwarranted, they're basically risking massive lawsuits against them again for anti-trust by even doing this and frankly it's about fucking time they should have had all of these tools available from its inception.

    5.) Malwarebytes has gone from a must-have awesome malware scanner to total shit adware in the typical bait-and-switch style business model of the day which goes something like a.) build something awesome b.) give it away for free c.) change to paid model with your own bundled malware and bullshit once it gets popular d.) crash and burn e.) laugh all the way to the bank.

    Where I work uses Sophos, I would say it's far worse (and used more as an attempt at draconian control than really A/V, and does next to nothing for malware, updates fail constantly, etc), and I've actively advised people to not use Macfee and Norton for a very long time because of all their dumb bullshit problems. Clamwin is still pretty terrible and ridiculously slow, after all these years. I think the only one I've never used at all is Kapspersky, or whatever.

    $.02
     

  14. Malwarebytes by 1s44c · · Score: 3, Insightful

    The clue is in the name.

  15. Re:Really, so explain this: by Anonymous Coward · · Score: 5, Informative

    From the "article"

    Disclosure
    Symantec Corporation funded the production of this report, selected the test metrics and list of products to
    include in this report, and supplied some of the test scripts used for the tests.

    Hmm...

  16. Re:Production by wonkey_monkey · · Score: 3, Insightful

    Yeah, stupid idiots, why didn't they write their own OS from scratch at the start, then they wouldn't have any of these problems.

    --
    systemd is Roko's Basilisk.