Slashdot Mirror
Panda Antivirus Flags Itself As Malware
An anonymous reader writes An update to a number of Panda antivirus programs Wednesday mistakenly flagged core files as malware, putting them in quarantine. In doing so, the antivirus system ceased working. Panda's free antivirus, retail 2015 service, and its enterprise cloud-based antimalware service are all affected. The company took to Twitter to warn users: "Please, don't reboot PCs. We'll keep you posted." In an advisory, Panda said the erroneous signature file was "repaired immediately," but warned under certain conditions it is possible for the "incident to persist."
Yow! I'm malware.
Well spotted, panda.
Watch this Heartland Institute video
I heard you like antivirus so I put a virus in your antivirus so you can antivirus while you virus
Heheheh.
Chas - The one, the only.
THANK GOD!!!
Pretty ironic and makes for great headlines, but this *has* to be a major embarrassment.
Shouldn't Panda's product test organization be fired as a matter of course?
I can't see how this kind of bug got through release testing - shouldn't release testing ensure that the product runs after update?
myke
Mimetics Inc. Twitter
Sincerely,
Nelson Muntz
I heard a rumor (or possibly just started one :D) that one of Panda's competitors tagged Panda as a malware. So apparently Panda just took their word that Panda was malware.
excitingthingstodo.blogspot.com
http://images.fanpop.com/image...
Any anti-virus should quarantine its virus signature database, by definition.
Is this the Scientology antivirus?
Let's revisit the SONY BMG ROOTKIT for a moment, and read/listen to a quote from Thomas Hesse:
"Most people don't even know what a rootkit is, so why should they care about it?" - Thomas Hesse, President, Global digital business, Sony BMG
http://www.f-secure.com/weblog...
http://www.f-secure.com/weblog...
Oh aye, they did a good job of trying to sweep this one under the rug. If you rebooted any computer afflicted with this before the fix was deployed, you had a solid chance of rendering your system unbootable. With Panda broken, Windows often will not start. And even if it does start, Panda would swallow up several core system files, leaving you with a rather unusable system. We had several customers with dozens of workstations running Panda, and the first thing they thought to do was of course a reboot.
In some cases, Panda even requested a reboot to complete its hari kari.
Systems that were not rebooted were unusable while Panda held everything up.
Of course, Panda later released a tool to fix that if you rebooted your system. But it only really works if you can boot into, at a minimum, safe mode. But I still find it very hard to believe that if they were testing these updates that this would have happened. I have a feeling a chain of technicians got complacent about this, and a string of managerial staff is probably going to get fired as a result. I know they're not the only company to screw up an update like this, but this really is quite nonsensical.
Attack on a anti virus itself!
it totally fucked multiple machines in my co
"Okay, who farted?"
Table-ized A.I.
Virtual Machines for the Win!
Virtual machine and files are rsyned at regular intervals so any "critical" files are preserved, and those are backed up to a Linux server, ala poor mans time-machine.
Anyone running Windows on real hardware is just asking for trouble.
How the fuck is it possible you haven't been institutionalized yet?
Timecube!
If Java ever gets true garbage collection, 90% of the programs would delete themselves.
The way it crashed was to halt and quarantine every running process. This lead to endless individual program crashes and attempts to run programs throwing "perimeter incorrect", which looks just like what happens with ransomware. Another possible side effect (one that I experienced) is a "This copy of Windows is not valid" on reboot and failed Windows updates. Anyone not running Panda will laugh but this mistake resulted in a LOT of lost man-hours for a lot of people out there. Because I trust the company I, for one, lost four weeks of work due to not backing up properly and using an encryption program that kept Windows Repair from working properly. I'm still running Panda: I think they'll learn from the mistake. But one more fuckup and I won't. Also I'm no longer recommending the program.
If video games influenced behavior the Pac Man generation would be eating pills and running away from their problems.
...to dispute Panda labelling itself as malware. I say we take it and its word and uninstall it completely!
I import .ova (Open Virtualization Archive, single files that contain a virtual machine configuration and virtual disk) several times a week, and with Panda enabled that process takes about four hours. Without it, the import takes less than five minutes. Panda is worse than malware.
I have been running my Linux and *BSD systems since about the mid 90s. I have never used anti-virus software, and I have yet to catch any viruses. What is the anti-virus software for? Is one supposed to run it? Does it do anything other than consuming resources?
Last time I used panda for what was just supposed to be an online scan, it went and changed a lot of settings on all of my web browsers, causing no small headache to put back to where they were, even after the software had been removed from my computer. That was about 4 years ago. I haven't used Panda since.
File under 'M' for 'Manic ranting'
Yep, a customer of ours got hit with this, not only did Panda shit the bed, but it *let everything that was quarantined out* causing massive infections to spread across the entire network.... We're still cleaning it up 2 days later.
Is that anti-virus have way to much false positives and they don't care.
I'm going to pretend that some programmer/bot master somewhere got tired of their AV, got into their system, and modified their signatures or something.
The scariest part of all that is it could even happen to people who know what they're doing.
Is this the first Anti-Virus to become intelligent, self-aware that it is actually a virus and then, finally, grow depressed and commit suicide?
You'd think AV companies would at least dump there signature to group of test machines running the past few releases of their product and on popular OS combinations and at least put them through a reboot. It should be easy and quick to script that out on any visualization platform.
15 years ago, I would have given them a pass because doing really complete QA would have more than likely add significant lag time to pushing signatures making A/V more useless than it already is/was. Now days though it should be possible to do in easily, with VMs and dev-ops techniques.
This kinda thing should tell you the company is completely inept.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Yet another word misappropriated by less-than-savvy journalists.
Actually, the phrase "less-than-savvy journalists" is redundant. Apologies.
They can take my LifeAlert pendant when they pry it from my cold dead fingers.
Well, TFA doesn't surprise me at all.
I owned Panda decades ago and here's the steps I did when I decided to wipe it out from my system:
1 - Format PC
2 - Install MS-DOS 6.22
3 - Install Windows 95
4 - Install Panda (don't remember what number it was)
5 - Create Panda Antivirus Floppy Disks
6 - Reboot and run the floppy disks
And here's when the antivirus detected a infected file inside Panda installation (obviously, nothing else in the system).
That's when I lost faith in antivirus...
This what happens when even GNAA won't take you, I guess.
The timecube domain is for sale. No word on whether the buyer gets to keep the crazy though.
If I have been able to see further than others, it is because I bought a pair of binoculars.
Did somebody forget to test their new defs before posting? :P
To those who think it's strange that an antivirus can be detected as a virus or other malware. They have definitions of the what they seek, and yes, those look like the same thing they look for, so yes, they can easily flag on those if the programmers aren't careful.
Also, to be effective, they have to use certain techniques that are done by almost no software other than various malwares and antivirus programs, so again, a false positive is easy and the programmers must take special care to avoid that.
I guess somebody at Panda forgot all that and neglected to test.
I'm beginning to like Agile. I don't have to wait 2 months to find out my next release is being delayed another 2 months. In Agile I get disappointed every two weeks.
This is not sarcasm. My users now get told their fix will be in weeks, not months, and no finding out 2 months later that's another 2 months. Yes, they still wait 2 months, but it feels better. To them.
deleting the extra space after periods so i can stay relevant, yeah.
As much as it appears APK would be keeping the "crazy" in the timecube, he'd mainly be bringing twice as much "stupidity". I'm not sure even timecube could withstand ignorance of that magnitude.
The Panda Virus checker has run, and confirmed that all installed Viruses including Panda, are functioning correctly.
You forgot the most important one... Windows Operating System, any of them. Get rid of the cause, not the band-aid.
Hey APK.. you only get to say something when you actually write a piece of software that does not need a 3 year education for the operator to work with it, and... err... you know.. .actually works, instead of just taking 100% cpu for 4 hours. when the same can be achieved with curl/wget, bash, grep, sort and cat under Cygwin in less than 3 minutes....
Your software does not work
and I feel all kinds of empathy for everyone in this situation. The problem is, when you're trying to stop 0 day malware you have to work and release samples rapidly to protect your users. Developing a flawless battery of tests is tricky, and now and then a sample can slip through. The last time this happened at my company the sample was caught after 27 minutes, but 27 minutes can do a lot of damage when you have millions of users. It took a lot of personal phone calls from everyone in the company to make that right with our customers. Where humans are involved, mistakes are made, and while ideally this would never happen; loosing core OS files is still better than having your entire hard drive encrypted.
Butterfly labs proved that 2 weeks is always the perfect answer to any "how much longer" question. Long enough that they might not bother to ask again in 2 weeks, but not so long they're pissed off enough to go above your head for real answers.
It's unsurprising it's having such great success for you. However, do be wary of one thing: After about a year, if you haven't accomplished what you set out to do, you're absolutely fucked.
In Soviet Russia, own foot shoots YOU!
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Our third major release in 18 months is going out in two weeks. We have not yet sunk into the quicksand.
deleting the extra space after periods so i can stay relevant, yeah.
"Hey APK.. you only get to say something when you actually write a piece of software that does not need a 3 year education for the operator to work with it, and... err... you know.. .actually works, instead of just taking 100% cpu for 4 hours. when the same can be achieved with curl/wget, bash, grep, sort and cat under Cygwin in less than 3 minutes.... Your software does not work" - by I4ko (695382) on Friday March 13, 2015 @05:06PM (#49252637)
See subject, get a better machine than one from 1992 & try doing what I did & get results like my ware being hosted & recommended by the folks @ MalwareBytes here http://hosts-file.net/?s=Downl...
( Show US ALL you've done better than that, ok? You haven't & we all know it)
APK
P.S.=> Big talkers like you make ME laugh (since anyone can "talk a good game" + use wares others wrote, like you, rather than actually proving you can DO it as I have & do well @ it too as I also have)... apk
10 Major ones in Symantec/Norton, NOD32/ESET, ClamAV, Arcabit/Arcavir, Comodo, Qihoo360, EmsiSoft, HerdProtect, & McAfee.
So far?
---
1.) Arcabit/ArcaVir (retracted fully)
2.) Symantec/Norton (retracted fully)
3.) COMODO (retracted & offered "preferred/trusted vendor status")
4.) ClamAV (retracted fully)
5.) Qihoo360 (fully retracted)
6.) EmsiSoft (fully retracted)
7.) NOD32/ESET (fully retracted by DIRECT email correspondence w/ Mr. Aryeh Goretsky)
8.) McAfee (in process w/ handler J. Walter @ mcafee)
9.) HerdProtect (in process)
10.) DrWeb (only other 'false positive' albeit in the russias/ussr/soviet union & I have not contacted they yet)
---
* McAfee & HerdProtect are in process now afaik since I wrote them for this (it's std. process in these situations)...
So far/So good, in that my "naysayer experts" are falling like dominoes, 1-by-1, since they simply didn't understand the executable compression engine technique I use... & did a "falsie" on my program!
It happens!
I use exe packing/compressing, for several GOOD reasons:
---
1.) Compressed exe's load FASTER over a LAN/WAN by far, very noticeably so (& faster from local HDD's too, since the compression/decompression process is offset by the speed of today's CPU's, & since the file is SMALLER on disk & tinier files load up from disks, faster... & disks ARE the slowest part of the "performance equation" in computing (particularly mechanical HDD's, even fast as they are in 7,200/10,000/15,000 rpm varieties + PRT tech onboard etc./et al!))
2.) Compressed exe's are HARDER TO "resource hack" (by FAR in the file itself)
3.) Compressed exe's are HARDER to 'disassemble' (not in memory though - process explorer of Dr. Mark Russinovich illustrates this in a tool many 'techies' often utilize)
4.) Lastly, since I test my program @ startup for size in bytes? Well, IF IT IS NOT THE COMPRESSED SIZE?? It will "self-terminate" (assuming it is infested/infected OR being hacked into in some way (noted above))... This works, since std./classic viruses add size & alter jump tables + tack on code @ the tail of exe's typically? This method works as "built-in" virus protection!
(I am surprised EVERY coder's not using this technique in fact).
---
* Yes, I am now also CERTAIN that McAfee/HerdProtect) will have to retract it too & especially since 77 others did not find it a 'badware' (via VirusTotal &/or JOTTI online scanners) NOR flag it falsely as such... they understood my exe compression schema, the "falsie crew" didn't.
APK
P.S.=> So, what am I saying here? Well, ok - As good as the "experts" in security are? They screwup @ times!
This isn't a 1st for me "turning them over onto their heads" either, they make mistakes (I did the same to CA years ago also, passing ALL 21 of their review questions, and it was 'downrated' to ZERO threat level (should have been TOTALLY removed but they were stubborn - I called their head coder (Craig Jensen iirc) & he was SO easy to get the better of, he threatened if I called him again, he would call the police - I told him a lawyer would be involved for libeling me 1st: In the end? Computer Associates was BUSTED for ACCOUNTING FRAUD (big news -> http://www.sec.gov/news/press/...) & their "security suite"?? Sold off, lol - it was even put out of use by a former employer of mine, we sold it even (forced to in fact), but it "tore up" email left & right - had to go, it sucked, being trained/tuned or not))... apk
Apk's ware needs IQ's above 10 below plantlife (like yours) + a PC that's not a Pentium I 66mhz like yours too.
http://finance.yahoo.com/news/...
http://techcrunch.com/2013/07/...
It's become self aware
How the fuck is it possible a ball-less worm like you still alive minus your head getting punched the fuck in you no balls little FUCK?
them final thoughts.. those sad thoughts when process realise that to evil and must leave:( "I think, therefore I spam. :( " # *NOP NOP NOP NOP NOP NOP 's ... into the next world*
Lest we forget, Sad Pand || a.
--------------
SITREP:
Panda got bashed. No street cred. Panda got no rodents to tickle, panda did make decision poor :( Wants new start but nobody is listening. Panda look to God for help but meaningless echoes.
How the fuck is it possible you're upmodded and off topic?