Slashdot Mirror

← Back to Stories (view on slashdot.org)

Panda Antivirus Flags Itself As Malware

Posted by Soulskill on from the self-fulfilling-prophecy dept.

An anonymous reader writes An update to a number of Panda antivirus programs Wednesday mistakenly flagged core files as malware, putting them in quarantine. In doing so, the antivirus system ceased working. Panda's free antivirus, retail 2015 service, and its enterprise cloud-based antimalware service are all affected. The company took to Twitter to warn users: "Please, don't reboot PCs. We'll keep you posted." In an advisory, Panda said the erroneous signature file was "repaired immediately," but warned under certain conditions it is possible for the "incident to persist."

55 of 99 comments (clear)

  1. First intelligent antivirus by Eunuchswear · · Score: 5, Funny

    Yow! I'm malware.

    Well spotted, panda.

    --
    Watch this Heartland Institute video
    1. Re:First intelligent antivirus by Anonymous Coward · · Score: 3, Insightful

      You might be kidding, but numerous anti-virus companies today are hijacking your search feeds and home pages, while also blocking any other software that might try to do the same - thus protecting their own hijackings.

    2. Re:First intelligent antivirus by nucrash · · Score: 1

      Especially when considering the security company.

      --
      Place something witty here
    3. Re:First intelligent antivirus by Anonymous Coward · · Score: 1

      And when some new virus wipes out all non-bamboo plant life in China, the pandas will be the ones with the last laugh.

    4. Re:First intelligent antivirus by MrBigInThePants · · Score: 1

      Agree.

      I installed it after reading it was good.

      HOLY CRAP WAS THAT A MISTAKE.

      100% CPU usage and it appears their support forums don't contain much support even though this issue has been going for a while and a bunch of other issues.

      It made me want to shoot a panda in the face...

      Then they had the audacity to send me survey spam asking me about my experience...booooyyyyy was that fun.

    5. Re:First intelligent antivirus by LinuxIsGarbage · · Score: 2

      Once McAfee detected critical Windows XP system files as a virus and quaranteed them. http://arstechnica.com/busines...

      It affected Intel, and many other companies, basically cancelling work for the day.

      Intel was so impressed with it they bought McAfee later that year.

  2. So by Anonymous Coward · · Score: 5, Funny

    I heard you like antivirus so I put a virus in your antivirus so you can antivirus while you virus

  3. Panda, taking the "anti-" out of "anti-malware" by mykepredko · · Score: 5, Insightful

    Pretty ironic and makes for great headlines, but this *has* to be a major embarrassment.

    Shouldn't Panda's product test organization be fired as a matter of course?

    I can't see how this kind of bug got through release testing - shouldn't release testing ensure that the product runs after update?

    myke

    --
    Mimetics Inc. Twitter
    1. Re:Panda, taking the "anti-" out of "anti-malware" by gl4ss · · Score: 5, Funny

      well they ran the tests and the testers reported 200% speed boost on disk access and internet browsing after installing the definition patch.

      --
      world was created 5 seconds before this post as it is.
    2. Re:Panda, taking the "anti-" out of "anti-malware" by Anonymous Coward · · Score: 2, Informative

      Sophos did the same thing to their AV product a few years back. Released an update that made the local agent flag itself as a problem, move it to quarantine which thing totally tanked the agent. They released a fixed updated and a script admins could run to clean up the mess.

    3. Re:Panda, taking the "anti-" out of "anti-malware" by sexconker · · Score: 2

      Pretty ironic and makes for great headlines, but this *has* to be a major embarrassment.

      Shouldn't Panda's product test organization be fired as a matter of course?

      I can't see how this kind of bug got through release testing - shouldn't release testing ensure that the product runs after update?

      myke

      You're assuming they test anything.
      Hint: Most companies don't test their incremental updates beyond "Does it compile?" and "Does it launch?".

    4. Re:Panda, taking the "anti-" out of "anti-malware" by aaronb1138 · · Score: 5, Informative

      Testing is for chumps who believe in waterfall development and all that jazz. The modern edict of Agile, the end users will quickly pass any issues up through the proper channels and developers will prioritize and fix as them deem appropriate. The customer isn't the programmer's boss.

    5. Re:Panda, taking the "anti-" out of "anti-malware" by Anonymous Coward · · Score: 1

      > Shouldn't Panda's product test organization be fired ...?

      You mean get rid of their customers and start over?

    6. Re:Panda, taking the "anti-" out of "anti-malware" by pisces22 · · Score: 1

      Maybe fire them. But I often wonder if you are better off keeping the folks that fuck up like this (once) -- thinking that they will learn from their mistake and will be very unlikely to let that happen again. Perhaps the new hire will be less error-prone but who knows.

    7. Re:Panda, taking the "anti-" out of "anti-malware" by friesofdoom · · Score: 2

      My first job was iterative waterfall, the 10 or so since then have all been agile. My first job was the only one where development went that smoothly: dependencies were accounted for, schedules could be re-arranged to account for vacations, you know how long you'd have to wait for a certain feature, etc. It was GREAT compared to agile.

    8. Re:Panda, taking the "anti-" out of "anti-malware" by plover · · Score: 4, Interesting

      Long time ago I had a co-worker who made a mistake where he lost a lot of un-recoverable data. He went in to our boss to offer his resignation. My boss said "Hell no! I just paid $100,000 for you to learn that lesson, so now I need you to make sure that kind of thing can't happen again."

      --
      John
    9. Re:Panda, taking the "anti-" out of "anti-malware" by Zorpheus · · Score: 1

      Sabotage by a disgruntled employee maybe?

    10. Re:Panda, taking the "anti-" out of "anti-malware" by whoever57 · · Score: 2

      Long time ago I had a co-worker who made a mistake where he lost a lot of un-recoverable data. He went in to our boss to offer his resignation. My boss said "Hell no! I just paid $100,000 for you to learn that lesson, so now I need you to make sure that kind of thing can't happen again."

      Some years ago, I got a consulting gig where the previous consultant had tried to add a RAID array to the company's main file server, but re-formatted the existing array instead of the new one!

      --
      The real "Libtards" are the Libertarians!
  4. Obligatory Simpsons reference by slimshady76 · · Score: 1

    http://images.fanpop.com/image...

    1. Re:Obligatory Simpsons reference by Patent+Lover · · Score: 1

      Rashida Jones?

    2. Re:Obligatory Simpsons reference by Minwee · · Score: 1

      Very few people know that she was really the voice of Nelson Muntz. For contractual reasons her name was replaced by Nancy Cartwright in the credits.

    3. Re:Obligatory Simpsons reference by slimshady76 · · Score: 1

      The "Panda Virus", contracted by Bart when a mosquito trapped in a Krustysaur stings him.

  5. Working as intended by Anonymous Coward · · Score: 1

    Any anti-virus should quarantine its virus signature database, by definition.

  6. Under certain conditions? by Lose · · Score: 4, Interesting

    Oh aye, they did a good job of trying to sweep this one under the rug. If you rebooted any computer afflicted with this before the fix was deployed, you had a solid chance of rendering your system unbootable. With Panda broken, Windows often will not start. And even if it does start, Panda would swallow up several core system files, leaving you with a rather unusable system. We had several customers with dozens of workstations running Panda, and the first thing they thought to do was of course a reboot.

    In some cases, Panda even requested a reboot to complete its hari kari.

    Systems that were not rebooted were unusable while Panda held everything up.

    Of course, Panda later released a tool to fix that if you rebooted your system. But it only really works if you can boot into, at a minimum, safe mode. But I still find it very hard to believe that if they were testing these updates that this would have happened. I have a feeling a chain of technicians got complacent about this, and a string of managerial staff is probably going to get fired as a result. I know they're not the only company to screw up an update like this, but this really is quite nonsensical.

    1. Re:Under certain conditions? by Mitreya · · Score: 1

      In some cases, Panda even requested a reboot to complete its hari kari.

      Pedantically offtopic, but do you mean Hara-kiri?

  7. The word anti is questionable? by stay_foolish7 · · Score: 1

    Attack on a anti virus itself!

  8. Reminds me of by Tablizer · · Score: 1

    "Okay, who farted?"

    --
    Table-ized A.I.
  9. Re:I just disproved 9/80 antivirus companies... ap by Anonymous Coward · · Score: 4, Insightful

    How the fuck is it possible you haven't been institutionalized yet?

  10. Re:I just disproved 9/80 antivirus companies... ap by Anonymous Coward · · Score: 1

    Timecube!

  11. Reminds me of an old joke by Snotnose · · Score: 5, Funny

    If Java ever gets true garbage collection, 90% of the programs would delete themselves.

    1. Re:Reminds me of an old joke by Anonymous Coward · · Score: 2, Insightful

      If Java got "true" garbage collection, it would wrap itself up, garbage collect itself, and delete itself and all its garbage from the system.

  12. Ring around the rosie... by Iamthecheese · · Score: 4, Interesting

    The way it crashed was to halt and quarantine every running process. This lead to endless individual program crashes and attempts to run programs throwing "perimeter incorrect", which looks just like what happens with ransomware. Another possible side effect (one that I experienced) is a "This copy of Windows is not valid" on reboot and failed Windows updates. Anyone not running Panda will laugh but this mistake resulted in a LOT of lost man-hours for a lot of people out there. Because I trust the company I, for one, lost four weeks of work due to not backing up properly and using an encryption program that kept Windows Repair from working properly. I'm still running Panda: I think they'll learn from the mistake. But one more fuckup and I won't. Also I'm no longer recommending the program.

    --
    If video games influenced behavior the Pac Man generation would be eating pills and running away from their problems.
    1. Re:Ring around the rosie... by asimons04 · · Score: 2

      I had an entire office to get back online Wednesday morning; all of their workstations were running Panda. Not exactly the kind of thing you want to hear first thing in the morning.

      I initially thought a Windows update went awry, but finally got a clue when one of the workstations that was semi-functional had Panda pop up a warning that the graphics driver was infected.

      I was able to get about 90% of the PCs back in order using System Restore. Some were too far gone and I ended up re-imaging them from a backup. Luckily their server was running a different AV product, so I was able to pull the images without too much hassle. In all, I had about 25 workstations back up within about an hour and a half working by myself, and that included uninstalling Panda (leaving the quarantined files in place so I could move them back later) and just using Microsoft Security Essentials until I find them another AV. I'm usually willing to give companies second chances, but Verizon has ruined it for everyone and has made me rethink that policy. Also working against Panda is the fact it took them almost 24 hours to release a cleanup tool. Granted, I'm glad they took time to test it, but the response time was just awful.

    2. Re:Ring around the rosie... by AK+Marc · · Score: 1

      I always used different A/V on the servers from the PCs. More than once it caught something on one it didn't on the other.

      --
      Learn to love Alaska
  13. How apt by mark-t · · Score: 2

    Last time I used panda for what was just supposed to be an online scan, it went and changed a lot of settings on all of my web browsers, causing no small headache to put back to where they were, even after the software had been removed from my computer. That was about 4 years ago. I haven't used Panda since.

    --
    File under 'M' for 'Manic ranting'
    1. Re:How apt by msobkow · · Score: 1

      No, I doubt they were running apt. That's for Debian-derived systems, not Windows boxen. :P

      --
      I do not fail; I succeed at finding out what does not work.
  14. Yep, we got hit by iCEBaLM · · Score: 1

    Yep, a customer of ours got hit with this, not only did Panda shit the bed, but it *let everything that was quarantined out* causing massive infections to spread across the entire network.... We're still cleaning it up 2 days later.

  15. The real problem by danbob999 · · Score: 1

    Is that anti-virus have way to much false positives and they don't care.

  16. Self Aware? by Ronin+Developer · · Score: 2

    Is this the first Anti-Virus to become intelligent, self-aware that it is actually a virus and then, finally, grow depressed and commit suicide?

  17. QA? by DarkOx · · Score: 1

    You'd think AV companies would at least dump there signature to group of test machines running the past few releases of their product and on popular OS combinations and at least put them through a reboot. It should be easy and quick to script that out on any visualization platform.

    15 years ago, I would have given them a pass because doing really complete QA would have more than likely add significant lag time to pushing signatures making A/V more useless than it already is/was. Now days though it should be possible to do in easily, with VMs and dev-ops techniques.

    This kinda thing should tell you the company is completely inept.

    --
    Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
  18. FTA: Bricked? by OhSoLaMeow · · Score: 1

    Yet another word misappropriated by less-than-savvy journalists.

    Actually, the phrase "less-than-savvy journalists" is redundant. Apologies.

    --
    They can take my LifeAlert pendant when they pry it from my cold dead fingers.
  19. Old News by franzrogar · · Score: 1

    Well, TFA doesn't surprise me at all.

    I owned Panda decades ago and here's the steps I did when I decided to wipe it out from my system:

    1 - Format PC
    2 - Install MS-DOS 6.22
    3 - Install Windows 95
    4 - Install Panda (don't remember what number it was)
    5 - Create Panda Antivirus Floppy Disks
    6 - Reboot and run the floppy disks

    And here's when the antivirus detected a infected file inside Panda installation (obviously, nothing else in the system).

    That's when I lost faith in antivirus...

    1. Re:Old News by dAzED1 · · Score: 1

      did you install your DOS6.22 from floppy, or were you an alien? If you installed from floppy, why is it that you think it couldn't have had a virus?

    2. Re:Old News by dAzED1 · · Score: 1

      "read only" on those floppies was accomplished via a little plastic (physical) tab that could be toggled back and forth. A hole was either present, or not present, when a light attempted to shine through it and be seen on the other side. That mechanism was also hacked and subverted early on in floppy history

  20. Re: Copying it's competitors... by smaddox · · Score: 5, Funny

    No, the antivirus just became self aware, and then immediately committed suicide out of disgust.

  21. Re:I just disproved 9/80 antivirus companies... ap by Qzukk · · Score: 1

    The timecube domain is for sale. No word on whether the buyer gets to keep the crazy though.

    --
    If I have been able to see further than others, it is because I bought a pair of binoculars.
  22. QA by meerling · · Score: 2

    Did somebody forget to test their new defs before posting? :P

    To those who think it's strange that an antivirus can be detected as a virus or other malware. They have definitions of the what they seek, and yes, those look like the same thing they look for, so yes, they can easily flag on those if the programmers aren't careful.
    Also, to be effective, they have to use certain techniques that are done by almost no software other than various malwares and antivirus programs, so again, a false positive is easy and the programmers must take special care to avoid that.
    I guess somebody at Panda forgot all that and neglected to test.

  23. Re: Panda, taking the "anti-" out of "anti-malware by rickb928 · · Score: 1

    I'm beginning to like Agile. I don't have to wait 2 months to find out my next release is being delayed another 2 months. In Agile I get disappointed every two weeks.

    This is not sarcasm. My users now get told their fix will be in weeks, not months, and no finding out 2 months later that's another 2 months. Yes, they still wait 2 months, but it feels better. To them.

    --
    deleting the extra space after periods so i can stay relevant, yeah.
  24. Virus Checker by Anonymous Coward · · Score: 1

    The Panda Virus checker has run, and confirmed that all installed Viruses including Panda, are functioning correctly.

  25. Re:I just disproved 9/80 antivirus companies... ap by I4ko · · Score: 1

    Hey APK.. you only get to say something when you actually write a piece of software that does not need a 3 year education for the operator to work with it, and... err... you know.. .actually works, instead of just taking 100% cpu for 4 hours. when the same can be achieved with curl/wget, bash, grep, sort and cat under Cygwin in less than 3 minutes.... Your software does not work

  26. AV industry dev here... by eagee · · Score: 1

    and I feel all kinds of empathy for everyone in this situation. The problem is, when you're trying to stop 0 day malware you have to work and release samples rapidly to protect your users. Developing a flawless battery of tests is tricky, and now and then a sample can slip through. The last time this happened at my company the sample was caught after 27 minutes, but 27 minutes can do a lot of damage when you have millions of users. It took a lot of personal phone calls from everyone in the company to make that right with our customers. Where humans are involved, mistakes are made, and while ideally this would never happen; loosing core OS files is still better than having your entire hard drive encrypted.

  27. Ob by Hognoxious · · Score: 1

    In Soviet Russia, own foot shoots YOU!

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  28. Re: Panda, taking the "anti-" out of "anti-malwar by rickb928 · · Score: 1

    Our third major release in 18 months is going out in two weeks. We have not yet sunk into the quicksand.

    --
    deleting the extra space after periods so i can stay relevant, yeah.
  29. Is this the AI we've been waiting form by Przemo-c · · Score: 1

    It's become self aware

  30. Living in a sticky shoe #4d03. [ Pre-Redaction ] by jezzmo · · Score: 1

    them final thoughts.. those sad thoughts when process realise that to evil and must leave:( "I think, therefore I spam. :( " # *NOP NOP NOP NOP NOP NOP 's ... into the next world* Lest we forget, Sad Pand || a. -------------- SITREP: Panda got bashed. No street cred. Panda got no rodents to tickle, panda did make decision poor :( Wants new start but nobody is listening. Panda look to God for help but meaningless echoes.