Slashdot Mirror

← Back to Stories (view on slashdot.org)

Panda Antivirus Flags Itself As Malware

Posted by Soulskill on from the self-fulfilling-prophecy dept.

An anonymous reader writes An update to a number of Panda antivirus programs Wednesday mistakenly flagged core files as malware, putting them in quarantine. In doing so, the antivirus system ceased working. Panda's free antivirus, retail 2015 service, and its enterprise cloud-based antimalware service are all affected. The company took to Twitter to warn users: "Please, don't reboot PCs. We'll keep you posted." In an advisory, Panda said the erroneous signature file was "repaired immediately," but warned under certain conditions it is possible for the "incident to persist."

22 of 99 comments (clear)

  1. First intelligent antivirus by Eunuchswear · · Score: 5, Funny

    Yow! I'm malware.

    Well spotted, panda.

    --
    Watch this Heartland Institute video
    1. Re:First intelligent antivirus by Anonymous Coward · · Score: 3, Insightful

      You might be kidding, but numerous anti-virus companies today are hijacking your search feeds and home pages, while also blocking any other software that might try to do the same - thus protecting their own hijackings.

    2. Re:First intelligent antivirus by LinuxIsGarbage · · Score: 2

      Once McAfee detected critical Windows XP system files as a virus and quaranteed them. http://arstechnica.com/busines...

      It affected Intel, and many other companies, basically cancelling work for the day.

      Intel was so impressed with it they bought McAfee later that year.

  2. So by Anonymous Coward · · Score: 5, Funny

    I heard you like antivirus so I put a virus in your antivirus so you can antivirus while you virus

  3. Panda, taking the "anti-" out of "anti-malware" by mykepredko · · Score: 5, Insightful

    Pretty ironic and makes for great headlines, but this *has* to be a major embarrassment.

    Shouldn't Panda's product test organization be fired as a matter of course?

    I can't see how this kind of bug got through release testing - shouldn't release testing ensure that the product runs after update?

    myke

    --
    Mimetics Inc. Twitter
    1. Re:Panda, taking the "anti-" out of "anti-malware" by gl4ss · · Score: 5, Funny

      well they ran the tests and the testers reported 200% speed boost on disk access and internet browsing after installing the definition patch.

      --
      world was created 5 seconds before this post as it is.
    2. Re:Panda, taking the "anti-" out of "anti-malware" by Anonymous Coward · · Score: 2, Informative

      Sophos did the same thing to their AV product a few years back. Released an update that made the local agent flag itself as a problem, move it to quarantine which thing totally tanked the agent. They released a fixed updated and a script admins could run to clean up the mess.

    3. Re:Panda, taking the "anti-" out of "anti-malware" by sexconker · · Score: 2

      Pretty ironic and makes for great headlines, but this *has* to be a major embarrassment.

      Shouldn't Panda's product test organization be fired as a matter of course?

      I can't see how this kind of bug got through release testing - shouldn't release testing ensure that the product runs after update?

      myke

      You're assuming they test anything.
      Hint: Most companies don't test their incremental updates beyond "Does it compile?" and "Does it launch?".

    4. Re:Panda, taking the "anti-" out of "anti-malware" by aaronb1138 · · Score: 5, Informative

      Testing is for chumps who believe in waterfall development and all that jazz. The modern edict of Agile, the end users will quickly pass any issues up through the proper channels and developers will prioritize and fix as them deem appropriate. The customer isn't the programmer's boss.

    5. Re:Panda, taking the "anti-" out of "anti-malware" by friesofdoom · · Score: 2

      My first job was iterative waterfall, the 10 or so since then have all been agile. My first job was the only one where development went that smoothly: dependencies were accounted for, schedules could be re-arranged to account for vacations, you know how long you'd have to wait for a certain feature, etc. It was GREAT compared to agile.

    6. Re:Panda, taking the "anti-" out of "anti-malware" by plover · · Score: 4, Interesting

      Long time ago I had a co-worker who made a mistake where he lost a lot of un-recoverable data. He went in to our boss to offer his resignation. My boss said "Hell no! I just paid $100,000 for you to learn that lesson, so now I need you to make sure that kind of thing can't happen again."

      --
      John
    7. Re:Panda, taking the "anti-" out of "anti-malware" by whoever57 · · Score: 2

      Long time ago I had a co-worker who made a mistake where he lost a lot of un-recoverable data. He went in to our boss to offer his resignation. My boss said "Hell no! I just paid $100,000 for you to learn that lesson, so now I need you to make sure that kind of thing can't happen again."

      Some years ago, I got a consulting gig where the previous consultant had tried to add a RAID array to the company's main file server, but re-formatted the existing array instead of the new one!

      --
      The real "Libtards" are the Libertarians!
  4. Under certain conditions? by Lose · · Score: 4, Interesting

    Oh aye, they did a good job of trying to sweep this one under the rug. If you rebooted any computer afflicted with this before the fix was deployed, you had a solid chance of rendering your system unbootable. With Panda broken, Windows often will not start. And even if it does start, Panda would swallow up several core system files, leaving you with a rather unusable system. We had several customers with dozens of workstations running Panda, and the first thing they thought to do was of course a reboot.

    In some cases, Panda even requested a reboot to complete its hari kari.

    Systems that were not rebooted were unusable while Panda held everything up.

    Of course, Panda later released a tool to fix that if you rebooted your system. But it only really works if you can boot into, at a minimum, safe mode. But I still find it very hard to believe that if they were testing these updates that this would have happened. I have a feeling a chain of technicians got complacent about this, and a string of managerial staff is probably going to get fired as a result. I know they're not the only company to screw up an update like this, but this really is quite nonsensical.

  5. Re:I just disproved 9/80 antivirus companies... ap by Anonymous Coward · · Score: 4, Insightful

    How the fuck is it possible you haven't been institutionalized yet?

  6. Reminds me of an old joke by Snotnose · · Score: 5, Funny

    If Java ever gets true garbage collection, 90% of the programs would delete themselves.

    1. Re:Reminds me of an old joke by Anonymous Coward · · Score: 2, Insightful

      If Java got "true" garbage collection, it would wrap itself up, garbage collect itself, and delete itself and all its garbage from the system.

  7. Ring around the rosie... by Iamthecheese · · Score: 4, Interesting

    The way it crashed was to halt and quarantine every running process. This lead to endless individual program crashes and attempts to run programs throwing "perimeter incorrect", which looks just like what happens with ransomware. Another possible side effect (one that I experienced) is a "This copy of Windows is not valid" on reboot and failed Windows updates. Anyone not running Panda will laugh but this mistake resulted in a LOT of lost man-hours for a lot of people out there. Because I trust the company I, for one, lost four weeks of work due to not backing up properly and using an encryption program that kept Windows Repair from working properly. I'm still running Panda: I think they'll learn from the mistake. But one more fuckup and I won't. Also I'm no longer recommending the program.

    --
    If video games influenced behavior the Pac Man generation would be eating pills and running away from their problems.
    1. Re:Ring around the rosie... by asimons04 · · Score: 2

      I had an entire office to get back online Wednesday morning; all of their workstations were running Panda. Not exactly the kind of thing you want to hear first thing in the morning.

      I initially thought a Windows update went awry, but finally got a clue when one of the workstations that was semi-functional had Panda pop up a warning that the graphics driver was infected.

      I was able to get about 90% of the PCs back in order using System Restore. Some were too far gone and I ended up re-imaging them from a backup. Luckily their server was running a different AV product, so I was able to pull the images without too much hassle. In all, I had about 25 workstations back up within about an hour and a half working by myself, and that included uninstalling Panda (leaving the quarantined files in place so I could move them back later) and just using Microsoft Security Essentials until I find them another AV. I'm usually willing to give companies second chances, but Verizon has ruined it for everyone and has made me rethink that policy. Also working against Panda is the fact it took them almost 24 hours to release a cleanup tool. Granted, I'm glad they took time to test it, but the response time was just awful.

  8. How apt by mark-t · · Score: 2

    Last time I used panda for what was just supposed to be an online scan, it went and changed a lot of settings on all of my web browsers, causing no small headache to put back to where they were, even after the software had been removed from my computer. That was about 4 years ago. I haven't used Panda since.

    --
    File under 'M' for 'Manic ranting'
  9. Self Aware? by Ronin+Developer · · Score: 2

    Is this the first Anti-Virus to become intelligent, self-aware that it is actually a virus and then, finally, grow depressed and commit suicide?

  10. Re: Copying it's competitors... by smaddox · · Score: 5, Funny

    No, the antivirus just became self aware, and then immediately committed suicide out of disgust.

  11. QA by meerling · · Score: 2

    Did somebody forget to test their new defs before posting? :P

    To those who think it's strange that an antivirus can be detected as a virus or other malware. They have definitions of the what they seek, and yes, those look like the same thing they look for, so yes, they can easily flag on those if the programmers aren't careful.
    Also, to be effective, they have to use certain techniques that are done by almost no software other than various malwares and antivirus programs, so again, a false positive is easy and the programmers must take special care to avoid that.
    I guess somebody at Panda forgot all that and neglected to test.