Antivirus Webroot Deletes Windows Files, Causes Serious Problems For Users (pcworld.com)
Users of Webroot's endpoint security product, consumers and businesses alike, had a nasty surprise Monday when the program started flagging Windows files as malicious. From a report: The reports quickly popped up on Twitter and continued on the Webroot community forum -- 14 pages and counting. The company came up with a manual fix to address the issue, but many users still had problems recovering their affected systems. The problem is what's known in the antivirus industry as a "false positive" -- a case where a clean file is flagged as malicious and is blocked or deleted. False positive incidents can range in impact from merely annoying -- for example, when a program cannot run anymore -- to crippling, where the OS itself is affected and no longer boots. The Webroot incident falls somewhere in the middle because it affected legitimate Windows files and sent them to quarantine. This is somewhat unusual because antivirus firms typically build whitelists of OS files specifically to prevent false positive detections.
I'm sure all three users were massively upset though.
> the program started flagging Windows files as malicious
I don't see the problem. Works well.
Something /. users have been doing for years.
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
Are they sure those Windows files weren't malicious? Just because they belong to the OS doesn't mean they should automatically be trusted, especially in Windows.
This has happened to every Antivirus. This is why Microsoft made their own - Microsoft Security Essentials, and also Windows Defender. In the era of Microsoft's own AV, there is no need for a third-party AV installed on Windows.
After it can't boot anymore, Windows is WAY more secure than it was. Really, you could say they're doing a GREAT job of keeping your system free of virusses!
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
It found NSA malware hidden code in .dll files
This is a solved problem. For performance, scan all system files with an MD5 checksum and flag all suspects (but don't do anything yet). Scan multiple files at once multithreaded for extra performance. Now, go back and rescanned all suspect files with SHA-1 or SHA-256 to validate any potential false-positives that may have been flagged from the previous MD5.
Life is not for the lazy.
Windows users are probably used to this kind of nonsense by now.
The company I was working at in 2010 was effectively shut down for a day when McAfee flagged and quarantined svchost.exe.
http://www.theregister.co.uk/2...
"Users of Webroot's endpoint security product, consumers and businesses alike, had a nasty surprise Monday when the program started flagging Windows files as malicious."
If the files in question are from Win 10, then it's pretty much a case of Webroot just doing its job.
I've calculated my velocity with such exquisite precision that I have no idea where I am.
In the era of Microsoft's own AV, there is no need for a third-party AV installed on Windows.
Nope, quite the contrary : There IS need for third-parties too.
The more diverse the antivirus landscape is, the more AV virus-writer needs to test their creations against.
Avoid monoculture !
It's harder when a Virus needs to go unnoticed by all of Microsoft AV, Kaspersky AV, Avira, F-Prot, Clam, etc. rather than only the first one on the list.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Which means the solution lies in whitelisting (aka signed exes with the signature given out to identified devs, much like Windows does) coupled with tight sandboxing and an ask-permissions-for-anything policy for the non-whitelisted stuff (Windows doesn't do that unfortunately) plus the usual warnings.
Windows *does* do that; it asks permission for anything you don't have rights to do. I don't use MacOS a lot, but it seemed to be very similar to how OSX did/does it.
Now, if you meant "ask permission to execute any .exe not on the whitelist", then yeah, I don't know of any OS that does *that*.
Karma: Poor (Mostly affected by lame karma-joke sigs)
tight sandboxing and an ask-permissions-for-anything policy for the non-whitelisted stuff
This is the correct answer only if you are a competent IT admin.
But Webroot doesn't sell to enterprises. Or if they do, no one I know has ever bought them. Webroot sells to home users who know jack.
Home users will never have a viable means of addressing malware unless the device, OS, and applications are all managed for them. Expert users despise walled gardens, but they are the only real hope for most of the population.
---
According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.