Forgot your password?
typodupeerror
Bug Technology

Botched Security Update Cripples Thousands of Computers 274

Posted by samzenpus
from the houston-we-have-a-problem dept.
girlmad writes "Thousands of PCs have been crippled by a faulty update from security vendor Malwarebytes that marked legitimate system files as malware code. The update definition meant Malwarebytes' software treated essential Windows.dll and .exe files as malware, stopping them running and thus knocking IT systems and PCs offline, leaving lots of unhappy users and one firm with 80% of its servers offline."
This discussion has been archived. No new comments can be posted.

Botched Security Update Cripples Thousands of Computers

Comments Filter:
  • by Aranykai (1053846) <(moc.liamg) (ta) (resnogls)> on Wednesday April 17, 2013 @11:31PM (#43479749)

    And to think, just the other day I was being berated for delaying updates on system critical boxes...

  • by tftp (111690) on Wednesday April 17, 2013 @11:32PM (#43479755) Homepage

    How many viruses your antivirus caught recently? How many CPU cycles the same antivirus burned through as you were opening files on your computer?

    Maybe I'm doing something wrong, but I haven't seen a virus in a decade. The majority of successful attacks are based on social engineering and on 0-day exploits of vulnerable code. An antivirus is not such a great help here. But antivirus companies are sitting pretty because the audience is conditioned that any PC must have an antivirus.

  • by H0p313ss (811249) on Wednesday April 17, 2013 @11:37PM (#43479779)

    Same here. But you should be aware that every time this topic comes up MSE is highly praised by Slashdotters.

  • Servers??? (Score:3, Interesting)

    by Holi (250190) on Wednesday April 17, 2013 @11:50PM (#43479821)

    What the hell are you doing running malwarebytes on your servers? Why would you need that software on a server, most of the malware it finds is installed from desktop use.

  • by tuppe666 (904118) on Wednesday April 17, 2013 @11:52PM (#43479827)

    Microsoft's popular Security Essentials anti-virus software has failed to gain the latest certificate from the AV-TEST institute. http://www.theverge.com/2013/1/17/3885962/microsoft-security-essentials-fails-anti-virus-certification-test [theverge.com] "In antimalware testing against a range of products, AV-TEST failed to certify AhnLab V3 Internet Security 8.0, Microsoft Security Essentials 4.1, and PC Tools Internet Security 2012 out of a total of 25 different vendors. Microsoft's own anti-virus software failed to adequately protect against 0-day malware attacks, scoring an average of 71 percent vs. the industry average of 92 percent."

    Nobody cares whether its original they care if it works.

  • by Frosty Piss (770223) * on Thursday April 18, 2013 @12:03AM (#43479873)

    "AV-TEST institute" is well known to require financial investment for a top rating, their recommendations - such that they are - are highly suspect.

  • by donscarletti (569232) on Thursday April 18, 2013 @01:04AM (#43480053)

    ...is all I use these days.

    Of course since Windows is "out of favor" here, one does not necessarily mention that Microsoft's "Security Essentials" is easily as good as most commercial Windows anti-malware packages, and much more "light weight". And free. And yes, everyone knows that Microsoft purchased the original technology (so what?) ...

    MSE is good for what it is and what it does, I first tried it after reading unanimous praise of it here on Slashdot. It's the only AV I've ever seen that does not conspicuously cause the system to become slow, unstable and/or quirky.

    I am feeling smug about this and is not about Microsoft or Windows itself, I just simply could not understand how a professional sysadmin could ever be in a position where they must run anti-virus on a server, which seems to be common practice amongst Windows admins.

    Antivirus is for checking that executables and libraries are free of malicious code. I just cannot possibly fathom why an executable or library could be running on a server if nobody had checked it beforehand. A good admin should scan and monitor tools that come from untrusted sources before putting it on a live server. A great admin should scan and monitor tools, even if they're from trusted sources before putting it on a live server. This is basic stuff and is why almost all servers are infected through network bugs, which can be easily prevented by keeping services up to date and non-essential services shut down or at least firewalled off.

    Why then do you need an Anti-Virus? It won't protect your services from buffer overflows or other infection vectors, it won't protect you from new rootkits unless it has wicked-sick heuristic analysis and you get lucky. So what does it guard against? Maybe someone using a zero-day attack vector and installing an old rootkit?

    So for a sense of security against unknown threats, you give an autonomous, externally controlled process, that is by design almost impossible to analyse, unfettered administrator access to your entire system. Now this happens, I feel smug.

  • A few points... (Score:5, Interesting)

    by waspleg (316038) on Thursday April 18, 2013 @03:33AM (#43480555) Journal

    1.) I've been using MS Security Essentials for YEARS without issue and have it running on many machines also without issue, not it does not catch EVERYTHING; but nothing does. It does a pretty damn good job for something ad-free, shitware-bundle free. Other than the occasional annoying "OMG YOU HAVEN'T SCANNED ANYTHING!@#!@ orange flagged monopoly house ! warning, is pretty unobtrusive.

    2.) All Windows versions prior to 8 could also use Windows Defender in addition, if you want to, but they've been rolled together under the Windows Defender name and are included by default in Windows 8.

    3.) Microsoft also has a Malwarebytes-like scanner called Safety Scanner although it auto-expires after 10 days and has to be reinstalled for subsequent use; no idea why.

    4.) 0-day exploits by definition would be more or less impossible to defend against, wtf is the problem? I'm no MS fanboy, but the hate here is unwarranted, they're basically risking massive lawsuits against them again for anti-trust by even doing this and frankly it's about fucking time they should have had all of these tools available from its inception.

    5.) Malwarebytes has gone from a must-have awesome malware scanner to total shit adware in the typical bait-and-switch style business model of the day which goes something like a.) build something awesome b.) give it away for free c.) change to paid model with your own bundled malware and bullshit once it gets popular d.) crash and burn e.) laugh all the way to the bank.

    Where I work uses Sophos, I would say it's far worse (and used more as an attempt at draconian control than really A/V, and does next to nothing for malware, updates fail constantly, etc), and I've actively advised people to not use Macfee and Norton for a very long time because of all their dumb bullshit problems. Clamwin is still pretty terrible and ridiculously slow, after all these years. I think the only one I've never used at all is Kapspersky, or whatever.

    $.02
     

  • Have mod points, but what the hell: Win8 ships with MSE (well, with a version of Windows Defender that coincidentally has an antivirus capability that strongly resembles MSE) built in. You can of course disable it, but it's protected out of the box.

    That said, I think some of the old anti-trust restrictions on MS expired recently; this may be why they went ahead and bundled it with Win8 but didn't do the same for Win7.

  • by Anonymous Coward on Thursday April 18, 2013 @06:39AM (#43481187)
    Sophos quarantined or deleted its own files just last year. http://www.theregister.co.uk/2012/09/20/sophos_auto_immune_update_chaos/ [theregister.co.uk]

Recent research has tended to show that the Abominable No-Man is being replaced by the Prohibitive Procrastinator. -- C.N. Parkinson

Working...