Botched Security Update Cripples Thousands of Computers 274
girlmad writes "Thousands of PCs have been crippled by a faulty update from security vendor Malwarebytes that marked legitimate system files as malware code. The update definition meant Malwarebytes' software treated essential Windows.dll and .exe files as malware, stopping them running and thus knocking IT systems and PCs offline, leaving lots of unhappy users and one firm with 80% of its servers offline."
Microsoft Security Essentials... (Score:5, Insightful)
...is all I use these days.
Of course since Windows is "out of favor" here, one does not necessarily mention that Microsoft's "Security Essentials" is easily as good as most commercial Windows anti-malware packages, and much more "light weight". And free. And yes, everyone knows that Microsoft purchased the original technology (so what?) ...
Re:Microsoft Security Essentials... (Score:4, Interesting)
Same here. But you should be aware that every time this topic comes up MSE is highly praised by Slashdotters.
Re:Microsoft Security Essentials... (Score:5, Informative)
MSE is highly praised by Slashdotters.
Only by those who don't pay attention to current reviews. Like many recent Microsoft products, MSE started off well, but has been in steady decline since its release.
Re:Microsoft Security Essentials... (Score:5, Insightful)
Only by those who don't pay attention to current reviews. Like many recent Microsoft products, MSE started off well, but has been in steady decline since its release.
Face it, they're all shite... the viruses change every single day and no anti-virus of them will protect you from the latest ones. Not one. Virus infection is 100% due to the warm squishy thing between the keyboard and chair, not the flavor of antivirus installed on the machine.
OTOH, MSE doesn't constantly annoy, slow your PC to a crawl or constantly ask for credit card details just to keep on running.
Re:Microsoft Security Essentials... (Score:5, Insightful)
But if it doesn't slow the computer down to an unusable crawl, how will anyone ever feel safe?!
Re:Microsoft Security Essentials... (Score:5, Funny)
Don't forget the constant popup windows to tell you how well it's doing.
They're very comforting.
Re: (Score:3)
MSE started off well, but has been in steady decline since its release.
Of course it has. The last thing any virus or malware author does before releasing their program is check to make sure that the most popular anti-virus and anti-malware products of the day don't detect it. MSE was excellent when nobody used it. Now that it's a de facto standard, it's probably the first thing they check against. It's a basic selection pressure.
Re:Microsoft Security Essentials... (Score:4, Informative)
Of course you can not produce unbiased reviews that actually say this...
Actually, the leading security software reviewer site, AV-Test, gave MSE a bad review in the last round, they did not pass "AV-Test certification".
Re:Microsoft Security Essentials... (Score:5, Informative)
Re: (Score:2, Informative)
AV-Test is bullshit shill-paid, like almost every site out there.
MSE here, have run it since XP. Not one damned problem.
scoring 71% percent vs. the industry average 92% (Score:5, Interesting)
Microsoft's popular Security Essentials anti-virus software has failed to gain the latest certificate from the AV-TEST institute. http://www.theverge.com/2013/1/17/3885962/microsoft-security-essentials-fails-anti-virus-certification-test [theverge.com] "In antimalware testing against a range of products, AV-TEST failed to certify AhnLab V3 Internet Security 8.0, Microsoft Security Essentials 4.1, and PC Tools Internet Security 2012 out of a total of 25 different vendors. Microsoft's own anti-virus software failed to adequately protect against 0-day malware attacks, scoring an average of 71 percent vs. the industry average of 92 percent."
Nobody cares whether its original they care if it works.
Re: (Score:2)
Re:scoring 71% percent vs. the industry average 92 (Score:5, Interesting)
"AV-TEST institute" is well known to require financial investment for a top rating, their recommendations - such that they are - are highly suspect.
Re: (Score:2, Insightful)
If their results can be bought, Microsoft would have bought them.
Re: (Score:3)
Why? They are not selling anything. MSE comes built in to Windows 8 and is a free download for their older systems. It exists to reduce their support costs and make Windows itself more secure, more or less transparently to the user. It doesn't try to scare you with dire warnings about tracking cookies and there is no up-selling or paid version.
MSE isn't competing with anti-virus software so there is no reason to try to game these kinds of tests.
Re: (Score:3)
Companies do. MSE is for the home user, while the corporate/enterprise version of it is ForeFront.
It's all the same engine however, between the Malicious Software Removal Tool, MSE, what was OneCare, and ForeFront.
All I know is I had less issues - there was a point in time when our group had a bunch of people suddenly reporting issues with delayed write failures. one of the things attempted was switching out from Symantec to For
Re:scoring 71% percent vs. the industry average 92 (Score:4, Informative)
The problem is the solutions that may do a bit better catching the 0-day malware are also the ones that are so heavyweight they noticeably affect the performance of your system. There is a tradeoff at some point between resource usage and coverage. One thing MSE definitely has going for it is it doesn't badly degrade performance like McAfee, Norton, recent AVG, etc do.
Really, so explain this: (Score:3)
http://www.passmark.com/ftp/antivirus_win8-performance-testing-ed1.pdf [passmark.com]
Re:Really, so explain this: (Score:5, Informative)
From the "article"
Disclosure
Symantec Corporation funded the production of this report, selected the test metrics and list of products to
include in this report, and supplied some of the test scripts used for the tests.
Hmm...
Re: (Score:2)
Considering that I've seen MSE max out the processor for minutes at a time on several different machines, I'm not sure I'd dismiss this report simply because it's from Symantec.
Re: (Score:3)
OTOH it seems every one of those "passing" AV solutions at one time or other have marked a critical Windows file as a virus and made the system unbootable. Now, whether or not you can recover from that or reinstall from scratch is a good question.
MSE fails because it's less strict, probably because you don't want it to quarantine some valuable Windows file that makes it unbootable.
Sure Microsoft could crank up the heuristics and mark more malware, but you risk accidentally tagging a legit file - and the inc
Re: (Score:2)
Nobody cares whether its original they care if it works.
But only if it doesn't hose your system in the process. MSE might not be the most water tight security app out there, but is hits a pretty nice sweet spot for 'good enough" security as well as "low enough" impact on performance. It's also free which makes it pretty hard to beat for a client based malware solution.
Re:scoring 71% percent vs. the industry average 92 (Score:5, Insightful)
Basically "stop doing stupid things with your computer".
Why a firm needed Malware Bytes on it's servers in the first place is the real question here.
Re: (Score:2, Redundant)
Basically "stop doing stupid things with your computer".
Why a firm needed Malware Bytes on it's servers in the first place is the real question here.
I was wondering this exact same thing. IT Manager Fail.
Re: (Score:2)
The services that servers provide are sometimes vulnerable to infection. Say someone found a way to create a new SQL based worm, for example. If it is a file server you might also want it to scan said files periodically. Anti-virus for servers is a good idea, although perhaps you were questioning the user of Malware Bytes in particular in which case I might agree it seems like a somewhat odd choice.
Re: (Score:2)
Why a firm runs WIndows on its servers is the real question here.
Re: (Score:2)
I don't use MSE to protect my PC from 0 day exploits. I don't consider my online behavior to be that risky, and so far that assumption has held true. MSE is there mainly for the random drive-by attacks that can still happen. Better 0 day detection also results in more false positives, and this is definitely something I don't want when I'm not even engaging in risky behavior to begin with.
Having worked as a shop tech for years my rule of thumb has been that if it's a single user PC and they are a responsible
Re:Microsoft Security Essentials... (Score:4, Insightful)
All I use and recommend now as well. Previously good AV suites have become pointlessly (for the consumer) bloated and I'm having a higher occurence of machines being bought in with faults explicitly attributable to the AV suites.
I'm no fan of Microsoft, but I have to say that MSE does tend to do an acceptable job given that inevitably all AV suites let stuff slip past.
Re: (Score:2, Insightful)
All I use and recommend now as well. Previously good AV suites have become pointlessly (for the consumer) bloated and I'm having a higher occurence of machines being bought in with faults explicitly attributable to the AV suites.
Which is why, over a year ago, I tried out MSE, found that (at least, back then) it was as good as the usual freebie AV offerings, and installed it on a number of customer PCs and laptops.
I'm no fan of Microsoft,
I got a serious amount of stick for going the MSE route, I've cordially detested Microsoft and it's unholy offerings since DOS 3.2
but I have to say that MSE does tend to do an acceptable job given that inevitably all AV suites let stuff slip past.
And this is the thing, '..inevitably all AV suites let stuff slip past
I've had infected machines back to me for disinfection which had been running fully up to date AV suites (both free and comm
Re:Microsoft Security Essentials... (Score:4, Interesting)
...is all I use these days.
Of course since Windows is "out of favor" here, one does not necessarily mention that Microsoft's "Security Essentials" is easily as good as most commercial Windows anti-malware packages, and much more "light weight". And free. And yes, everyone knows that Microsoft purchased the original technology (so what?) ...
MSE is good for what it is and what it does, I first tried it after reading unanimous praise of it here on Slashdot. It's the only AV I've ever seen that does not conspicuously cause the system to become slow, unstable and/or quirky.
I am feeling smug about this and is not about Microsoft or Windows itself, I just simply could not understand how a professional sysadmin could ever be in a position where they must run anti-virus on a server, which seems to be common practice amongst Windows admins.
Antivirus is for checking that executables and libraries are free of malicious code. I just cannot possibly fathom why an executable or library could be running on a server if nobody had checked it beforehand. A good admin should scan and monitor tools that come from untrusted sources before putting it on a live server. A great admin should scan and monitor tools, even if they're from trusted sources before putting it on a live server. This is basic stuff and is why almost all servers are infected through network bugs, which can be easily prevented by keeping services up to date and non-essential services shut down or at least firewalled off.
Why then do you need an Anti-Virus? It won't protect your services from buffer overflows or other infection vectors, it won't protect you from new rootkits unless it has wicked-sick heuristic analysis and you get lucky. So what does it guard against? Maybe someone using a zero-day attack vector and installing an old rootkit?
So for a sense of security against unknown threats, you give an autonomous, externally controlled process, that is by design almost impossible to analyse, unfettered administrator access to your entire system. Now this happens, I feel smug.
Re: (Score:3)
ntivirus is for checking that executables and libraries are free of malicious code. I just cannot possibly fathom why an executable or library could be running on a server if nobody had checked it beforehand.
.
You are making assumptions about things you don't and can't know. Is the a vulnerability in you web application that lets someone put a file? Could they then get some server side processing to happen on that file with another crafted URL?
As much as we try to prevent them these things happen. Unless you as an admin are also auditing the source code to every server process you run; its entirely possible your box will be pwnd due to the mistakes of others.
To say nothing of your own mistakes. AV on servers
Microsoft Security Essentials for Linux... (Score:2, Funny)
Virus scanning on a mail server (Score:3)
Re: (Score:2)
Re: (Score:2)
Right, and it's what I use and recommend.
Which begs the question: why do I have to install it? Why doesn't it ship with?
I mean, sure, someone is in bed with the various AV vendors. But when you ship an OS that is for use by joe-users, you really ought to keep it clean.
Whatever. I find it frustrating.
Re: (Score:2, Informative)
Right, and it's what I use and recommend.
Which begs the question: why do I have to install it? Why doesn't it ship with?
Anti-trust laws.
PS: It doesn't beg anything, it raises a question.
Re:Microsoft Security Essentials... (Score:4, Interesting)
Have mod points, but what the hell: Win8 ships with MSE (well, with a version of Windows Defender that coincidentally has an antivirus capability that strongly resembles MSE) built in. You can of course disable it, but it's protected out of the box.
That said, I think some of the old anti-trust restrictions on MS expired recently; this may be why they went ahead and bundled it with Win8 but didn't do the same for Win7.
Re: (Score:2)
...is all I use these days.
Of course since Windows is "out of favor" here, one does not necessarily mention that Microsoft's "Security Essentials" is easily as good as most commercial Windows anti-malware packages, and much more "light weight". And free.
Never used Microsoft's "Security Essentials" only because of back door issues. While I know of none, :)
I just don't trust MS and some programs I run MS would strongly object to (like linux
For the record I use ESET aka NOD32.
NOD32 is set to alert me to a problem so I can decide what to do about it not the program. Default
is to not only quarantine it, but encrypt it as well. At least NOD32 lets me have the option to change that,
many programs don't feel the user has the ability to know a good file from a bad
See what you did, Frosty? (Score:2)
One, two, three, four.
I declare a shill war.
Re: (Score:2)
Everyone keeps saying that MSE is lightweight and doesn't bog down your computer, but it seems that more and more often recently, I've seen it max the CPU for a minute or more, for no apparent reason. This is on many different machines with many different configurations, so it's not a single data point,either.
Re: (Score:2)
Never mind MSE - which is only on a subset of Windows computers.
Microsoft have recommended uninstalling a core Windows 7 patch in the last week or so: http://support.microsoft.com/kb/2839011 [microsoft.com]
Face it, anything that involves changing how a computer operates - regardless of whether the process for making those changes is automated or manual - introduces risk. You just have to decide how big the risk is, weighed against the alternative.
Re:Microsoft Security Essentials... (Score:5, Insightful)
Re: (Score:2, Informative)
NO, it hasn't been getting bad reviews, it has had some negative press based on some dodgy tests that try to use essentials for something it isn't really meant for. They throw zero day malware to test its heuristics, which are not wonderful. however in known malware (the stuff 99.9% of people need protection against) it is exceptionally good.
This is considered the leading AV review site in the world, not achieving their "certification" (the icon in the third column) in test is certainly a bad review, most well known security software manage to exceed that threshold. MSE didn't in the last two tests.
http://www.av-test.org/en/tests/test-reports/ [av-test.org]
Re: (Score:3)
At least MSE doesn't go wiping system-essential files.
Like almost every other AV product has done once or twice in its life.
Re: (Score:2)
At least MSE doesn't go wiping system-essential files. Like almost every other AV product has done once or twice in its life.
MSE doesn't go wiping files for software made by its own company - which almost no other other AV company has ever done, either.
FTFY.
Re: (Score:2, Interesting)
Re:Microsoft Security Essentials... (Score:5, Funny)
This is considered the leading AV review site in the world
I have a very, very nice bridge for sale, and just for you, I have a very, very good price. You should jump on this, it's a once-in-a-lifetime chance.
Re: (Score:3)
Isn't av-test almost exclusively sponsored by the antivirus vendors? Their "test results" are nothing more than fact less marketing.
Re: (Score:3)
And who declared them the "leading AV review site in the world"?
Re:Microsoft Security Essentials... (Score:5, Informative)
Meh, who wants to keep checking the anti-virus reviews all the time and constantly switching, tossing money out here and there? These programs have the ability to cause enough problems on their own, and their effectiveness at "catching" things changes with the weather. You're better off just picking one and sticking with it, avoiding all the extra headaches. In the end, they're all pretty questionable (I wouldn't trust any of them over good old common sense), so you might as well get the one developed by the same people who make the OS to prevent any stupid little problems like what TFA is about. It just happens to be a nice bonus that Microsoft's product is free (well, beyond the Windows license fee at least...). IMO most of the "anti-virus industry" is just a bunch of whiny crooks themselves, and neither they or their software can really be trusted much more than the malware they claim to be fighting.
Does anyone track the hsitory of bad updates? (Score:2)
While there are lots of reports of bad updates from the various AV vendors in news articles, does anyone consistently track the history of these bad updates by vendor, date, and ideally impact?
Re:Microsoft Security Essentials... (Score:5, Insightful)
Experience has shown that it makes NO difference what anti-virus I install on people's machines.
Re: (Score:2)
Re: (Score:2)
free as in "included in the ridiculously high price for their crappy os"?
Free, as in "people don't have to spend extra money to get it".
Re: (Score:3)
Meanwhile, at Malware Bytes HQ (Score:5, Funny)
"I don't understand... it worked fine in the lab."
Re:Meanwhile, at Malware Bytes HQ (Score:5, Interesting)
And to think, just the other day I was being berated for delaying updates on system critical boxes...
Re:Meanwhile, at Malware Bytes HQ (Score:5, Funny)
And to think, just the other day I was being berated for delaying updates on system critical boxes...
Time for a salary increase request :-)
That's ironic... (Score:2)
Just was in the process of downloading a beta client for their new online backup system to fiddle around with on a virtual machine (it is similar to Mozy/Carbonite.)
Never run third party programs (Score:2)
Always use Genuine Microsoft Products
Genuine Microsoft Products (Score:2)
Except those are the most common form of malware https://en.wikipedia.org/wiki/MS_Antivirus_(malware) [wikipedia.org] I'm going to skip over active X and Macro Virus or even .asf. In contect of this article Security Essentials anti-virus software has failed to gain the latest certificate from the AV-TEST institute. http://www.theverge.com/2013/1/17/3885962/microsoft-security-essentials-fails-anti-virus-certification-test [theverge.com]
Re: (Score:2)
You would be just as well off never running Genuine Microsoft Products. Don't run their OS, and you automatically can't run all the harmful crap written for it. Wine might allow some of it to run, but it probably won't get very far even if it does do anything.
Doh! (Score:4, Insightful)
The cure is worse than the disease (Score:5, Interesting)
How many viruses your antivirus caught recently? How many CPU cycles the same antivirus burned through as you were opening files on your computer?
Maybe I'm doing something wrong, but I haven't seen a virus in a decade. The majority of successful attacks are based on social engineering and on 0-day exploits of vulnerable code. An antivirus is not such a great help here. But antivirus companies are sitting pretty because the audience is conditioned that any PC must have an antivirus.
Re:The cure is worse than the disease (Score:4, Insightful)
I've yet to see an AV that actually can deal with browser add-on attacks.
The only thing that might help is Malwarebytes because it blocks by IP address.
If you want protection, use an ad blocker. Ad servers seem to be one of the chief causes, if not the top infection vector these days.
Re: (Score:3)
Mbam is one of the best on the field today.
The field is pretty crappy though.
To understand the situation you really have to go back to the 80s. Antivirus scanners were just starting. Some of us were pointing out the problems with it. Some of us even made non-scanner AV systems that worked. Give me a DOS6 system and I can give you a very effective automatic defense system (though it would naturally take some time, given how many of the details I have forgotten between then and now.) Windows versions 3 and la
Re: (Score:2)
I'm not sure why people are enamored with Malwarebytes. I honestly have not seen it fix or prevent anything, and I've tried it a number of times because of the praise it receives. I've fixed a lot of machines that had it installed, and have never seen it do anything useful.
1 in 20 (Score:4, Insightful)
Maybe I'm doing something wrong, but I haven't seen a virus in a decade.
Re: (Score:2)
So, basically an antivirus program is just like the TSA, catches nothing and slows down the process..
Re: (Score:3)
Re: (Score:3)
I was right with you until:
Then I clean the system.
... Malware authors typically snag a new piece of malware then modify it, malware typically installs other malware also potentially mutated. You can't clean the system. You just gave them back a machine you weren't sure was actually clean. What's to say you just didn't find one of the many quieter variants?
Just to be perfectly clear: You CAN NOT Clean malwale. You can restore to a known good state with a VM. Otherwise: Unless you were watching that thing instruction by inst
Re: (Score:2)
How many viruses your antivirus caught recently? How many CPU cycles the same antivirus burned through as you were opening files on your computer?
Maybe I'm doing something wrong, but I haven't seen a virus in a decade. The majority of successful attacks are based on social engineering and on 0-day exploits of vulnerable code. An antivirus is not such a great help here. But antivirus companies are sitting pretty because the audience is conditioned that any PC must have an antivirus.
Either you're not exploring the web, or unaware of any infections (or you practice safe cyber-sailing).
While an anti-virus solution won't help with 0-day exploits, it may eventually (or should) indicate some sort of problem. You might not catch it on day 1, but if you've missed all the other signs of an infection (or aren't watching for them), then an AV install that won't update is an EXCELLENT way to detect a problem.
Re: (Score:2)
Either you're not exploring the web, or unaware of any infections (or you practice safe cyber-sailing).
I must admit that IRL I also do not explore sewers, and don't go after midnight into a bad part of town, and I don't instigate bar brawls, and I don't bother sleeping dogs. You might classify me as "cautious."
As far as being aware of possible infections... I have MS AV running; it is a low maintenance thing, so I let it be. It's not great, but what is? A skilled, targeted intrusion, such as a stealth
Re: (Score:2)
As you apparently don't run any anti-virus or other anti-malware software, I'm not very surprised you don't see any of the possibly dozens of viruses that have infected your computer.
Production (Score:2)
Why on earth would someone update software like this on production systems, instead of testing it in a lab environment first?
Anyone that knocked 80% of our servers offline by applying this patch would be packaged out the next day.
Re:Production (Score:5, Informative)
AV software (or rather its definition files) has to be updated very fast if it is to have any value at all. You cannot qualify it for production, that takes too long. This is one reason the whole concept is fundamentally flawed, because it is still too slow.
Re: (Score:2)
AV software (or rather its definition files) has to be updated very fast if it is to have any value at all. You cannot qualify it for production, that takes too long. This is one reason the whole concept is fundamentally flawed, because it is still too slow.
... Unless you're running an unpatched/exposed version of something, but aren't exposed on day 1 (or 0, as it were).
Re: (Score:2)
Exactly, signature antivirus only protects those who use it properly (most dont) AND luck out by not being among the first exposed to the new mutation of the day. Heuristic scans usually wind up with way too many false positives to be useful. These are just vain attempts to patch over an insecure core.
Securing the core would make everyone from marketing and a good portion of engineering extraordinarily unhappy by ruling out cool junk they would love to see and sell. You cant even sell that notion in linux l
Re: (Score:2)
It's wrong because it assumes everything is good unless it's on the AV naughty list, hence the panic to distribute new naughty lists so quickly.
The whole anti-virus and anti-malware thing is a product of an OS that is incorrectly designed.
Re: (Score:2)
Admittedly I kind of doubt this is the case here, but there are actually at least two legitimate reasons I can think of to have antivirus on a server:
1) File servers for shared files (ything that users can upload). Scan everything as it comes in. Identify LAN worms before they spread throughout any other less-secured boxes. Kept up to date and hardened by IT staff, this is a good place to add some really heavy-weight scaninng without it messing up employee workstation performance. Note that this applies to
Re: (Score:2)
Why on earth would someone update software like this on production systems, instead of testing it in a lab environment first?
Because they assumed Malwarebytes had done that already.
Re:Production (Score:4, Insightful)
Re: (Score:3)
One major reason why AV is a dead-end (Score:2)
There is no way to prevent these things from happening. It is just not possible to test them on all the individual versions of a platform. On the protection side, AV only works against older threats, it is basically useless against new ones. There is no replacement for careful users and good software engineering.
Re:One major reason why AV is a dead-end (Score:4, Insightful)
Sure there is. Kaspersky Anti-Virus Security Center has a Update Verification [kaspersky.com] module built in, that allows a sysadmin to install the update to a known-clean test group and then run a virus scan BEFORE the update is applied to the rest of the machines. If the scan fails(ie, finds anything), the update is aborted and an email is sent to the admin. If Malwarebytes had that kind of thing(or if it did and the sysadmins actually used it), this wouldn't even be an issue.
Servers??? (Score:3, Interesting)
What the hell are you doing running malwarebytes on your servers? Why would you need that software on a server, most of the malware it finds is installed from desktop use.
Re: (Score:3)
malwarebytes finally gets it right (Score:5, Funny)
It identified the malware, disabled it, and everyone gets upset...
no pleasing some people
Is this a case of... ? (Score:2)
Rhetorical questions: based on the large-surface high-impact outcome, wouldn't this qualify as a blatant case of cyber-terrorism or cyber-war? Now, where's that nuclear strike from NATO [slashdot.org]?
(my point: before trying to stop vulnerability exploitation by moronic laws [slashdot.org] or DCMA-export treaties [tppinfo.org], wouldn't it pay better to clean your own yard? You know? It may be beneficial no matter who if the "aggressor" is a script-kiddie or North Korea [bbc.co.uk].
But... who am I kidding? Doing this require some competence and thus would be t
Re: (Score:2)
'Rhetorical' aside,
So, what's wrong [wikipedia.org] with it?
isn't the definition of terrorism to spread, you know, TERROR for terrorist's gain?
You mean the lost of 80% of one's servers should cause an unfettered burst of joy for the one?
The problem, when your security... (Score:2)
False positives.
A few points... (Score:5, Interesting)
1.) I've been using MS Security Essentials for YEARS without issue and have it running on many machines also without issue, not it does not catch EVERYTHING; but nothing does. It does a pretty damn good job for something ad-free, shitware-bundle free. Other than the occasional annoying "OMG YOU HAVEN'T SCANNED ANYTHING!@#!@ orange flagged monopoly house ! warning, is pretty unobtrusive.
2.) All Windows versions prior to 8 could also use Windows Defender in addition, if you want to, but they've been rolled together under the Windows Defender name and are included by default in Windows 8.
3.) Microsoft also has a Malwarebytes-like scanner called Safety Scanner although it auto-expires after 10 days and has to be reinstalled for subsequent use; no idea why.
4.) 0-day exploits by definition would be more or less impossible to defend against, wtf is the problem? I'm no MS fanboy, but the hate here is unwarranted, they're basically risking massive lawsuits against them again for anti-trust by even doing this and frankly it's about fucking time they should have had all of these tools available from its inception.
5.) Malwarebytes has gone from a must-have awesome malware scanner to total shit adware in the typical bait-and-switch style business model of the day which goes something like a.) build something awesome b.) give it away for free c.) change to paid model with your own bundled malware and bullshit once it gets popular d.) crash and burn e.) laugh all the way to the bank.
Where I work uses Sophos, I would say it's far worse (and used more as an attempt at draconian control than really A/V, and does next to nothing for malware, updates fail constantly, etc), and I've actively advised people to not use Macfee and Norton for a very long time because of all their dumb bullshit problems. Clamwin is still pretty terrible and ridiculously slow, after all these years. I think the only one I've never used at all is Kapspersky, or whatever.
$.02
Re: (Score:2)
Actually it is possible to defend against most zero day exploits. Good design prevents most of them happening in the first place and security in layers reduces the risk if they do exist. Firewalling windows machines as much as possible is essential if you need to use these things. And use a real firewall not the windows software nonsense.
I use Kaspersky on some systems and it works well. Give that one a try. I think they do free trials.
Malwarebytes (Score:4, Insightful)
The clue is in the name.
I don't know (Score:2)
If only they learned from it. (Score:2)
Not the first time (Score:2)
Re: (Score:2)
What I don't get is why companies in this day and age have 80% of their servers running windows when there are cheaper, better performing, safer, and stabler alternatives available. Either these companies have money to burn and are addicted to risk or they are ignorant of the alternatives.
I get that some companies need active directory and exchange but all the 'real' business apps run on some kind of Unix.
Re: (Score:2)
I get that some companies need active directory and exchange but all the 'real' business apps run on some kind of Unix.
They don't, unfortunately.
Oh, sure, the "real" business apps aimed at huge businesses - the banks and insurance companies of this world - they might run on Unix (or even OS/400, or whatever IBM are calling it these days). But there aren't very many of those companies - even walking down your high street, you'd be astonished how many well-known huge corporations with a presence in every town are mostly franchises.
And a franchised operation is not, in technology terms, a huge business. It's lots of small, nom
Re: (Score:2)
I think it was intentionally done by either a hacker or a disgruntled employee.
Who up until now was relatively gruntled.