Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security Software

Panda Antivirus Flags Itself As Malware 99

An anonymous reader writes An update to a number of Panda antivirus programs Wednesday mistakenly flagged core files as malware, putting them in quarantine. In doing so, the antivirus system ceased working. Panda's free antivirus, retail 2015 service, and its enterprise cloud-based antimalware service are all affected. The company took to Twitter to warn users: "Please, don't reboot PCs. We'll keep you posted." In an advisory, Panda said the erroneous signature file was "repaired immediately," but warned under certain conditions it is possible for the "incident to persist."
This discussion has been archived. No new comments can be posted.

Panda Antivirus Flags Itself As Malware

Comments Filter:
  • by Eunuchswear ( 210685 ) on Friday March 13, 2015 @10:41AM (#49250223) Journal

    Yow! I'm malware.

    Well spotted, panda.

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      You might be kidding, but numerous anti-virus companies today are hijacking your search feeds and home pages, while also blocking any other software that might try to do the same - thus protecting their own hijackings.

    • Agree.

      I installed it after reading it was good.

      HOLY CRAP WAS THAT A MISTAKE.

      100% CPU usage and it appears their support forums don't contain much support even though this issue has been going for a while and a bunch of other issues.

      It made me want to shoot a panda in the face...

      Then they had the audacity to send me survey spam asking me about my experience...booooyyyyy was that fun.
    • Once McAfee detected critical Windows XP system files as a virus and quaranteed them. http://arstechnica.com/busines... [arstechnica.com]

      It affected Intel, and many other companies, basically cancelling work for the day.

      Intel was so impressed with it they bought McAfee later that year.

  • So (Score:5, Funny)

    by Anonymous Coward on Friday March 13, 2015 @10:46AM (#49250259)
    I heard you like antivirus so I put a virus in your antivirus so you can antivirus while you virus
  • Heheheh.

  • by mykepredko ( 40154 ) on Friday March 13, 2015 @10:47AM (#49250269) Homepage

    Pretty ironic and makes for great headlines, but this *has* to be a major embarrassment.

    Shouldn't Panda's product test organization be fired as a matter of course?

    I can't see how this kind of bug got through release testing - shouldn't release testing ensure that the product runs after update?

    myke

    • by gl4ss ( 559668 ) on Friday March 13, 2015 @10:52AM (#49250297) Homepage Journal

      well they ran the tests and the testers reported 200% speed boost on disk access and internet browsing after installing the definition patch.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      Sophos did the same thing to their AV product a few years back. Released an update that made the local agent flag itself as a problem, move it to quarantine which thing totally tanked the agent. They released a fixed updated and a script admins could run to clean up the mess.

    • Pretty ironic and makes for great headlines, but this *has* to be a major embarrassment.

      Shouldn't Panda's product test organization be fired as a matter of course?

      I can't see how this kind of bug got through release testing - shouldn't release testing ensure that the product runs after update?

      myke

      You're assuming they test anything.
      Hint: Most companies don't test their incremental updates beyond "Does it compile?" and "Does it launch?".

    • by aaronb1138 ( 2035478 ) on Friday March 13, 2015 @11:05AM (#49250399)
      Testing is for chumps who believe in waterfall development and all that jazz. The modern edict of Agile, the end users will quickly pass any issues up through the proper channels and developers will prioritize and fix as them deem appropriate. The customer isn't the programmer's boss.
      • My first job was iterative waterfall, the 10 or so since then have all been agile. My first job was the only one where development went that smoothly: dependencies were accounted for, schedules could be re-arranged to account for vacations, you know how long you'd have to wait for a certain feature, etc. It was GREAT compared to agile.
    • by Anonymous Coward

      > Shouldn't Panda's product test organization be fired ...?

      You mean get rid of their customers and start over?

    • Maybe fire them. But I often wonder if you are better off keeping the folks that fuck up like this (once) -- thinking that they will learn from their mistake and will be very unlikely to let that happen again. Perhaps the new hire will be less error-prone but who knows.
      • by plover ( 150551 ) on Friday March 13, 2015 @02:51PM (#49252227) Homepage Journal

        Long time ago I had a co-worker who made a mistake where he lost a lot of un-recoverable data. He went in to our boss to offer his resignation. My boss said "Hell no! I just paid $100,000 for you to learn that lesson, so now I need you to make sure that kind of thing can't happen again."

        • Long time ago I had a co-worker who made a mistake where he lost a lot of un-recoverable data. He went in to our boss to offer his resignation. My boss said "Hell no! I just paid $100,000 for you to learn that lesson, so now I need you to make sure that kind of thing can't happen again."

          Some years ago, I got a consulting gig where the previous consultant had tried to add a RAID array to the company's main file server, but re-formatted the existing array instead of the new one!

    • Sabotage by a disgruntled employee maybe?
  • I heard a rumor (or possibly just started one :D) that one of Panda's competitors tagged Panda as a malware. So apparently Panda just took their word that Panda was malware.
  • by Anonymous Coward

    Any anti-virus should quarantine its virus signature database, by definition.

  • by Lose ( 1901896 ) on Friday March 13, 2015 @11:13AM (#49250477)
    Oh aye, they did a good job of trying to sweep this one under the rug. If you rebooted any computer afflicted with this before the fix was deployed, you had a solid chance of rendering your system unbootable. With Panda broken, Windows often will not start. And even if it does start, Panda would swallow up several core system files, leaving you with a rather unusable system. We had several customers with dozens of workstations running Panda, and the first thing they thought to do was of course a reboot.

    In some cases, Panda even requested a reboot to complete its hari kari.

    Systems that were not rebooted were unusable while Panda held everything up.

    Of course, Panda later released a tool to fix that if you rebooted your system. But it only really works if you can boot into, at a minimum, safe mode. But I still find it very hard to believe that if they were testing these updates that this would have happened. I have a feeling a chain of technicians got complacent about this, and a string of managerial staff is probably going to get fired as a result. I know they're not the only company to screw up an update like this, but this really is quite nonsensical.
    • by Mitreya ( 579078 )

      In some cases, Panda even requested a reboot to complete its hari kari.

      Pedantically offtopic, but do you mean Hara-kiri?

  • Attack on a anti virus itself!
  • "Okay, who farted?"

  • by Snotnose ( 212196 ) on Friday March 13, 2015 @12:12PM (#49250943)
    If Java ever gets true garbage collection, 90% of the programs would delete themselves.
    • Re: (Score:2, Insightful)

      by Anonymous Coward

      If Java got "true" garbage collection, it would wrap itself up, garbage collect itself, and delete itself and all its garbage from the system.

  • by Iamthecheese ( 1264298 ) on Friday March 13, 2015 @12:15PM (#49250983)
    The way it crashed was to halt and quarantine every running process. This lead to endless individual program crashes and attempts to run programs throwing "perimeter incorrect", which looks just like what happens with ransomware. Another possible side effect (one that I experienced) is a "This copy of Windows is not valid" on reboot and failed Windows updates. Anyone not running Panda will laugh but this mistake resulted in a LOT of lost man-hours for a lot of people out there. Because I trust the company I, for one, lost four weeks of work due to not backing up properly and using an encryption program that kept Windows Repair from working properly. I'm still running Panda: I think they'll learn from the mistake. But one more fuckup and I won't. Also I'm no longer recommending the program.
  • by mark-t ( 151149 ) <markt AT nerdflat DOT com> on Friday March 13, 2015 @12:35PM (#49251159) Journal
    Last time I used panda for what was just supposed to be an online scan, it went and changed a lot of settings on all of my web browsers, causing no small headache to put back to where they were, even after the software had been removed from my computer. That was about 4 years ago. I haven't used Panda since.
    • by msobkow ( 48369 )

      No, I doubt they were running apt. That's for Debian-derived systems, not Windows boxen. :P

  • Yep, a customer of ours got hit with this, not only did Panda shit the bed, but it *let everything that was quarantined out* causing massive infections to spread across the entire network.... We're still cleaning it up 2 days later.

  • Is that anti-virus have way to much false positives and they don't care.
  • by Ronin Developer ( 67677 ) on Friday March 13, 2015 @01:07PM (#49251419)

    Is this the first Anti-Virus to become intelligent, self-aware that it is actually a virus and then, finally, grow depressed and commit suicide?

  • by DarkOx ( 621550 )

    You'd think AV companies would at least dump there signature to group of test machines running the past few releases of their product and on popular OS combinations and at least put them through a reboot. It should be easy and quick to script that out on any visualization platform.

    15 years ago, I would have given them a pass because doing really complete QA would have more than likely add significant lag time to pushing signatures making A/V more useless than it already is/was. Now days though it should b

  • Yet another word misappropriated by less-than-savvy journalists.

    Actually, the phrase "less-than-savvy journalists" is redundant. Apologies.
  • Well, TFA doesn't surprise me at all.

    I owned Panda decades ago and here's the steps I did when I decided to wipe it out from my system:

    1 - Format PC
    2 - Install MS-DOS 6.22
    3 - Install Windows 95
    4 - Install Panda (don't remember what number it was)
    5 - Create Panda Antivirus Floppy Disks
    6 - Reboot and run the floppy disks

    And here's when the antivirus detected a infected file inside Panda installation (obviously, nothing else in the system).

    That's when I lost faith in antivirus...

    • by dAzED1 ( 33635 )
      did you install your DOS6.22 from floppy, or were you an alien? If you installed from floppy, why is it that you think it couldn't have had a virus?
  • by meerling ( 1487879 ) on Friday March 13, 2015 @01:56PM (#49251833)
    Did somebody forget to test their new defs before posting? :P

    To those who think it's strange that an antivirus can be detected as a virus or other malware. They have definitions of the what they seek, and yes, those look like the same thing they look for, so yes, they can easily flag on those if the programmers aren't careful.
    Also, to be effective, they have to use certain techniques that are done by almost no software other than various malwares and antivirus programs, so again, a false positive is easy and the programmers must take special care to avoid that.
    I guess somebody at Panda forgot all that and neglected to test.
  • by Anonymous Coward

    The Panda Virus checker has run, and confirmed that all installed Viruses including Panda, are functioning correctly.

  • and I feel all kinds of empathy for everyone in this situation. The problem is, when you're trying to stop 0 day malware you have to work and release samples rapidly to protect your users. Developing a flawless battery of tests is tricky, and now and then a sample can slip through. The last time this happened at my company the sample was caught after 27 minutes, but 27 minutes can do a lot of damage when you have millions of users. It took a lot of personal phone calls from everyone in the company to make t
  • In Soviet Russia, own foot shoots YOU!

  • them final thoughts.. those sad thoughts when process realise that to evil and must leave:( "I think, therefore I spam. :( " # *NOP NOP NOP NOP NOP NOP 's ... into the next world* Lest we forget, Sad Pand || a. -------------- SITREP: Panda got bashed. No street cred. Panda got no rodents to tickle, panda did make decision poor :( Wants new start but nobody is listening. Panda look to God for help but meaningless echoes.

A committee takes root and grows, it flowers, wilts and dies, scattering the seed from which other committees will bloom. -- Parkinson

Working...