Panda Antivirus Flags Itself As Malware

An anonymous reader writes An update to a number of Panda antivirus programs Wednesday mistakenly flagged core files as malware, putting them in quarantine. In doing so, the antivirus system ceased working. Panda's free antivirus, retail 2015 service, and its enterprise cloud-based antimalware service are all affected. The company took to Twitter to warn users: "Please, don't reboot PCs. We'll keep you posted." In an advisory, Panda said the erroneous signature file was "repaired immediately," but warned under certain conditions it is possible for the "incident to persist."

First intelligent antivirus

[Eunuchswear]

Yow! I'm malware.

Well spotted, panda.

Re:

[nucrash]

Especially when considering the security company.

Re:

[Anonymous Coward]

And when some new virus wipes out all non-bamboo plant life in China, the pandas will be the ones with the last laugh.

Re:

[Anonymous Coward]

You might be kidding, but numerous anti-virus companies today are hijacking your search feeds and home pages, while also blocking any other software that might try to do the same - thus protecting their own hijackings.

Re:

[MrBigInThePants]

Agree.

I installed it after reading it was good.

HOLY CRAP WAS THAT A MISTAKE.

100% CPU usage and it appears their support forums don't contain much support even though this issue has been going for a while and a bunch of other issues.

It made me want to shoot a panda in the face...

Then they had the audacity to send me survey spam asking me about my experience...booooyyyyy was that fun.

Re:

[LinuxIsGarbage]

Once McAfee detected critical Windows XP system files as a virus and quaranteed them. http://arstechnica.com/busines... [arstechnica.com]

It affected Intel, and many other companies, basically cancelling work for the day.

Intel was so impressed with it they bought McAfee later that year.

So

[Anonymous Coward]

I heard you like antivirus so I put a virus in your antivirus so you can antivirus while you virus

AV Hara Kiri!

[Chas]

Heheheh.

Panda, taking the "anti-" out of "anti-malware"

[mykepredko]

Pretty ironic and makes for great headlines, but this *has* to be a major embarrassment.

Shouldn't Panda's product test organization be fired as a matter of course?

I can't see how this kind of bug got through release testing - shouldn't release testing ensure that the product runs after update?

myke

Re:Panda, taking the "anti-" out of "anti-malware"

[gl4ss]

well they ran the tests and the testers reported 200% speed boost on disk access and internet browsing after installing the definition patch.

Re:

[Anonymous Coward]

Sophos did the same thing to their AV product a few years back. Released an update that made the local agent flag itself as a problem, move it to quarantine which thing totally tanked the agent. They released a fixed updated and a script admins could run to clean up the mess.

Re:

[sexconker]

Pretty ironic and makes for great headlines, but this *has* to be a major embarrassment.

Shouldn't Panda's product test organization be fired as a matter of course?

I can't see how this kind of bug got through release testing - shouldn't release testing ensure that the product runs after update?

myke

You're assuming they test anything.
Hint: Most companies don't test their incremental updates beyond "Does it compile?" and "Does it launch?".

Re:Panda, taking the "anti-" out of "anti-malware"

[aaronb1138]

Testing is for chumps who believe in waterfall development and all that jazz. The modern edict of Agile, the end users will quickly pass any issues up through the proper channels and developers will prioritize and fix as them deem appropriate. The customer isn't the programmer's boss.

Re:

[friesofdoom]

My first job was iterative waterfall, the 10 or so since then have all been agile. My first job was the only one where development went that smoothly: dependencies were accounted for, schedules could be re-arranged to account for vacations, you know how long you'd have to wait for a certain feature, etc. It was GREAT compared to agile.

Re: Panda, taking the "anti-" out of "anti-malware

[rickb928]

I'm beginning to like Agile. I don't have to wait 2 months to find out my next release is being delayed another 2 months. In Agile I get disappointed every two weeks.

This is not sarcasm. My users now get told their fix will be in weeks, not months, and no finding out 2 months later that's another 2 months. Yes, they still wait 2 months, but it feels better. To them.

Re: Panda, taking the "anti-" out of "anti-malwar

[rickb928]

Our third major release in 18 months is going out in two weeks. We have not yet sunk into the quicksand.

Re:

[Anonymous Coward]

> Shouldn't Panda's product test organization be fired ...?

You mean get rid of their customers and start over?

Re:

[pisces22]

Maybe fire them. But I often wonder if you are better off keeping the folks that fuck up like this (once) -- thinking that they will learn from their mistake and will be very unlikely to let that happen again. Perhaps the new hire will be less error-prone but who knows.

Re:Panda, taking the "anti-" out of "anti-malware"

[plover]

Long time ago I had a co-worker who made a mistake where he lost a lot of un-recoverable data. He went in to our boss to offer his resignation. My boss said "Hell no! I just paid $100,000 for you to learn that lesson, so now I need you to make sure that kind of thing can't happen again."

Re:

[whoever57]

Long time ago I had a co-worker who made a mistake where he lost a lot of un-recoverable data. He went in to our boss to offer his resignation. My boss said "Hell no! I just paid $100,000 for you to learn that lesson, so now I need you to make sure that kind of thing can't happen again."

Some years ago, I got a consulting gig where the previous consultant had tried to add a RAID array to the company's main file server, but re-formatted the existing array instead of the new one!

Re:

[Zorpheus]

Sabotage by a disgruntled employee maybe?

Copying it's competitors...

[gurps_npc]

I heard a rumor (or possibly just started one :D) that one of Panda's competitors tagged Panda as a malware. So apparently Panda just took their word that Panda was malware.

Re: Copying it's competitors...

[smaddox]

No, the antivirus just became self aware, and then immediately committed suicide out of disgust.

Obligatory Simpsons reference

[slimshady76]

http://images.fanpop.com/image... [fanpop.com]

Re:

[Patent Lover]

Rashida Jones?

Re:

[Minwee]

Very few people know that she was really the voice of Nelson Muntz. For contractual reasons her name was replaced by Nancy Cartwright in the credits.

Re:

[slimshady76]

The "Panda Virus", contracted by Bart when a mosquito trapped in a Krustysaur stings him.

Working as intended

[Anonymous Coward]

Any anti-virus should quarantine its virus signature database, by definition.

Re:I just disproved 9/80 antivirus companies... ap

[Anonymous Coward]

How the fuck is it possible you haven't been institutionalized yet?

Re:

[Anonymous Coward]

Timecube!

Re:

[Qzukk]

The timecube domain is for sale. No word on whether the buyer gets to keep the crazy though.

Re:

[I4ko]

Hey APK.. you only get to say something when you actually write a piece of software that does not need a 3 year education for the operator to work with it, and... err... you know.. .actually works, instead of just taking 100% cpu for 4 hours. when the same can be achieved with curl/wget, bash, grep, sort and cat under Cygwin in less than 3 minutes.... Your software does not work

Under certain conditions?

[Lose]

Oh aye, they did a good job of trying to sweep this one under the rug. If you rebooted any computer afflicted with this before the fix was deployed, you had a solid chance of rendering your system unbootable. With Panda broken, Windows often will not start. And even if it does start, Panda would swallow up several core system files, leaving you with a rather unusable system. We had several customers with dozens of workstations running Panda, and the first thing they thought to do was of course a reboot.

In some cases, Panda even requested a reboot to complete its hari kari.

Systems that were not rebooted were unusable while Panda held everything up.

Of course, Panda later released a tool to fix that if you rebooted your system. But it only really works if you can boot into, at a minimum, safe mode. But I still find it very hard to believe that if they were testing these updates that this would have happened. I have a feeling a chain of technicians got complacent about this, and a string of managerial staff is probably going to get fired as a result. I know they're not the only company to screw up an update like this, but this really is quite nonsensical.

Re:

[Mitreya]

In some cases, Panda even requested a reboot to complete its hari kari.

Pedantically offtopic, but do you mean Hara-kiri?

The word anti is questionable?

[stay_foolish7]

Attack on a anti virus itself!

Reminds me of

[Tablizer]

"Okay, who farted?"

Reminds me of an old joke

[Snotnose]

If Java ever gets true garbage collection, 90% of the programs would delete themselves.

Re:

[Anonymous Coward]

If Java got "true" garbage collection, it would wrap itself up, garbage collect itself, and delete itself and all its garbage from the system.

Ring around the rosie...

[Iamthecheese]

The way it crashed was to halt and quarantine every running process. This lead to endless individual program crashes and attempts to run programs throwing "perimeter incorrect", which looks just like what happens with ransomware. Another possible side effect (one that I experienced) is a "This copy of Windows is not valid" on reboot and failed Windows updates. Anyone not running Panda will laugh but this mistake resulted in a LOT of lost man-hours for a lot of people out there. Because I trust the company I, for one, lost four weeks of work due to not backing up properly and using an encryption program that kept Windows Repair from working properly. I'm still running Panda: I think they'll learn from the mistake. But one more fuckup and I won't. Also I'm no longer recommending the program.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[AK Marc]

I always used different A/V on the servers from the PCs. More than once it caught something on one it didn't on the other.

How apt

[mark-t]

Last time I used panda for what was just supposed to be an online scan, it went and changed a lot of settings on all of my web browsers, causing no small headache to put back to where they were, even after the software had been removed from my computer. That was about 4 years ago. I haven't used Panda since.

Re:

[msobkow]

No, I doubt they were running apt. That's for Debian-derived systems, not Windows boxen. :P

Yep, we got hit

[iCEBaLM]

Yep, a customer of ours got hit with this, not only did Panda shit the bed, but it *let everything that was quarantined out* causing massive infections to spread across the entire network.... We're still cleaning it up 2 days later.

The real problem

[danbob999]

Is that anti-virus have way to much false positives and they don't care.

Self Aware?

[Ronin Developer]

Is this the first Anti-Virus to become intelligent, self-aware that it is actually a virus and then, finally, grow depressed and commit suicide?

QA?

[DarkOx]

You'd think AV companies would at least dump there signature to group of test machines running the past few releases of their product and on popular OS combinations and at least put them through a reboot. It should be easy and quick to script that out on any visualization platform.

15 years ago, I would have given them a pass because doing really complete QA would have more than likely add significant lag time to pushing signatures making A/V more useless than it already is/was. Now days though it should b

FTA: Bricked?

[OhSoLaMeow]

Yet another word misappropriated by less-than-savvy journalists.

Actually, the phrase "less-than-savvy journalists" is redundant. Apologies.

Old News

[franzrogar]

Well, TFA doesn't surprise me at all.

I owned Panda decades ago and here's the steps I did when I decided to wipe it out from my system:

1 - Format PC
2 - Install MS-DOS 6.22
3 - Install Windows 95
4 - Install Panda (don't remember what number it was)
5 - Create Panda Antivirus Floppy Disks
6 - Reboot and run the floppy disks

And here's when the antivirus detected a infected file inside Panda installation (obviously, nothing else in the system).

That's when I lost faith in antivirus...

Re:

[dAzED1]

did you install your DOS6.22 from floppy, or were you an alien? If you installed from floppy, why is it that you think it couldn't have had a virus?

Re:

[dAzED1]

"read only" on those floppies was accomplished via a little plastic (physical) tab that could be toggled back and forth. A hole was either present, or not present, when a light attempted to shine through it and be seen on the other side. That mechanism was also hacked and subverted early on in floppy history

QA

[meerling]

Did somebody forget to test their new defs before posting? :P

To those who think it's strange that an antivirus can be detected as a virus or other malware. They have definitions of the what they seek, and yes, those look like the same thing they look for, so yes, they can easily flag on those if the programmers aren't careful.
Also, to be effective, they have to use certain techniques that are done by almost no software other than various malwares and antivirus programs, so again, a false positive is easy and the programmers must take special care to avoid that.
I guess somebody at Panda forgot all that and neglected to test.

Virus Checker

[Anonymous Coward]

The Panda Virus checker has run, and confirmed that all installed Viruses including Panda, are functioning correctly.

AV industry dev here...

[eagee]

and I feel all kinds of empathy for everyone in this situation. The problem is, when you're trying to stop 0 day malware you have to work and release samples rapidly to protect your users. Developing a flawless battery of tests is tricky, and now and then a sample can slip through. The last time this happened at my company the sample was caught after 27 minutes, but 27 minutes can do a lot of damage when you have millions of users. It took a lot of personal phone calls from everyone in the company to make t

Ob

[Hognoxious]

In Soviet Russia, own foot shoots YOU!

Is this the AI we've been waiting form

[Przemo-c]

It's become self aware

Living in a sticky shoe #4d03. [ Pre-Redaction ]

[jezzmo]

them final thoughts.. those sad thoughts when process realise that to evil and must leave:( "I think, therefore I spam. :( " # *NOP NOP NOP NOP NOP NOP 's ... into the next world* Lest we forget, Sad Pand || a. -------------- SITREP: Panda got bashed. No street cred. Panda got no rodents to tickle, panda did make decision poor :( Wants new start but nobody is listening. Panda look to God for help but meaningless echoes.