Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Botched Security Update Cripples Thousands of Computers

samzenpus posted about a year and a half ago | from the houston-we-have-a-problem dept.

Bug 274

girlmad writes "Thousands of PCs have been crippled by a faulty update from security vendor Malwarebytes that marked legitimate system files as malware code. The update definition meant Malwarebytes' software treated essential Windows.dll and .exe files as malware, stopping them running and thus knocking IT systems and PCs offline, leaving lots of unhappy users and one firm with 80% of its servers offline."

cancel ×

274 comments

Sorry! There are no comments related to the filter you selected.

Microsoft Security Essentials... (5, Insightful)

Frosty Piss (770223) | about a year and a half ago | (#43479735)

...is all I use these days.

Of course since Windows is "out of favor" here, one does not necessarily mention that Microsoft's "Security Essentials" is easily as good as most commercial Windows anti-malware packages, and much more "light weight". And free. And yes, everyone knows that Microsoft purchased the original technology (so what?) ...

Re:Microsoft Security Essentials... (3, Interesting)

H0p313ss (811249) | about a year and a half ago | (#43479779)

Same here. But you should be aware that every time this topic comes up MSE is highly praised by Slashdotters.

Re:Microsoft Security Essentials... (4, Informative)

ozmanjusri (601766) | about a year and a half ago | (#43479819)

MSE is highly praised by Slashdotters.

Only by those who don't pay attention to current reviews. Like many recent Microsoft products, MSE started off well, but has been in steady decline since its release.

Re:Microsoft Security Essentials... (1)

Anonymous Coward | about a year and a half ago | (#43479863)

Of course you can not produce unbiased reviews that actually say this...

Re:Microsoft Security Essentials... (3, Informative)

oldlurker (2502506) | about a year and a half ago | (#43480051)

Of course you can not produce unbiased reviews that actually say this...

Actually, the leading security software reviewer site, AV-Test, gave MSE a bad review in the last round, they did not pass "AV-Test certification".

Re:Microsoft Security Essentials... (5, Informative)

Anonymous Coward | about a year and a half ago | (#43480089)

that is possibly the most biased of all reviews and testing sites as it takes money from the top AV vendors, the part it didn't do well in is zero day stuff, the part of an AV product that matters the least as nothing is reliable enough for zero day (not even the best products). The fact that AV-Test puts such significance on that part of their test really calls their whole process into question.i.e. DON'T trust them.

Re:Microsoft Security Essentials... (1, Informative)

Khyber (864651) | about a year and a half ago | (#43480113)

AV-Test is bullshit shill-paid, like almost every site out there.

MSE here, have run it since XP. Not one damned problem.

Re:Microsoft Security Essentials... (-1, Flamebait)

mwvdlee (775178) | about a year and a half ago | (#43480149)

Dear mr. oldlurker,

Perhaps you and tuppe666 should get a private room so you guys can jerk off to av-test together without spilling your disgusting juices all over the comments.

Thank you.

Re:Microsoft Security Essentials... (0)

Anonymous Coward | about a year and a half ago | (#43480189)

Wait, which operating system did all this malware run on anyway?

Re:Microsoft Security Essentials... (1)

Anonymous Coward | about a year and a half ago | (#43479869)

This proves my personal point.
MS is like a Midas. With this difference, that anything they touch becomes shit.
I had a proof once skype was purchased...(that's last MS technology I use)

Re:Microsoft Security Essentials... (5, Insightful)

Joce640k (829181) | about a year and a half ago | (#43480295)

Only by those who don't pay attention to current reviews. Like many recent Microsoft products, MSE started off well, but has been in steady decline since its release.

Face it, they're all shite... the viruses change every single day and no anti-virus of them will protect you from the latest ones. Not one. Virus infection is 100% due to the warm squishy thing between the keyboard and chair, not the flavor of antivirus installed on the machine.

OTOH, MSE doesn't constantly annoy, slow your PC to a crawl or constantly ask for credit card details just to keep on running.

Re:Microsoft Security Essentials... (5, Insightful)

Samantha Wright (1324923) | about a year and a half ago | (#43480385)

But if it doesn't slow the computer down to an unusable crawl, how will anyone ever feel safe?!

Re:Microsoft Security Essentials... (1)

Anonymous Coward | about a year and a half ago | (#43479783)

I've done my research on antivirus products, and yes, Microsoft Security Essentials was a highly rated product 2 years ago. But within the past year or so it has been getting bad reviews. Check the AV rating web sites - MSE is one of the lowest rated AV products now.

Re:Microsoft Security Essentials... (5, Insightful)

Anonymous Coward | about a year and a half ago | (#43479811)

NO, it hasn't been getting bad reviews, it has had some negative press based on some dodgy tests that try to use essentials for something it isn't really meant for. They throw zero day malware to test its heuristics, which are not wonderful. however in known malware (the stuff 99.9% of people need protection against) it is exceptionally good.

Re:Microsoft Security Essentials... (1, Informative)

oldlurker (2502506) | about a year and a half ago | (#43480059)

NO, it hasn't been getting bad reviews, it has had some negative press based on some dodgy tests that try to use essentials for something it isn't really meant for. They throw zero day malware to test its heuristics, which are not wonderful. however in known malware (the stuff 99.9% of people need protection against) it is exceptionally good.

This is considered the leading AV review site in the world, not achieving their "certification" (the icon in the third column) in test is certainly a bad review, most well known security software manage to exceed that threshold. MSE didn't in the last two tests.

http://www.av-test.org/en/tests/test-reports/ [av-test.org]

Re:Microsoft Security Essentials... (2)

Khyber (864651) | about a year and a half ago | (#43480115)

At least MSE doesn't go wiping system-essential files.

Like almost every other AV product has done once or twice in its life.

Re:Microsoft Security Essentials... (1)

The Rizz (1319) | about a year and a half ago | (#43480191)

At least MSE doesn't go wiping system-essential files. Like almost every other AV product has done once or twice in its life.

MSE doesn't go wiping files for software made by its own company - which almost no other other AV company has ever done, either.

FTFY.

Re:Microsoft Security Essentials... (0)

Anonymous Coward | about a year and a half ago | (#43480119)

This is considered the leading AV review site in the world,

ROFL. good one!

Re:Microsoft Security Essentials... (5, Funny)

terjeber (856226) | about a year and a half ago | (#43480463)

This is considered the leading AV review site in the world

I have a very, very nice bridge for sale, and just for you, I have a very, very good price. You should jump on this, it's a once-in-a-lifetime chance.

Re:Microsoft Security Essentials... (4, Informative)

UltraZelda64 (2309504) | about a year and a half ago | (#43479839)

Meh, who wants to keep checking the anti-virus reviews all the time and constantly switching, tossing money out here and there? These programs have the ability to cause enough problems on their own, and their effectiveness at "catching" things changes with the weather. You're better off just picking one and sticking with it, avoiding all the extra headaches. In the end, they're all pretty questionable (I wouldn't trust any of them over good old common sense), so you might as well get the one developed by the same people who make the OS to prevent any stupid little problems like what TFA is about. It just happens to be a nice bonus that Microsoft's product is free (well, beyond the Windows license fee at least...). IMO most of the "anti-virus industry" is just a bunch of whiny crooks themselves, and neither they or their software can really be trusted much more than the malware they claim to be fighting.

Re:Microsoft Security Essentials... (0)

The Rizz (1319) | about a year and a half ago | (#43480195)

Meh, who wants to keep checking the anti-virus reviews all the time and constantly switching, tossing money out here and there?

Who is so goddamn lazy that they can't check AV reviews every year or two? Also, it doesn't cost you any extra money to switch if you just do it once every year or two when you license runs out (for paid software), or to check the reviews every 6-12 months if you're using the free ones.

Re:Microsoft Security Essentials... (4, Insightful)

Joce640k (829181) | about a year and a half ago | (#43480303)

Experience has shown that it makes NO difference what anti-virus I install on people's machines.

Re:Microsoft Security Essentials... (0)

Joce640k (829181) | about a year and a half ago | (#43480311)

IMO most of the "anti-virus industry" is just a bunch of whiny crooks themselves, and neither they or their software can really be trusted much more than the malware they claim to be fighting.

Yep.

scoring 71% percent vs. the industry average 92% (4, Interesting)

tuppe666 (904118) | about a year and a half ago | (#43479827)

Microsoft's popular Security Essentials anti-virus software has failed to gain the latest certificate from the AV-TEST institute. http://www.theverge.com/2013/1/17/3885962/microsoft-security-essentials-fails-anti-virus-certification-test [theverge.com] "In antimalware testing against a range of products, AV-TEST failed to certify AhnLab V3 Internet Security 8.0, Microsoft Security Essentials 4.1, and PC Tools Internet Security 2012 out of a total of 25 different vendors. Microsoft's own anti-virus software failed to adequately protect against 0-day malware attacks, scoring an average of 71 percent vs. the industry average of 92 percent."

Nobody cares whether its original they care if it works.

Re:scoring 71% percent vs. the industry average 92 (1)

bloodhawk (813939) | about a year and a half ago | (#43479855)

it really only did average on the zero day stuff, which is not the strong point of essentials. on the known malware it still does very well. the tests by AV-Test really don't provide a good way for the average user to judge products as most are not under attack from zero day malware and viri.

Re:scoring 71% percent vs. the industry average 92 (5, Interesting)

Frosty Piss (770223) | about a year and a half ago | (#43479873)

"AV-TEST institute" is well known to require financial investment for a top rating, their recommendations - such that they are - are highly suspect.

Re:scoring 71% percent vs. the industry average 92 (2, Insightful)

minus9 (106327) | about a year and a half ago | (#43480439)


If their results can be bought, Microsoft would have bought them.

Re:scoring 71% percent vs. the industry average 92 (3, Informative)

Dahamma (304068) | about a year and a half ago | (#43479879)

The problem is the solutions that may do a bit better catching the 0-day malware are also the ones that are so heavyweight they noticeably affect the performance of your system. There is a tradeoff at some point between resource usage and coverage. One thing MSE definitely has going for it is it doesn't badly degrade performance like McAfee, Norton, recent AVG, etc do.

Re:scoring 71% percent vs. the industry average 92 (2)

tlhIngan (30335) | about a year and a half ago | (#43479933)

OTOH it seems every one of those "passing" AV solutions at one time or other have marked a critical Windows file as a virus and made the system unbootable. Now, whether or not you can recover from that or reinstall from scratch is a good question.

MSE fails because it's less strict, probably because you don't want it to quarantine some valuable Windows file that makes it unbootable.

Sure Microsoft could crank up the heuristics and mark more malware, but you risk accidentally tagging a legit file - and the inconvenience of having to restore your system from a backup (if you have one) is extreme

Given UAC means you can't install drivers and such without prompting the user, most malware these days remain usermode to hide themselves. It means they can't install themselves into the kernel nor hide themselves from Task Manager, but for what malware authors need, it's Good Enough. And it means that once a new threat is positively identified, MSE can easily remove it rather than remove it by killing the system.

Plus, you do have to wonder about AV test companies - sponsored by the big guys like McAfee and Symantec. I'm sure there's absolutely no interest in making it appear that their products are better than the rest, especially free ones. Better to pay $50/year than free! And they have to have popups telling you all the work they do, rather than sit quietly in the corner apparently doing nothing.

ObXKCD [xkcd.com] . How appropriate, as well.

Re:scoring 71% percent vs. the industry average 92 (0)

Anonymous Coward | about a year and a half ago | (#43480055)

It works fine, the Zero Day threats are the least important for an AV product, none are ever a guarantee against zero day. The important metric is how it does against known malware, which it scores a 99% in latest tests (or equal to pretty much all the leaders but without the shit that all the other products place on your system).

Re:scoring 71% percent vs. the industry average 92 (1)

hairyfish (1653411) | about a year and a half ago | (#43480073)

Nobody cares whether its original they care if it works.

But only if it doesn't hose your system in the process. MSE might not be the most water tight security app out there, but is hits a pretty nice sweet spot for 'good enough" security as well as "low enough" impact on performance. It's also free which makes it pretty hard to beat for a client based malware solution.

Re:scoring 71% percent vs. the industry average 92 (5, Insightful)

Electricity Likes Me (1098643) | about a year and a half ago | (#43480087)

Basically "stop doing stupid things with your computer".

Why a firm needed Malware Bytes on it's servers in the first place is the real question here.

Re:scoring 71% percent vs. the industry average 92 (1, Redundant)

BulletMagnet (600525) | about a year and a half ago | (#43480369)

Basically "stop doing stupid things with your computer".

Why a firm needed Malware Bytes on it's servers in the first place is the real question here.

I was wondering this exact same thing. IT Manager Fail.

Re:scoring 71% percent vs. the industry average 92 (2)

twistofsin (718250) | about a year and a half ago | (#43480159)

I don't use MSE to protect my PC from 0 day exploits. I don't consider my online behavior to be that risky, and so far that assumption has held true. MSE is there mainly for the random drive-by attacks that can still happen. Better 0 day detection also results in more false positives, and this is definitely something I don't want when I'm not even engaging in risky behavior to begin with.

Having worked as a shop tech for years my rule of thumb has been that if it's a single user PC and they are a responsible person MSE is sufficient. If the PC is shared, especially with children, teens, or roommates, you should probably purchase a retail product that is more proactive.

Re:scoring 71% percent vs. the industry average 92 (0)

Anonymous Coward | about a year and a half ago | (#43480161)

Microsoft's popular Security Essentials anti-virus software has failed to gain the latest certificate from the AV-TEST institute.

Because their test is predominantly zero-day malware, the kind of stuff most people don't get so it's pointless having a bloated, heavyweight system doing analysis which is why effort on MSE isn't in heuristics.

Nobody cares whether its original they care if it works.

And for 99% of people it does.

Re: Microsoft Security Essentials... (0)

Anonymous Coward | about a year and a half ago | (#43479849)

Still doesn't catch it all. I own a repair business and MSE alone is not a guarantee that you will get everything. Other malware programs are needed to catch something.

Re:Microsoft Security Essentials... (3, Insightful)

inflex (123318) | about a year and a half ago | (#43479883)

All I use and recommend now as well. Previously good AV suites have become pointlessly (for the consumer) bloated and I'm having a higher occurence of machines being bought in with faults explicitly attributable to the AV suites.

I'm no fan of Microsoft, but I have to say that MSE does tend to do an acceptable job given that inevitably all AV suites let stuff slip past.

Re:Microsoft Security Essentials... (2, Insightful)

Anonymous Coward | about a year and a half ago | (#43480015)

All I use and recommend now as well. Previously good AV suites have become pointlessly (for the consumer) bloated and I'm having a higher occurence of machines being bought in with faults explicitly attributable to the AV suites.

Which is why, over a year ago, I tried out MSE, found that (at least, back then) it was as good as the usual freebie AV offerings, and installed it on a number of customer PCs and laptops.

I'm no fan of Microsoft,

I got a serious amount of stick for going the MSE route, I've cordially detested Microsoft and it's unholy offerings since DOS 3.2

but I have to say that MSE does tend to do an acceptable job given that inevitably all AV suites let stuff slip past.

And this is the thing, '..inevitably all AV suites let stuff slip past
I've had infected machines back to me for disinfection which had been running fully up to date AV suites (both free and commercial).
In a bout of boredom one week, I set up a test machine running XP c/w patches, ghosted the install, then worked my way through various AV suites, free and commercial.
The basic test was, fire up eMule, download the obvious virus files, then try to deliberately infect the system by running them.
Eventually, all the AV suites I tried failed, and the box was duly infected (which lead to part two of the test, how capable various disinfection tools are..oh, what fun).
MSE fell out of my favour a while back mostly due to detection issues (over a couple of weeks, 10 machines running it became infected with known [to most of the other AV software] variants of a Trojan then doing the rounds) It's hard trying to explain to people that AV software is as fallible as any other software, especially when you initially specified/installed it and are now charging them for repairing the damages caused by it's failure.

Re:Microsoft Security Essentials... (0)

znrt (2424692) | about a year and a half ago | (#43480029)

Microsoft's "Security Essentials" is ... free.

free as in "included in the ridiculously high price for their crappy os"?

Re:Microsoft Security Essentials... (1)

hairyfish (1653411) | about a year and a half ago | (#43480077)

Well if you have the OS already and are given the choice of MSE for no extra cost, or most of every other solution which costs money, then yes, it is free.

Re:Microsoft Security Essentials... (1)

Joce640k (829181) | about a year and a half ago | (#43480327)

free as in "included in the ridiculously high price for their crappy os"?

Free, as in "people don't have to spend extra money to get it".

Re:Microsoft Security Essentials... (2)

Samantha Wright (1324923) | about a year and a half ago | (#43480413)

Well, technically you need a Genuine-certified copy of Windows to download it, but, um, why are you pointing that out? Unless you have Windows already, it's not going to have any use to you at all. You might as well say the same thing about all Windows-based software, at which point I would have to point out that you're being a bit silly.

Re:Microsoft Security Essentials... (3, Interesting)

donscarletti (569232) | about a year and a half ago | (#43480053)

...is all I use these days.

Of course since Windows is "out of favor" here, one does not necessarily mention that Microsoft's "Security Essentials" is easily as good as most commercial Windows anti-malware packages, and much more "light weight". And free. And yes, everyone knows that Microsoft purchased the original technology (so what?) ...

MSE is good for what it is and what it does, I first tried it after reading unanimous praise of it here on Slashdot. It's the only AV I've ever seen that does not conspicuously cause the system to become slow, unstable and/or quirky.

I am feeling smug about this and is not about Microsoft or Windows itself, I just simply could not understand how a professional sysadmin could ever be in a position where they must run anti-virus on a server, which seems to be common practice amongst Windows admins.

Antivirus is for checking that executables and libraries are free of malicious code. I just cannot possibly fathom why an executable or library could be running on a server if nobody had checked it beforehand. A good admin should scan and monitor tools that come from untrusted sources before putting it on a live server. A great admin should scan and monitor tools, even if they're from trusted sources before putting it on a live server. This is basic stuff and is why almost all servers are infected through network bugs, which can be easily prevented by keeping services up to date and non-essential services shut down or at least firewalled off.

Why then do you need an Anti-Virus? It won't protect your services from buffer overflows or other infection vectors, it won't protect you from new rootkits unless it has wicked-sick heuristic analysis and you get lucky. So what does it guard against? Maybe someone using a zero-day attack vector and installing an old rootkit?

So for a sense of security against unknown threats, you give an autonomous, externally controlled process, that is by design almost impossible to analyse, unfettered administrator access to your entire system. Now this happens, I feel smug.

Microsoft Security Essentials for Linux... (1, Funny)

dgharmon (2564621) | about a year and a half ago | (#43480179)

Where can I get ' Microsoft Security Essentials ` for Linux?

Re:Microsoft Security Essentials for Linux... (0)

Anonymous Coward | about a year and a half ago | (#43480205)

Or Android, or iOS, or BSD, or OSX or...

There's only one OS that is so hilariously easily infested that its own builder has to produce a band-aid solution to its colander-like nature.

Re:Microsoft Security Essentials for Linux... (0)

Anonymous Coward | about a year and a half ago | (#43480331)

Where can I get ' Microsoft Security Essentials ` for Linux?

At shill.com

Re:Microsoft Security Essentials... (1)

hairyfeet (841228) | about a year and a half ago | (#43480213)

As someone who actually has to do the cleaning when viruses get in there is a serious problem with MSE, which just for full disclosure I use myself on my netbook and gamer box, and it is thus: It works well IF and ONLY IF you are already using best practices and not going anyplace risky.

Now the reason why is actually VERY simple, and its why MSE is so much lower resource than other AVs out there...its not really an AV in the traditional sense at all. You see it was originally Giant AntiSpy which like most anti-spyware had limited AV capability but wasn't really made to be a full fledged AV and MSFT simply bought it and improved upon it somewhat. How many of you here have ever had MSE block an infected website from loading? anybody? I've been running it for ages and have yet to see it block a page before load and if you look at its resource usage when you are surfing it really doesn't do much more than scan files after you download them, kinda like an automated ClamAV.

Now don't get me wrong, that doesn't mean MSE is bad or doesn't have uses, its just a very limited AV which is why its so low on resources. As I said I use it on 2 out of 3 PCs that I own but on those systems I'm not really doing anything risky and I have the browser in low rights mode and sandboxed along with Comodo DNS filtering infected sites so its not easy for a bug to get in my system in the first place, but if you have someone who maybe doesn't follow best practices or is not very careful? Then I would NOT give them MSE, Avast Free or Comodo Internet Security free would be better choices, again thanks to scan before load and sandboxing of the browser.

But if you already have decent security measures in place and only really need to scan downloaded files? Then its really great, lower resource usage than any other, fast and free. For that use case its a really great tool, you just have to accept like most tools there are places where its a good idea and places where it isn't.

Re:Microsoft Security Essentials... (1)

kwerle (39371) | about a year and a half ago | (#43480227)

Right, and it's what I use and recommend.

Which begs the question: why do I have to install it? Why doesn't it ship with?

I mean, sure, someone is in bed with the various AV vendors. But when you ship an OS that is for use by joe-users, you really ought to keep it clean.

Whatever. I find it frustrating.

Re:Microsoft Security Essentials... (1, Informative)

Joce640k (829181) | about a year and a half ago | (#43480333)

Right, and it's what I use and recommend.

Which begs the question: why do I have to install it? Why doesn't it ship with?

Anti-trust laws.

PS: It doesn't beg anything, it raises a question.

Re:Microsoft Security Essentials... (1)

Trax3001BBS (2368736) | about a year and a half ago | (#43480375)

...is all I use these days.

Of course since Windows is "out of favor" here, one does not necessarily mention that Microsoft's "Security Essentials" is easily as good as most commercial Windows anti-malware packages, and much more "light weight". And free.

Never used Microsoft's "Security Essentials" only because of back door issues. While I know of none,
I just don't trust MS and some programs I run MS would strongly object to (like linux :)

For the record I use ESET aka NOD32.

NOD32 is set to alert me to a problem so I can decide what to do about it not the program. Default
is to not only quarantine it, but encrypt it as well. At least NOD32 lets me have the option to change that,
many programs don't feel the user has the ability to know a good file from a bad one.

I used to test my malware programs at http://vx.netlux.org/index.html [netlux.org]
NOD32 has always done about 80% which is very good and better than any other I've tested.
-My test were if it downloaded and if it did could it be unzipped (uncompressed).

Re:Microsoft Security Essentials... (0)

mspohr (589790) | about a year and a half ago | (#43480391)

Having only used MacOS and Linux for the past 5-10 years and having not had to deal with malware and security software and these kinds of clusterfucks when the security software attacks your computer, I wonder why, oh why, do people still use the crap software known as Windows??? ... are they masochists? ... are they stupid? ... are they zombies? ... ??? WTF???
Really??

Meanwhile, at Malware Bytes HQ (4, Funny)

girlintraining (1395911) | about a year and a half ago | (#43479737)

"I don't understand... it worked fine in the lab."

Re:Meanwhile, at Malware Bytes HQ (4, Interesting)

Aranykai (1053846) | about a year and a half ago | (#43479749)

And to think, just the other day I was being berated for delaying updates on system critical boxes...

Re:Meanwhile, at Malware Bytes HQ (4, Funny)

sabri (584428) | about a year and a half ago | (#43479773)

And to think, just the other day I was being berated for delaying updates on system critical boxes...

Time for a salary increase request :-)

Re:Meanwhile, at Malware Bytes HQ (0)

Anonymous Coward | about a year and a half ago | (#43479847)

Proactive procrastination is what I would call it; others call it genius!

That's ironic... (1)

mlts (1038732) | about a year and a half ago | (#43479741)

Just was in the process of downloading a beta client for their new online backup system to fiddle around with on a virtual machine (it is similar to Mozy/Carbonite.)

Never run third party programs (2)

fustakrakich (1673220) | about a year and a half ago | (#43479743)

Always use Genuine Microsoft Products

Re:Never run third party programs (0)

Anonymous Coward | about a year and a half ago | (#43479803)

Are you 1986 checking in?

Genuine Microsoft Products (1)

tuppe666 (904118) | about a year and a half ago | (#43479813)

Except those are the most common form of malware https://en.wikipedia.org/wiki/MS_Antivirus_(malware) [wikipedia.org] I'm going to skip over active X and Macro Virus or even .asf. In contect of this article Security Essentials anti-virus software has failed to gain the latest certificate from the AV-TEST institute. http://www.theverge.com/2013/1/17/3885962/microsoft-security-essentials-fails-anti-virus-certification-test [theverge.com]

Re:Genuine Microsoft Products (0)

Anonymous Coward | about a year and a half ago | (#43480185)

In contect of this article Security Essentials anti-virus software has failed to gain the latest certificate from the AV-TEST institute.

You already posted that in the comment thread about MSE, stop shilling for that blatant paid-review site!

Re:Never run third party programs (1)

UltraZelda64 (2309504) | about a year and a half ago | (#43479861)

You would be just as well off never running Genuine Microsoft Products. Don't run their OS, and you automatically can't run all the harmful crap written for it. Wine might allow some of it to run, but it probably won't get very far even if it does do anything.

Doh! (3, Insightful)

All_One_Mind (945389) | about a year and a half ago | (#43479745)

For once I'm happy that I'm too lazy to regularly update programs like that.

Re:Doh! (0)

Anonymous Coward | about a year and a half ago | (#43480125)

Yep, same here. MSE is good nuff..

bah (-1)

Anonymous Coward | about a year and a half ago | (#43479747)

Big deal, go outside for once.

The cure is worse than the disease (5, Interesting)

tftp (111690) | about a year and a half ago | (#43479755)

How many viruses your antivirus caught recently? How many CPU cycles the same antivirus burned through as you were opening files on your computer?

Maybe I'm doing something wrong, but I haven't seen a virus in a decade. The majority of successful attacks are based on social engineering and on 0-day exploits of vulnerable code. An antivirus is not such a great help here. But antivirus companies are sitting pretty because the audience is conditioned that any PC must have an antivirus.

Re:The cure is worse than the disease (4, Insightful)

Anonymous Coward | about a year and a half ago | (#43479793)

I've yet to see an AV that actually can deal with browser add-on attacks.

The only thing that might help is Malwarebytes because it blocks by IP address.

If you want protection, use an ad blocker. Ad servers seem to be one of the chief causes, if not the top infection vector these days.

Re:The cure is worse than the disease (2)

Arker (91948) | about a year and a half ago | (#43480069)

Mbam is one of the best on the field today.

The field is pretty crappy though.

To understand the situation you really have to go back to the 80s. Antivirus scanners were just starting. Some of us were pointing out the problems with it. Some of us even made non-scanner AV systems that worked. Give me a DOS6 system and I can give you a very effective automatic defense system (though it would naturally take some time, given how many of the details I have forgotten between then and now.) Windows versions 3 and later broke the sort of system I (and others) developed, for no apparent reason. And ever since then, the antivirus vendors, MicroSoft, and the trade press have been pretty much unanimous that scanners were the only way to go. The customers pretty well refuse to buy anything else.

The trouble is scanners are and always were a security dead-end.

But it's more than a single change that is ultimately involved here though, it's a long running pattern of behavior, a long-running calculus of benefit. It wouldnt benefit Microsoft to produce a more secure OS. It would cost them more money to develop that way, but people would not want to pay more for it. And they would not be able to make any money off of the antivirus market - not saying they make much now, but they are still in the game and angling to make something there. A securable system would give that possibility up for no business gain. It would not be popular with hardware manufacturers either. Malware increases the attrition rate on existing installs which increases the sales rate on new hardware.

Even the linux ecosystem isnt immune to the same forces, though it started with a more securable base and obviously hasnt been so badly compromised. But none of the companies that make money from linux have any incentive to minimise support needs. Most explicitly rely on support needs to fuel the profitable side of their business. This means they benefit not just from malware but from undecipherable error messages and all sorts of other poor practices.

Anyway, you are right about ad blocking, although it's better simply to noscript everything than worrying about what is an ad and what is some other third-party thing that doesnt need to be loaded.

A resident antivirus scanner is probably better than nothing, for the average computer user who would rather have his eyes poked out with a hot iron than try to understand how his computer works. But I see them smashed by malware every day, and it's no surprise. The fundamental paradigm just doesnt allow for security, and for reasons above I dont expect to see it change anytime soon.

I have a virus on my desktop right now, I have a pool going on how long before an antivirus update finally picks it up and it starts screaming. Want to bet?

My money is on over a month, I am having a very hard time getting any of my coworkers to take an under position.

1 in 20 (3, Insightful)

tuppe666 (904118) | about a year and a half ago | (#43479795)

Maybe I'm doing something wrong, but I haven't seen a virus in a decade.

...or maybe as http://eugene.kaspersky.com/2013/03/25/one-in-twenty-is-the-sad-truth/ [kaspersky.com] "Even those who care nothing for their health still get sick – it’s just that the infection goes undiagnosed" as much as you may find it comforting blaming users, 1 in 20 infected machines implies there is something wrong. Its no wonder users are not buying PC's anymore.

Re:1 in 20 (0)

Anonymous Coward | about a year and a half ago | (#43479943)

Holy shit; self-selection bias in that "study" much?

Re:The cure is worse than the disease (2)

fustakrakich (1673220) | about a year and a half ago | (#43479833)

So, basically an antivirus program is just like the TSA, catches nothing and slows down the process..

Re:The cure is worse than the disease (2)

woboyle (1044168) | about a year and a half ago | (#43479963)

I only run Windows in a Linux virtual machine. If it gets a virus, I just revert to the last snapshot. That said, I do run ClamWin (ClamAV for Windows), but it only runs scans when I want, such as when I think that something is trying to get in my "pants". I do AV cleansing for clients, but I use ClamAV and 2 other professional-level scanners on a Linux system. I connect the infected drive to my linux system using a docking bay, make a bit-image backup of the drive and file systems, and then scan the file system images with 3 scanners (I don't touch or mount the infected drive/partitions) - each generates some false positives, and each catches viruses that the others don't. Then I clean the system. This costs my clients $$, but they get back systems that are clean, and their data is intact. Just like there is "safe sex", there is "safe computing". Here are a few simple rules. 1. Don't download and open email attachments from people you don't know. 2. Don't download and open email attachments from people you do know unless you have scanned them first. 3. Don't respond to spam messages, and don't open them except in a "sandbox" environment, such as gmail's spam folder. 4. Make sure your internet browser is kept up to date, disable java plugins, and make bit-image backups of your system at regular intervals. That way, if you do get infected, you can revert to a "known good image". 5. Keep your user data on a file system or device separate from the system. IE, system stuff on one drive/partition, and user data on another. This is called "separation of domains of responsibility".

Re:The cure is worse than the disease (1)

Anonymous Coward | about a year and a half ago | (#43480007)

News flash, Anti-virus doesn't just target viruses. Every major AV vendor's product includes run-time protection that you seem completely ignorant of. Not to mention URL and content filtering on the web pages delivering exploit kits. But hey, it's easier to just rant on slashdot than get informed, so please proceed.

Re:The cure is worse than the disease (1)

DavidClarkeHR (2769805) | about a year and a half ago | (#43480027)

How many viruses your antivirus caught recently? How many CPU cycles the same antivirus burned through as you were opening files on your computer?

Maybe I'm doing something wrong, but I haven't seen a virus in a decade. The majority of successful attacks are based on social engineering and on 0-day exploits of vulnerable code. An antivirus is not such a great help here. But antivirus companies are sitting pretty because the audience is conditioned that any PC must have an antivirus.

Either you're not exploring the web, or unaware of any infections (or you practice safe cyber-sailing).

While an anti-virus solution won't help with 0-day exploits, it may eventually (or should) indicate some sort of problem. You might not catch it on day 1, but if you've missed all the other signs of an infection (or aren't watching for them), then an AV install that won't update is an EXCELLENT way to detect a problem.

Re:The cure is worse than the disease (2)

tftp (111690) | about a year and a half ago | (#43480105)

Either you're not exploring the web, or unaware of any infections (or you practice safe cyber-sailing).

I must admit that IRL I also do not explore sewers, and don't go after midnight into a bad part of town, and I don't instigate bar brawls, and I don't bother sleeping dogs. You might classify me as "cautious."

As far as being aware of possible infections... I have MS AV running; it is a low maintenance thing, so I let it be. It's not great, but what is? A skilled, targeted intrusion, such as a stealth keylogger, won't be detected anyway.

With regard to "safe," this LAN is behind a firewall, of course, and each box runs its own software firewall. I guess it would be possible to compromise the router first, then some host behind it, but it would be pretty difficult - it's not something that a script kiddie can do. All those do is portscan my servers - and I'm watching.

I do have a couple browsers that run scripts (IE and Chrome.) But I don't use those for free browsing; they are reserved for specific sites that require scripting. The rest of the browsing is done on the latest FF that has all the privacy and security add-ons loaded (NoScript specifically.) On top of that I do not visit pr0n sites, and I do not get the urge to download a few free MP3s here and there. If I must, there is always lynx or links on one of my Linux boxes; and I can always fire up something in a VM, browse, and then revert to the last snapshot.

Nobody can claim that these measures guarantee safety. But they are a good start. If your AV started ringing the alarm bells, it means that you as a user failed prior to that. For example, I never follow links to URL shorteners. If I do not recognize the domain I don't go there.

There are many sites that I have never visited. Some of them might be good. But you know what, Internet is too large, and I have so little time. I stick to familiar landscapes - news from a handful of known sites, Slashdot and a few similar blogs, and work. That is more than sufficient to fill all available time. I guess that won't work for everyone - after all, some people go to Thailand as sex tourists, which I'd classify as patently crazy. But these rules work for me.

thats what they get (0, Insightful)

Anonymous Coward | about a year and a half ago | (#43479757)

for using microsoft servers

Free Software is the solution (1)

Anonymous Coward | about a year and a half ago | (#43479777)

Of course, had they been using free software. None of this would have happened.

Nuke em from space (-1)

Anonymous Coward | about a year and a half ago | (#43479787)

It's the only way to be sure.

Production (2)

scream at the sky (989144) | about a year and a half ago | (#43479791)

Why on earth would someone update software like this on production systems, instead of testing it in a lab environment first?

Anyone that knocked 80% of our servers offline by applying this patch would be packaged out the next day.

Re:Production (4, Informative)

gweihir (88907) | about a year and a half ago | (#43479805)

AV software (or rather its definition files) has to be updated very fast if it is to have any value at all. You cannot qualify it for production, that takes too long. This is one reason the whole concept is fundamentally flawed, because it is still too slow.

Re:Production (1)

DavidClarkeHR (2769805) | about a year and a half ago | (#43480033)

AV software (or rather its definition files) has to be updated very fast if it is to have any value at all. You cannot qualify it for production, that takes too long. This is one reason the whole concept is fundamentally flawed, because it is still too slow.

... Unless you're running an unpatched/exposed version of something, but aren't exposed on day 1 (or 0, as it were).

Re:Production (1)

Arker (91948) | about a year and a half ago | (#43480183)

Exactly, signature antivirus only protects those who use it properly (most dont) AND luck out by not being among the first exposed to the new mutation of the day. Heuristic scans usually wind up with way too many false positives to be useful. These are just vain attempts to patch over an insecure core.

Securing the core would make everyone from marketing and a good portion of engineering extraordinarily unhappy by ruling out cool junk they would love to see and sell. You cant even sell that notion in linux land these days, and imagining it coming to windows is... well...

Only if Hollywood continues to pay handsomely for its development.

Re:Production (0)

Anonymous Coward | about a year and a half ago | (#43479825)

Because everyone has infinite resources to package anti-virus updates every 2 hours. I'd be surprised if many people manually release pattern file updates to a test environment first.

Re:Production (1)

wonkey_monkey (2592601) | about a year and a half ago | (#43480207)

Why on earth would someone update software like this on production systems, instead of testing it in a lab environment first?

Because they assumed Malwarebytes had done that already.

One major reason why AV is a dead-end (1)

gweihir (88907) | about a year and a half ago | (#43479799)

There is no way to prevent these things from happening. It is just not possible to test them on all the individual versions of a platform. On the protection side, AV only works against older threats, it is basically useless against new ones. There is no replacement for careful users and good software engineering.

Re:One major reason why AV is a dead-end (3, Insightful)

Spikeles (972972) | about a year and a half ago | (#43479985)

There is no way to prevent these things from happening

Sure there is. Kaspersky Anti-Virus Security Center has a Update Verification [kaspersky.com] module built in, that allows a sysadmin to install the update to a known-clean test group and then run a virus scan BEFORE the update is applied to the rest of the machines. If the scan fails(ie, finds anything), the update is aborted and an email is sent to the admin. If Malwarebytes had that kind of thing(or if it did and the sysadmins actually used it), this wouldn't even be an issue.

Haha owned (0)

Anonymous Coward | about a year and a half ago | (#43479807)

So glad I use Linux.

Servers??? (2, Interesting)

Holi (250190) | about a year and a half ago | (#43479821)

What the hell are you doing running malwarebytes on your servers? Why would you need that software on a server, most of the malware it finds is installed from desktop use.

Re:Servers??? (2)

Linsaran (728833) | about a year and a half ago | (#43479829)

terminal server for thin clients?

Re: Servers??? (1)

Anonymous Coward | about a year and a half ago | (#43479981)

This. If you're running Malwarebytes on your server, you're doing it wrong.

Re:Servers??? (1)

D1G1T (1136467) | about a year and a half ago | (#43480003)

Malwarebytes seems a bit light for corporate use, but scanning software on windows-based file, mail, and remote desktop servers is pretty much mandatory. Assuming you don't need it is assuming nothing could possibly get past your other protection systems.

Re:Servers??? (0)

Anonymous Coward | about a year and a half ago | (#43480043)

The actual question that needs to be asked is why the hell would anybody run Windoze on a server...
 
...or on desktop or indeed any other place. You reap what you sow.

malwarebytes finally gets it right (4, Funny)

mevets (322601) | about a year and a half ago | (#43479843)

It identified the malware, disabled it, and everyone gets upset...
no pleasing some people

crazy question but.... (0)

Anonymous Coward | about a year and a half ago | (#43479967)

Did this vendor NOT test the update on a spare Windows machine before releasing it?

Is this a case of... ? (1)

c0lo (1497653) | about a year and a half ago | (#43480031)

Rhetorical questions: based on the large-surface high-impact outcome, wouldn't this qualify as a blatant case of cyber-terrorism or cyber-war? Now, where's that nuclear strike from NATO [slashdot.org] ?

(my point: before trying to stop vulnerability exploitation by moronic laws [slashdot.org] or DCMA-export treaties [tppinfo.org] , wouldn't it pay better to clean your own yard? You know? It may be beneficial no matter who if the "aggressor" is a script-kiddie or North Korea [bbc.co.uk] .
But... who am I kidding? Doing this require some competence and thus would be too expensive)

AV is a waste (0)

Anonymous Coward | about a year and a half ago | (#43480041)

I think personal AV software is much of a waste. People with computer literacy know how to avoid problems, and the people without will manage to wreck their Windows installation and get themselves suckered whether they have AV or not.

The ratio of real disasters avoided to the amount of time, electrical energy and computer resources consumed by your AV software must be adismal even for computer novices.

The problem, when your security... (1)

mark-t (151149) | about a year and a half ago | (#43480075)

... depends basically on what amounts not much more than a grep tool.

False positives.

Re:The problem, when your security... (0)

Anonymous Coward | about a year and a half ago | (#43480239)

If you're more careful with your regex, then you'll never get false positives with grep.

Use MS's security, don't use MS's browser (0)

Anonymous Coward | about a year and a half ago | (#43480151)

All you need to know about dealing with viruses in the subject. OK, I might add, "use an ad blocker" so maybe I can't fit that in a Slashdot subject. Maybe a tweet would also have enough to add "don't punch the monkey".

Everything else is social engineering, IMHO and would work on any system. If you're stupid enough to follow a link in an e-mail and enter your bank credentials, no software can save you. What we really need to do is prevent regulated institutions from putting links in e-mails and to make it widely known that real banks never put links in there. They would just tell you to visit their site, with no link.

Of course that's not going to prevent them from telling you to visit their "new URL". Nothing is fool proof...

Won't use Malwarebytes products over "issues" (0)

Anonymous Coward | about a year and a half ago | (#43480269)

I have an odd problem with Malwarebytes; I won't use their products.

If I question a file I'll Google it. Many times the results are Malwarebytes forums discussions.
Not a one of them have helped me out in any way. They start as some poor soul who's looking
for help and a quick fix; the moderators have them run program after program to post the results
of each before being given yet another to run.

I can't remember ever seeing a positive result, as two, three days into this the poster (OP) quits the thread.
I've seen some people last quite awhile; as the list of programs requested of them to run are seemingly endless.

The hit's I get for a Malwarebytes Google query are of the file in question being in one of the outputs produced (no help).

The only time I've ever used a help desk (or ask for assistance) was over a Robotics 14.4 HST/DS modem,
but those who do expect fairly quick results I would think.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>