Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Anti-Virus Bug Briefly Identified Windows Explorer as Malware

Zonk posted more than 6 years ago | from the err-oops-pay-no-attention-to-your-OS dept.

Security 131

SJ2000 writes "Windows Explorer was quarantined last week by Kaspersky Lab's antivirus software after being falsely identified as malicious code. The security company's systems had decided that a virus called Huhk-C was present in the explorer.exe file, leading to its confinement or, in some cases, deletion. The bug was only live in the wild for two hours, and ended up affecting just one corporate customer and a handful of home users."

cancel ×

131 comments

Sorry! There are no comments related to the filter you selected.

I don't get it... (5, Funny)

Anonymous Coward | more than 6 years ago | (#21815044)

Windows identified as malware... why is this a bug?

Re:I don't get it... (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#21815084)

not to worry... they just released the patch [t35.com] Merry Christmas Slashdot!!1

Re:I don't get it... (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21815262)

offtopic? how is pointing to the patch offtopic?

Re:I don't get it... (0)

Anonymous Coward | more than 6 years ago | (#21815272)

mycity spam

Re:I don't get it... (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21815354)

If you enjoyed the previous MyMiniCity spam you may also enjoy visiting a small, quaint village we like to call Drunkard Town [myminicity.com] .

Located a short airplane ride from Fohootvil, Drunkard Town is a wonderful getaway. We offer a seculded location where you will feel free to drink to your heart's content and generally party your ass off. With an onsite brewery, winery, and distillery we can deliver locally brewed specialties of a great many varieties and our daly fy ins will fill any gap you might find. Pass out wherever you like, our Johnny On The Spot Blanket Service will cover you up with a fluffy fleece blanket before the frost sucks the life force from your bodies. No hypothermia worries here!*

If you have other activites in mind we have tennis courts**, basketball courts**, handball** and racquetball**. A soccer pitch** completes out sports offerings. Skiing, water polo and paragliding are coming for the 2008 Summer Season. You may also enjoy horseback riding or walking tours through our wonderful countryside nature preserve**.

* Blanket Service not responsible for death
** To ensure unobstructed play schedule appointment with Corpse Removal Service 30 minutes prior to your game time.

Re:I don't get it... (1)

kdemetter (965669) | more than 6 years ago | (#21816898)

well at least you are more honest about your spam .

Re:I don't get it... (3, Funny)

AmyRose1024 (1160863) | more than 6 years ago | (#21816180)

The actual patch is here: http://www.kubuntu.org/ [kubuntu.org]

Re:I don't get it... (5, Funny)

Anonymous Coward | more than 6 years ago | (#21815112)

> Windows identified as malware... why is this a bug?

Because it only identified the explorer component.

Re:I don't get it... (1)

BCW2 (168187) | more than 6 years ago | (#21815546)

I agree! Since IE is the home of 50%+ of all Windows vulnerabilities, it is mal-ware!

Re:I don't get it... (1)

weicco (645927) | more than 6 years ago | (#21815622)

So the real news is don't trust Kaspersky Lab's antivirus software.

Re:I don't get it... (1)

Opportunist (166417) | more than 6 years ago | (#21817140)

Well, to keep their signature files small, a lot of AV companies started tracking only the most damaging parts of a malware kit.

Re:I don't get it... (1)

Harmonious Botch (921977) | more than 6 years ago | (#21815348)

Windows identified as malware... why is this a bug?
Because it failed to take the proper corrective action ...loading linux andfirefox

Re:I don't get it... (4, Funny)

dolo724 (22338) | more than 6 years ago | (#21815640)

In the late 90s and into the early 00s a few MS components and some legitimate DLLs were identified as virus laden. I solved the problem on my work machine by formatting the HD and installing RH-7, then VMWare for the only windows-dependent executable I couldn't get to run on wine. I had the fastest software package in-house and it made a kick-ass Quake server.

maybe that's why I got laid off...

Re:I don't get it... (1)

Heembo (916647) | more than 6 years ago | (#21816262)

At least you didn't use the entire corporate network to find the next prime number. :)

Where is the Obligatory Gay Male Coprophilia Porn (3, Funny)

NeverVotedBush (1041088) | more than 6 years ago | (#21815420)

Any story that puts MS in a bad light or makes fun of them almost always gets the story about some guy enjoying another's feces.

I guess it's just too early still in Seattle... Maybe they will post it later.

Merry Christmas Bill!

Re:I don't get it... (1)

the honger (992005) | more than 6 years ago | (#21815990)

"...best thing for it, really...it's therapy was going nowhere..."

Re:I don't get it... (0)

Anonymous Coward | more than 6 years ago | (#21816350)

Because malwares are efficient and fast; Windows is not. Malwares don't interrupt computer users with endless [allow][cancel] questions and Window does. Thus, Windows can't be a malware.

Obligatory fixed (4, Funny)

Anonymous Coward | more than 6 years ago | (#21815048)

Anti-Virus Bug "Correctly" Identified Windows Explorer as Malware

wow, what a bunch of crap. typical (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21815066)

am i the only one that isn't surprised to find an article make the front page of slashdot that is a blatant ms bashfest that really didn't have any massive effects?
 
fuck, this is getting really old that anything anti-ms makes the front page just to keep the traffic up.
 
what happened to the hard tech articles instead of the bloggers?
 
what happened to something that was educational and informative and not just propaganda.
 
zonk and kdawson are both bitches.

Re:wow, what a bunch of crap. typical (0)

Anonymous Coward | more than 6 years ago | (#21815180)

It sounds more like anti-Kaspersky Lab rather than anti-ms

Re:wow, what a bunch of crap. typical (0)

Anonymous Coward | more than 6 years ago | (#21815346)

you've been trolled, my friend.

Re:wow, what a bunch of crap. typical (0)

Anonymous Coward | more than 6 years ago | (#21815722)

I don't know about kdawson but Zonk is easily the worst editor Slashdot ever employed. If I wanted to read some hipster's "tech" blog I would do so (or more likely, in a moment of clarity, kill myself for being a hipster dumbfuck). I don't, which is why I'm on Slashdot. Zonk is also responsible for spamming the games section with mind-numbingly stupid (and slightly creepy) stories on the non-issue of women in gaming and therefore considerably raising both my blood pressure and my nicotine intake.

Blogging is killing the Internet. It must be stopped.

Re:wow, what a bunch of crap. typical (0)

Anonymous Coward | more than 6 years ago | (#21820534)

Yeah Zonk is a huge fag but I'd still say Jon Katz was worse.

If there was a tag that was needed (0)

Anonymous Coward | more than 6 years ago | (#21815070)

Someone please use !falsepositive, lol

Ironic: my captcha is "deleting".

Windows Is Not A Virus! (5, Funny)

filesiteguy (695431) | more than 6 years ago | (#21815076)

Viruses are small and efficient.

Re:Windows Is Not A Virus! (0)

Anonymous Coward | more than 6 years ago | (#21815228)

In 1992 they were. A Trojan/Virus nowadays will rarely fit on a whole floppy.

Today's virus are not efficient at all! (1)

JcMorin (930466) | more than 6 years ago | (#21815406)

I agree, today virus are not efficient at all, most of time customer discover they have virus because their system is getting very slow.

Re:Windows Is Not A Virus! (1)

NeverVotedBush (1041088) | more than 6 years ago | (#21815486)

You are correct!

It is a trojan!

Re:Windows Is Not A Virus! (1)

Opportunist (166417) | more than 6 years ago | (#21817152)

Nope. Trojans are being streamlined to hide better from the user's eye, usually have a fairly small footprint (less than 100k normally, and few are bigger than 500k), get updated at the very least every other week, are tested and tried until they are bug free and will never ever blow up in the user's face.

Windows is not a trojan.

It is a bug.

jk (3, Funny)

wizardforce (1005805) | more than 6 years ago | (#21815090)

that's not a bug, it's a feature

Re:jk (1)

Phroggy (441) | more than 6 years ago | (#21816880)

Not a bug [wordpress.com]

um, don't they test these things before releasing? (5, Insightful)

Anonymous Coward | more than 6 years ago | (#21815094)

Shouldn't this have been caught by even the simplest test before releasing?

That's my first reaction, now I'm off to RTFA

Re:um, don't they test these things before releasi (5, Funny)

ubrgeek (679399) | more than 6 years ago | (#21815114)

You're right. But sometimes MS is in a hurry to get their product out.

Oh, you mean Kaspersky Labs ...

Re:um, don't they test these things before releasi (2, Funny)

Anonymous Coward | more than 6 years ago | (#21815192)

Shouldn't this have been caught by even the simplest test before releasing?

[X] In Soviet Russia, IE tests YOU!
[X] Only old Koreans bother with testing!
[X] "But it IS malware, boss!"
[X] Netcraft confirms it - testing is dead!
[X] I don't run IE, you ignorant clod!
[X] "We tried to test it on Vista, and we will, as soon as its finished booting ..."

Re:um, don't they test these things before releasi (1)

i.of.the.storm (907783) | more than 6 years ago | (#21816170)

Haha, I haven't seen netcraft confirms it in a long time - is netcraft dead? And Vista boots near instantly on my computer, but I understand it's a joke and also that I built my computer two months ago seeking out the best low-cost components possible, so my case may be something of an anomaly. But it's kind of funny because with XP I would usually hit the power switch, go take a piss or something, come back and find out that it still hasn't finished loading antivirus, firewall, etc... but that's more because of the sucky hardware than the OS.

Re:um, don't they test these things before releasi (1)

bigstrat2003 (1058574) | more than 6 years ago | (#21819486)

Netcraft is dead... Netcraft confirmed it!

Also, always good to see another Vista user. Now I'll have someone to get my back when I defend Vista against haters. ;)

Re:um, don't they test these things before releasi (1)

i.of.the.storm (907783) | more than 6 years ago | (#21819572)

Yeah, I'm sure as time passes more and more people will be using Vista and realizing there's nothing really fundamentally wrong with it once you disable UAC (which I didn't really want to do because of the security feature but I really know what I'm doing and don't need 3 prompts when I want to change something in Program Files). And by the time Windows 7 rolls around everyone will be like "You can pry my Vista SP2 from my cold dead hands!" etc.

Re:um, don't they test these things before releasi (0)

Anonymous Coward | more than 6 years ago | (#21815460)

Now that you (might have) RTFA, you know that Kaspersky's system automatically identified explorer.exe as a virus and deleted it - no human interaction or patching involved, the way antivirus software should work.

Windows Explorer (-1, Flamebait)

Matt867 (1184557) | more than 6 years ago | (#21815128)

That wasn't a bug, Windows Explorer IS malware...

That's the proof (0)

notenslaved (1006477) | more than 6 years ago | (#21815166)

Windows IS a virus.

O rly? (5, Funny)

Dunbal (464142) | more than 6 years ago | (#21815218)

The bug was only live in the wild for two hours, and ended up affecting just one corporate customer and a handful of home users.

      And yet it still made the front page of Slashdot.

Re:O rly? (0)

Matt867 (1184557) | more than 6 years ago | (#21815258)

It made the front page of Slashdot because a corporate user shouldn't be stupid enough to use Microsoft Explorer over a real browser.

Re:O rly? (0)

Anonymous Coward | more than 6 years ago | (#21815298)

Huh?

Corporate users are often the ones that don't have a choice, and this article is NOT about web browsers.

Windows Explorer is a file manager.

Re:O rly? (1)

Shohat (959481) | more than 6 years ago | (#21815370)

I use IE7 (due to policies and ) at work and FF at home. Why am I stupid ?

Re:O rly? (1)

The Anarchist Avenge (1004563) | more than 6 years ago | (#21815700)

When gp talked about corporations as an entity, he was referring to the people in the corporations to make software policy. So you aren't stupid, the people above you are.

Re:O rly? (2, Informative)

Matt867 (1184557) | more than 6 years ago | (#21816538)

"I use IE7 (due to policies and ) at work and FF at home. Why am I stupid ?" For starters your sentence should have been typed like this: "I use IE7 (due to job-related policies) at work and FF at home. Why am I stupid?"

Re:O rly? (1)

bigstrat2003 (1058574) | more than 6 years ago | (#21819494)

It's a bit rich to call anyone who uses IE stupid, considering calling IE not a real browser is pretty stupid in itself. IE7 works beautifully, thank you very much. Bully for you if you want to use Firefox (or any other browser), but that doesn't mean you should come in here insulting IE users.

Re:O rly? (4, Insightful)

rhizome (115711) | more than 6 years ago | (#21815650)

It made the front page of Slashdot because a corporate user shouldn't be stupid enough to use Microsoft Explorer over a real browser.

So what does that make people who are stupid enough to mistake Internet Explorer for Windows Explorer?

Re:O rly? (2, Interesting)

MMC Monster (602931) | more than 6 years ago | (#21816496)

I was under the impression that explorer.exe was the MSWindows file manager. As a file manager, it actually is quite nice and has some interesting (good, or at least different) properties compared to nautilus. Such as copying a folder with the same name as a folder in the target will perform a merge of the two folder contents rather than deleting the original contents or the target.

Re:O rly? (1)

marcello_dl (667940) | more than 6 years ago | (#21816782)

The idea of merging is cool, but if a merge is the most intuitive outcome of a folder copy for you, it sure isn't for me. Hopefully the user is notified about the proposed merge? else it's housekeeping time for me when i get back to work.

Re:O rly? (1)

MMC Monster (602931) | more than 6 years ago | (#21816878)

I'm not sure if it is more intuitive or not. Presumably MSFT has good usability lab to figure that out. It is less destructive, though.

It's been a while since I got burnt by it in nautilus. Does nautilus warn you if it's about to delete the entire contents of a folder because another folder with the same name is being copied over it?

I know that at at least until a year ago, on filesystems that are case retentive but not case sensitive (ie: fat32 and ntfs), nautilus aborts without any warning if it copies a file with the name abc.jpg into the same folder as a file ABC.jpg. (This happens surprisingly often if you have more than one digital camera.) I think it was just fixed in the latest release of the gnome desktop.

Yes (1)

SEMW (967629) | more than 6 years ago | (#21817896)

Hopefully the user is notified about the proposed merge? else it's housekeeping time for me when i get back to work.
You get a "Confirm Folder Replace" dialogue [lowendmac.com] .

BTW, is pressing "ctrl-z" ( / edit -> undo) really that much housekeeping work?

Re:O rly? (0)

Anonymous Coward | more than 6 years ago | (#21815800)

Yes. And I bet it will again. (I'll be here all week).

windows? a virus? no wai (0)

Anonymous Coward | more than 6 years ago | (#21815264)

Hey, I wonder if anyone else will make jokes portraying windows negatively in this thread.

Re:windows? a virus? no wai (0, Redundant)

Entropius (188861) | more than 6 years ago | (#21815356)

only the dumb windows users.

Re:windows? a virus? no wai (0)

Anonymous Coward | more than 6 years ago | (#21816484)

I was wondering why you got modded -1 Redundant for that comment. Then I realised that the redundancy was in calling windows users dumb.

Windows is what is used @ work mostly, which = $ (0)

Anonymous Coward | more than 6 years ago | (#21819032)

Dumb? For what??

You call folks dumb for using Windows' 32-bit NT-based OS users dumb (& they're most likely of the NT family base like the modern ones are) @ home, + getting used to from nearly birth for a decade++ now there but also in the workplace worldwide.

The most flexible & peripheral hardware + 3rd party application for good purposes laden platform there is. Ubiquitous, & flexible + a great API to work with on many levels. Complete with great tools to do so from MS & others as well like Borland.

So folks are dumb in their utilizing the OS that truly is overall used the most for the most varied of tasks, from network client nodes, up thru departmental servers of all kinds, thru enterprise class servers driving enterprise class applications (both CUSTOM, & BackOffice engines driven (ala Exchange, SQLServer, IIS, etc. et al), beacause face it:

Windows IS used the most used by people.

I guess it is dumb to get used to the tools that people will most likely use the most on the job, where they make their living, the MOST with (in Windows)... this is dumb??

I'd call it job preparation, & it's been this way for decades now. Get with it.

APK

P.S.=> Nobody says any OS or platform's perfect, but Windows is what the general public majority are on & have chosen for personal computing thusfar @ least, & for QUITE a while now.

Posting this, for "posterities' sake": One thing I know is this - I know all OS platforms have gotten better in my time around them, & by huge leaps every 10 yrs. or so. Watch what the next 10 bring, & it'll all get better then too, & yes, including Windows (or, some future variant of it) & others like Linux, MacOS X, etc./et al... apk

Re:Windows is what is used @ work mostly, which = (1)

causality (777677) | more than 6 years ago | (#21819548)

Hmm where to start... first, you have been trolled and possibly unintentionally (by giving a serious response to a joke). Second, while you might have had a valid objection to the GP, you failed to use it; thus the entirety of your post can be summed up as "Follow the crowd and no one will ever think you're dumb!" That's great, if being a sheep and taking the path of least resistance is what makes you feel fulfilled.

To claim that the popularity of Windows is an inherent virtue of the OS is just plain silly. It's an arbitrary decision that was heavily influenced by marketing and made in large part by people (regular end-users, phb's, etc) with no real computing expertise. This is a hell of a business accomplishment and what Microsoft has done in the computing industry is what every other company would like to do in its own industry. That's great for Microsoft and their shareholders, but you have done nothing to defend the intelligence of users who go along with it.

P.S. if the near-ubiquitous quality of Windows means anything, it means that Microsoft's software failures are automatically magnified (think botnets, which are greatly facilitated by a monoculture). They will care about this only to the degree necessary to ensure that it doesn't become a marketing failure.


Now make sure that, whatever you do, you do NOT reply to my post. That way you can follow the crowd and be like every other AC who can't follow the discussion.

Random Thought (1)

Cruicky (1122359) | more than 6 years ago | (#21815572)

Why not have the virus scanner, upon detection of a virus, check for a Microsoft digital signature in the binary, and maybe behave differently in this situation? Might just save a few systems in the future from incorrect signatures. I can't see this change in logic being beneficial to malware writers as they won't have a Microsoft signature, and if they can somehow change the anti-virus program to check for digital signatures against a different public key, you are already compromised.

Because the AV business ain't about solutions (1)

SlappyBastard (961143) | more than 6 years ago | (#21815908)

Building fail-safes would make sense and might work.

Re:Random Thought (1)

Warbothong (905464) | more than 6 years ago | (#21816762)

"Why not have the music player, upon detection of a track, check for a Microsoft digital signature in the WMA, and maybe behave differently in this situation? Might just save a few systems in the future from incorrect signatures. I can't see this change in logic being beneficial to song writers as they won't have a Microsoft signature, and if they can somehow change the music playing program to check for digital signatures against a different public key, you are already liberated."

Just an analogy to the whole DRM issue on music. My point is that trying to add a brand new, whizz bang, undefeatable layer of security never works. Those who it is targetting will figure out how to bypass it, every legitimate user is stuck jumping through hoops to do their legitimate activities. After a while such a monstrousity of a security cake is layered up higher and higher as the same model is tried again and again, a lot of the time with bugs further down the cake being used to break the upper layers. The better long-term strategy is to try and fix what is wrong with the current layers of the OS, but Microsoft's problem there is that it may affect program compatibility (which they REALLY don't want to mess with, since if the massive amount of Windows programs out there needed to be rewritten to run on a fixed OS then one of the biggest reasons to use Microsoft's technology over the competition is gone)

Re:Random Thought (1)

Al Dimond (792444) | more than 6 years ago | (#21818966)

That doesn't make sense at all as an analogy. This idea assumes that all Microsoft-signed binaries are clean and that any virus signatures found in those files should be ignored. It's not an extra layer of security, it's a way to prevent the annoyance of false-positives in an existing layer. I can't think of a direct analogy involving DRM; it would have to involve exempting files meeting certain criteria from restriction.

If an AV scanner decides to let all MS-signed binaries go, they might also consider letting through binaries signed by other reputable vendors. But they should be sure not to open the door too wide (the story of Apple shipping iPods with Windows viruses on them comes to mind).

Have you even used windows lately? (2, Funny)

pcgabe (712924) | more than 6 years ago | (#21815596)

"Windows Explorer was quarantined last week by Kaspersky Lab's antivirus software after being
falsely identified as malicious code.
"Falsely?"

It's not a virus, sure. Viruses tend to mature, become more efficient...

But Explorer sure feels like malicious code...

Dumb article (2, Funny)

Anonymous Coward | more than 6 years ago | (#21815646)

From TFA:

As Windows Explorer is the graphical user interface for Windows' file system, this made it difficult to perform many common tasks within the operating system, such as finding files.

Gee, makes it sound like losing explorer.exe is only mildly inconvenient.

Re:Dumb article (1)

BlueParrot (965239) | more than 6 years ago | (#21816012)

Gee, makes it sound like losing explorer.exe is only mildly inconvenient.

Wel at least they didn't claim it was "bricked" ...

Re:Dumb article (1)

Ant P. (974313) | more than 6 years ago | (#21817372)

In that situation you can still use the task manager and the original windows 3.1 program/file managers. They might've stopped including those two after XP though, I dunno

Re:Dumb article (1)

iivel (918436) | more than 6 years ago | (#21820348)

progman.exe and winfile.exe no longer execute in XP (though they were still there in win2K)

Who needs explorer? (1)

SEMW (967629) | more than 6 years ago | (#21817852)

Ctrl-Shift-Esc, Alt f n, "powershell.exe" (or "cmd.exe" for old-timers).

Bah. Explorer. Who needs it?

AND???? (1)

lorenlal (164133) | more than 6 years ago | (#21815648)

Nothing to see here, move along. If it made news every time someone released something that broke explorer, we couldn't read about our beloved Beowulf clusters of toasters!

What's funny is, if I saw that explorer was missing on my system, by the time I reloaded the OS (cause *obviously* it's infected/broken/normal operating procedure), I never would've known the cause. It was pulled by the time I would've finished installing.

Of course, then I'd have to go and find my Gentoo CD so I could reload GRUB. That would've been more painful than the rest of the OS reload that I expect to do every six months anyway.

Re:AND???? (1)

cbiltcliffe (186293) | more than 6 years ago | (#21818552)

What's funny is, if I saw that explorer was missing on my system, by the time I reloaded the OS (cause *obviously* it's infected/broken/normal operating procedure), I never would've known the cause. It was pulled by the time I would've finished installing.
You'd reload Windows because explorer.exe is missing? Holy crap, is that ever overkill.

Run WinUBCD, change the shell to cmd.exe, reboot, and run sfc. That would fix you right up, in about 10 minutes. And it would also give you the opportunity to figure out what happened...

Re:AND???? (1)

bcmm (768152) | more than 6 years ago | (#21820052)

How is reinstalling Grub more painful than an XP install?

Also, had you thought of just backing up and restoring the MBR with dd?

Slow news day (1)

jamesl (106902) | more than 6 years ago | (#21815708)

Very slow news day.

Not as slow as yesterday (2, Informative)

strcpy(NULL,... (1089693) | more than 6 years ago | (#21816036)

Yesterday, we read about a dork playing jingle bells by hitting his video card fan. This story is an improvement.

Re:Not as slow as yesterday (1)

armareum (925270) | more than 6 years ago | (#21818264)

Strangely, I want a link to that story. :s

Re:Not as slow as yesterday (0)

Anonymous Coward | more than 6 years ago | (#21819648)

Yesterday, we read about a dork playing jingle bells by hitting his video card fan. This story is an improvement.

Says the guy whose Slashdot nickname incorporates the name of a C function. Not that I disagree with you, but "strcpy in a Slashdot username is WAY BETTER than jingle bells on a videocard fan!" sounds a lot like "duh everybody knows Spiderman could beat up Batman!".

Re:Slow news day (1)

angus_rg (1063280) | more than 6 years ago | (#21818544)

Maybe, but regardless of the news day, anyone incorrectly identifying a file native to Windows is Front Page(TM) news.

Seen it all before... (2, Interesting)

Alioth (221270) | more than 6 years ago | (#21815748)

...last year, when Symantec flagged part of the Windows Server 2003 resource kit as a trojan. That one stayed in 'the wild' much longer, probably because the resource kit in particular wasn't a widely installed piece of software.

We've also had Norton 'false positive' on the Windows version of Oolite.

One of these days, a widely used, automatically updated virus scanner is going to detect something like KERNEL32 as malware and kill a whole lot of machines. Wasn't there a problem like this with the Chinese version of Windows earlier this year?

Anti-Virus Bug Briefly Identified Windows Explorer (2, Funny)

tristian_was_here (865394) | more than 6 years ago | (#21816202)

So what does that mean? are we all fucked?

Re:Anti-Virus Bug Briefly Identified Windows Explo (5, Funny)

realdodgeman (1113225) | more than 6 years ago | (#21816224)

So what does that mean? are we all fucked?
No, just you. We run Mac, Linux and BSD.

Re:Anti-Virus Bug Briefly Identified Windows Explo (1, Funny)

Anonymous Coward | more than 6 years ago | (#21816800)

So what does that mean? are we all fucked?
No, just you. We run Mac, Linux and BSD.
Quite right. Mac, Linux and BSD users are rarely if ever fucked. ;)

Re:Anti-Virus Bug Briefly Identified Windows Explo (1)

Phroggy (441) | more than 6 years ago | (#21816890)

Touché! Well played, sir.

Re:Anti-Virus Bug Briefly Identified Windows Explo (1)

tristian_was_here (865394) | more than 6 years ago | (#21817254)

Know what all that means? shit...

Re:Anti-Virus Bug Briefly Identified Windows Explo (0)

shannara256 (262093) | more than 6 years ago | (#21819250)

Obligatory XKCD [xkcd.com]

No Mistake (0)

BanjoBob (686644) | more than 6 years ago | (#21816300)

What? Windows Explorer is malicious code. In Vista, just try and move a file to another device and you can wait for the rest of your life for the copy/delete functions to take place ;)

Re:No Mistake (0)

Anonymous Coward | more than 6 years ago | (#21817638)

Supposedly the major file operation performance problems will be addressed (somewhat) in SP1. The fact they're there in the first place is pretty incredible though, there's just no excuse for OS fundamentals like file management getting worse after ~5 years of development and much faster hardware.

Correction (0, Redundant)

Kazymyr (190114) | more than 6 years ago | (#21816376)

What do you mean falsely identified?

bug? (0, Redundant)

saxoholic (992773) | more than 6 years ago | (#21816488)

according to wikipedia, "Malware is software designed to infiltrate or damage a computer system without the owner's informed consent."

Sounds like windows to me...

Re:bug? (1)

Kopiok (898028) | more than 6 years ago | (#21816692)

Except for the part where they give their consent. (Informed that only dirty hippies use OSX).

What do you mean... (0, Redundant)

Taelron (1046946) | more than 6 years ago | (#21816594)

wrongly? Sounds about right to me...

Handful of consumers? (1)

slicenglide (735363) | more than 6 years ago | (#21816652)

I know a guy who is Kaspersky happy, and installs it on everything he touches. All of the machines he touched were affected by this bug. I think it's more than a handful.

Re:Handful of consumers? (1)

brown-eyed slug (913910) | more than 6 years ago | (#21820092)

Yes, there are plenty of jokes, or 'insights' here gleefully playing on the irony of explorer.exe being identified as 'malware', but out here in the real world it caused real problems.

My sister is a normal person who doesn't know a great deal about technology but bought a PC, uses it for a bit of entertainment, and a bit of home office work. Runs firewall and anti-virus and is intelligent enough not to do stupid things.

She rang me a few days ago to say she'd deleted a virus and now her PC wouldn't work.

I visited to see what I could do, and after a few minutes investigation was surprised to find that explorer.exe was missing. I copied my version onto her drive and Windows loaded fine, only for Kaspersky to fire up its warning, saying that the only thing it could do was delete explorer.exe.

My natural concern then was that something (well this "Huhk-C") was embedded in the system and I'd have to find an alternative method to remove it. That led to some googling and eventually the realisation that this was actually a Kaspersky bug.

So I skipped the deletion, let the machine reboot again, and by that time Kaspersky's update had kicked in and I was able to clear all the warnings without further incident.

I guess that's just an everyday story of 'tech support', but the fact is that this wasn't funny. My sister had half finished invoices on that machine that she couldn't get at for several days until I was able to visit (she'd had lots of advice from friends, colleagues and forums which didn't help). I was obviously inconvenienced by the time I had to spend sorting the mess out, and this situation must have been repeated in hundreds or thousands of locations around the world.

Not the end of the world, but serious enough to cause distress to users. I didn't have an opinion about Kaspersky before, but I certainly do now!

Why things like this happen (4, Insightful)

Opportunist (166417) | more than 6 years ago | (#21817228)

Now, of course they should not. Never. But they do. A few years ago, McAfee found MS Excel as malware (and acted accordingly, including detention or deletion, just like Kaspersky did with explorer now).

But how? Don't they test?

Of course they do. AV developers usually have some way to test against the most common software (and a few more software packages) before issuing a new signature. Though, as you can hopefully imagine, that takes time. The "whitelist" box that contains those "known good" files contains literally gigabytes (and soon terabytes) of software. As you can imagine, it takes a LOT of time to scan it all.

Time, though, is of the essence in the malware fight. You NEED that signature out before the proverbial shit hits the fan (i.e. before your customer opens that infected spam mail that was just distributed a few billion times globally). So your sig update has to go out NOW. Preferably it should've been out an hour ago.

How do you solve that quandary?

There are a few strategies. But they all come down to one single problem: Having a current version of every file you want to whitelist. So what most likely happened is this:

MS pushed an update for the file in question, most likely another of their infamous "silent" updates. You know, the ones you don't even notice. Now, if it wasn't a "silent" one, then one should wonder whether Kaspersky was sleeping (because they didn't fit it into their whitelist box in time) or whether it was pushed JUST at that time when they committed that update. Unfortunately such coincidences do happen.

Now, I'm not working at Kaspersky. Rather, I'm working at one of their fiercest competitors. So I should probably rejoice at their blunder (and I'm fairly sure my boss will be in a GOOD mood on Thu, time to ask for a raise, I guess). But it can, did, does and will happen. To anyone in the biz. No matter how good you are and how good your false positive alarms and nets are, it can happen to everyone. If anything, this proves it. Kaspersky IS one of the key players in the business, and they usually know what they're doing.

That's one of the reasons why I do highly recommend that you set your AV tools on "ask me before any action" mode. Yes, it bugs you every now and then, but it also means that things like this won't happen to you should your AV tool manufacturer have a similar problem one day.

Re:Why things like this happen (1)

osssmkatz (734824) | more than 6 years ago | (#21817432)

Can I ask where you work? Because Mcafee does not impress me at the moment. You can send me an e-mail.. smkatz@gmail.com if you would prefer not to say so publicly. (I'm not worried about spam, because Gmail filters it.)

Thats funny (1)

Micro$will (592938) | more than 6 years ago | (#21817854)

Yesterday, AVG Free identified Quake4.exe as a trojan on my machine. I had to disable AVG and run the Quake 4 update to get it running again.

Re:Thats funny (1)

pembo13 (770295) | more than 6 years ago | (#21818166)

Was is a "legal" copy of Quake? or a warez version?

If Language is a Virus.. (1)

cavebison (1107959) | more than 6 years ago | (#21819424)

Then it's a good thing Kaspersky doesn't have voice recognition. I don't want to be confined for something I say.

oops. shh, don't want to give the government any more ideas here..

Pre-emptive paranoia (1)

Waccoon (1186667) | more than 6 years ago | (#21819428)

Note to anti-virus companies: ask the user what to do, instead of automatically deleting files you don't own. I stopped using all anti-virus software on my Windows machine because of rubbish like this.

"Just a handful" of home users (1)

ozsynergy (634652) | more than 6 years ago | (#21820382)

Yeah, I don't know where they got there numbers from. But I was apart of the handful....
Without any information about the "virus detection" at the time, I took the only safe path I could...
Doing a full backup and reinstalling Windows and Linux. Wasted an entire day, thanks kasperkey :(
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?