so it's wrong how?
because Internet Explorer is (to all intents and purposes) one of the main conduits by which viruses and malware enter a computer. Hardly a safe app, is it?
A faulty signature update from Kaspersky Lab on Wednesday flagged up Windows Explorer (explorer.exe) as infected with a low-risk virus, Huhk-C. As a result the core Windows component was quarantined or worse. Kaspersky released a revised update alongside advice on how to recover legitimate system and application files from …
Can you imagine....
3am, your AV management server downloads the latest AV updates
4am, your clients are set to download from your management server
5am, your clients do their daily scan
5:10am - explorer.exe is deleted from Windows
5:20am - Your network is crippled....!
Stuff of nightmares....
Windows Explorer, wot does the GUI bit, not Internet Explorer, wot does t'internet.
Speaking of irritating anti-virus updates, maybe someone could also tell Grisoft that rc.exe, compiler of resources in Visual Studio, is also not a virus, as I've had to remove it just to get my projects to compile properly.
No need for Chinese or Russian covert hacking activities then? All that Putin and his mob need to do is to infiltrate Kaspersky, introduce a trojan in one of the updates and hey, presto, the FSB will have access to nearly every computer in the West.
Maybe it's happening already. OMG! Let's nuke them before it's too late!! Or take the simpler solution - ditch Windows.
This is alarming, both incidents are serious enough to cause IT people a nightmare, but something as simple as testing explorer.exe, how they missed that ??
I were in a planning stage to change all our clients from AVG/Panda to Kaspersky, after these incidents, I think I will sit tight until further notice.
Windows Explorer is not the same as Internet Explorer. I can't believe that people are still confusing these two terms. Shows how daft the M$ naming scheme was.
The "Windows Explorer" is your shell and file manager within Windows. If it is deleted, it does make life a little tricky getting anything done in XP. Though one could revert to the old Win 3.x progman.exe (found in Windows System32 folder...)
"stuck in '80s Linux retro land" huh? If you're going to toss in a random mild insult because you're sore about yet another problem with Winduhs while you helpfully correct someone's confusion of IEXPLORE.EXE and EXPLORER.EXE, at least get your decade right. :o)
I think Kaspersky could improve on this by having it delete any C:\WINDOWS or C:\WINNT directories it finds, since having them on your computer is definitely a security hazard.
I wouldnt nesscarily say virus so much as a world wide beta gone bad.
(I can see this now 'When OS' attack tonight on FOX')
Though with most people Linux is not an option because they have gotten so used to the way Windows works even what should be a minor change will cause them to forget everything that they have learned and be completely clueless.
(Celebrity deathmatch 'Linux vs Vista' WHO WILL WIN!!!!)
I thought that you'd weren't supposed to be able to delete critical Windows files like that? Surely even as an admin, deleting explorer.exe from WITHIN explorer.exe (as a shell) should be one of those impossible things? Shouldn't Windows be disallowing it anyway, with all it's fancy system file protection etc.? I'm not going to try it but even as an admin I didn't think you could actually delete explorer.exe. Or does Kaspersky put it on the list of files to delete on the next startup?
I know that Linux wouldn't stop you doing "rm -rf /" if you're daft enough to do it when running as root but I thought that Windows didn't like you having that sort of control over your own machine.
Henry: Karspersky's deleted explorer.exe, dear Liza, dear Liza, Karspersky's deleted explorer.exe, dear Liza, deleted.
Liza: Well fix it dear Henry, dear Henry, dear Henry, well fix it dear Henry, dear Henry, fix it
Henry: With what shall I fix it, dear Liza, dear Liza, with what shall I fix it dear Liza, with what?
Liza: with progman.exe, dear Henry, dear Henry, dear Henry, with progman.exe, dear Henry, dear Henry, with progman.exe.
Henry: But how do I run progman.exe dear Liza, dear Liza?
{There are ways, thanks to DOS. ..and win3.1 comes in handy too sometimes. We still can't live without 'em)
Setting Kaspersky AV to delete anything it deems suspicious is an incredible show of faith in its accuracy. Setting it to quarantine suspect items is much safer, and explorer.exe could have been simply recovered using the recovery shell, could it not? For that matter, if one knew what had happened, simply extracting explorer.exe from the same recovery shell would have fixed things right up.
Probably the bigger issue was with not knowing what had happened, and being unable to contact Kaspersky to find out.
GET BACK TO WORK, STUDY FOR YOUR UPCOMING EXAMS, GET A BEER OR GO OUT TO A PARTY AND GET SOME INSTEAD OF POSTING RETARDED/PREDICTABLE STUFF IN THE REG COMMENT SECTION ABOUT HOW INTERNET EXPLORER IS NOT THE SAME AS EXPLORER AND HOW QUARANTINING EXPLORER IS ACTUALLY A "DO WHAT I MEAN" KINDA THING.
This Message has been brought to you by the Reg Overwatch and Desensitization One-Man Committee.
Thank You.
"Or take the simpler solution - ditch Windows"
This problem was not actually caused by windows itself, but by a trusted process being given permission to delete core files. Do the same on linux or mac and the results will be exactly the same (a hosed system).
If all windows users switched to linux or mac (or even BSD), it would not be a simple solution. Given that windows users like to run "admin" or root accounts, the security implications on any OS would be major. All OS's including *nix and macOS are susceptible to viruses, rogue code and mistakes. If you believe your OS is invulnerable then you're just asking for trouble.
If you believe your OS is able to withstand treatment from the average windows user, I dare you to run every single process as root for a week. When bind or sendmail are not attacked with exploits you may have a point.
This message comes to you from a windows machine that against all common beliefs held by *nix and apple fanbois is not actually a virus drone, and has never sent a single unauthorised email.
This post has been deleted by its author
Nod32 and bit Defender Internet security 2008 i use here at office and home (nod32 in office casue i have ISA in place and Bit Defender at home casue of its uber firewall) i Hate symantec casue its shite.... and kapersky i dont use cause its ... well ok but not as good as afore mentioned.. most i have tested have mist common virusus such as bagle but not nod or BT !! both updated hourly too
@system
Erm, yeah you've actually made the last guy's point for him. Linux/OSX users don't run every process as root, therefore it's actually very difficult for a process to delete core system files. They're not invulnerable (and anyone who claims as such is a fool), but this is the second time in as many weeks that we've heard of a userland app hosing Windows systems (the last one was the update for an MMORPG - can't remember which one - that removed boot files if you restarted after an update). It would be difficult for this to be replicated in the OSes, especially since the current favourite, Ubuntu, doesn't even allow root login in the standard way (everything's sudo-ed).
Most users aren't going to run bind or sendmail, but everyone in Windows land (including you I suspect) are running an AV checker like Kaspersky. Maybe you haven't got a virus, but how do you know that your virus checker won't do something like this next?
"No need for Chinese or Russian covert hacking activities then? All that Putin and his mob need to do is to infiltrate Kaspersky, introduce a trojan in one of the updates and hey, presto, the FSB will have access to nearly every computer in the West.
Maybe it's happening already. OMG! Let's nuke them before it's too late!! Or take the simpler solution - ditch Windows."
IT is not cyber terrorism, AC, it is the Beta Use of CyberIntelAIgents and one would hardly XPect anything less from an Intelligence Man such as a Mr Putin. It is said that "Once a KGM officer, always a KGB officer" and such shenanigans are Stock and Trade Elements in all such Services. Making Better Beta Use of them though, is what sorts out the Men who know what they should be doing with them from the Boys who really don't.
And when Home forces are doggedly in the Boys camp, for whatever dumb reason, deaf, dumb and blind to home-grown CyberIntelAIgent Help, then IT easily finds a Ready Home elsewhere in the more Enlightened Surroundings/Regimes which display their Increased Awareness for a Reinforced and Reinforcing IntelAIgents Match...... CyberIntelAIgent Cultural Attache XXXXChange.
Now there's AI Novelty for the Boys in the Militarising Band of the Foreign and Commonwealth Office to mull over........ but only if they are in Fully Funding Support of dDeep Private Initiatives..... in Virtually Real, Out of this World, State Matters.
One is always hopeful that they can grown into Future Men rather than remain as Lackeys, lacking the System. It is not as if they do not receive regular upgrades and taunts to jog their own brains into working the much wwwider Fields of Global Operating Devices C2C Communications rather than relying on duff, short-sighted, Visually and Intellectually Impaired orders and instructions.
C2C???? Copy to China and Control to Command. Both Viable Options for XXXXPorting in AIRegister of Mutiple Use Interests.
Thank goodness for amanfromMars, whose cogent discussion of... erm... whatever that was a discussion of, made a refreshing change from endless discussons of Explore.exe and IExplore.exe.
For anyone still not aware of the distinction, Explore.exe is the windows file explorer, iExplore.exe is the Apple version.
As a direct result of failing to extricate its head in a timely fashion, The Reg Overwatch and Desensitization One-Man Committee has suffered massive implosive rectal failure, and will forthwith be taking some much-needed time off to become familiar with the uncomfortable procedure of delivering thru a plastic tube.
This Message has been brought to you by the Doctors of the Reg Overwatch and Desensitization One-Man Committee.
Stay Safe
If you're going to make snide remarks about others, it's probably a good idea not to make any mistakes in your critique.
That would especially include making a fundamental error in grammar such as mistaking 'your' for 'you're'.
(If I've made a mistake here, I'll now feel really silly.)
You said something to the effect of "...AV is a userland app, how come it can kill Windows system components?..."
What would the point of it running in the user's context be? It would only be able to protect the user's files, it has to run at a relatively low level, just in case a system component is infected, as it will need to interact with the component (delete/move/deny access etc) therefore it has to be installed by the Administrator (root, if you have Apple/Linux/UNIX AV - yes, it is out there!)
You'll also find that all the people who installed and operated whatever game it was that killed boot.ini, in their user's context didn't end up with a knackered system. It was the eejits who insatlled and operated the game with Administrator that were the victims.
Duh!!!!
"Erm, yeah you've actually made the last guy's point for him. Linux/OSX users don't run every process as root"
That was kind of the point. It's about the users rather than the OS. Windows users are used to doing things with a single login. If you encourage them to jump to linux, they'll take the single login habbits with them and run as much as they can under root. Windows can support none-admin logins (which would have prevented this), just like linux, but it is not something the average windows user will consider.
Yeah, there are some distros and software coming out on linux that do their best to discourage running as root, but it's not all like that. The majority of distros are susceptible to all kinds of bad things happening if they were run like the average copy of windows.
Moving the majority of windows users to another OS is not a "simpler solution". If the other OS is not going to end up as bad as windows, it would require hardening of the OS and training of the users.
Moving the majority of "boy racers" out of Golf GTIs and into Porsche 911s is not going to solve speeding problems without speed limiters on the cars and retraining of the drivers :-P
You can actually run Ubuntu as root in the normal way. Login as your normal user, then 'sudo su'. Enter password and Voila, you are now root.
You could also 'sudo nano /etc/passwd', change your UID to 0, log out and login and you're running as root without having to Sudo ever.
Of course the more important point is how it works out of the box, which is how most users would continue to use it anyway.
Now I'll run away and keep my pedantic comments to myself. Merry Christmas!
You have identified the main flaw with windows and it's supposed user accounts.
In order to do anything, you have to run as a privileged user so windows lets AV run with all power to do anything, even delete core system files. Great approach eh.
Its because this would be unlikely on a linux system that so many people here are taking exception to the anti-linux comment further up, by someone who criticises what they dont understand.
"Maybe it's happening already. OMG! Let's nuke them before it's too late!! Or take the simpler solution - ditch Windows."
That sounds great. Will you be paying for all the re-training of the sysadmin and users, software replacement and downtime needed for all the 'upgrades' and changes?
Despite the anti-windows seniment you get everywhere from overly-vocal linux fanatics, windows is still everywhere. And it will continue to be, as its what people know and can use easily. So unless you're happy to dress linux up EXACTLY like XP, and have it function EXACTLY like XP, then its easier in the long term to stick with what people can already use.
Linux aint free when it comes to upgrading corporate systems. The hidden costs are still there.
Is that why Microsoft set up XP to look EXACTLY like Mac OSX and function EXACTLY like Mac OSX... which is a proprietary front end to, you guessed it, a Linux Kernel.
And as to paying the retraining costs.... who paid for all the training in the first place? Was it the sysadmins? I think it was more likely their employers, and unless I'm mistaken, there are new courses with every new version of windows.... so instead of doing the Vista course, why not do RedHat, SuSe (and I defy anyone who doesnt respect Novell as a player in the networking field) or even Ubuntu.
Right, rant over, I'll get my coat.
(It's a BSD kernel ...)
And system ... Posix AVs don't need to run as root, they only protect the userland. If anything gets past that, into the OS core layer, then it's not a virus. It's a rootkit or whathaveyou, and any modern distro comes with some hardening and antirootkit stuff. And, btw, my Linux boxes loaded with Clam AV and Panda haven't seen anything challenging in the past few years. Posix desktop users don't usually need to run servers (bind, etc.etc.) any more than Windows desktop users need to run Exchange Servers or IIS. Besides, Posix anti-attack progs are far superior to anything in Windowsland, because their programmers understand security better and are supporting much more secure systems out-of-the-box than Windows programmers possibly could.
Flame away!
Anti-virus are only needed on the desktop because Windows has a flawed architecture, and on top of that almost everybody is dumb enough to double-click anything that comes by, no matter from where.
Can´t get how many guys can find normal to use an anti-virus nowadays. Been using os/x and couldn´t have been more happier.