This is not rocket science...!
How can any anti-virus company release an update without comprehensive testing on a range of machines with various generally expected software configurations to ensure that this sort of thing doesn't happen?
A dodgy software update for virus-killer Malwarebytes disabled thousands of PCs before a fix was issued this week. Malwarebytes' database version v2013.04.15.12 erroneously flagged core Windows system files as malicious, resulting in unstable - and in some cases unbootable - machines. Windows system files were wrongly …
"How can any anti-virus company release an update without comprehensive testing on a range of machines with various generally expected software configurations to ensure that this sort of thing doesn't happen?"
If it's free, are you getting what you paid for? Quite seriously, if they aren't charging, is it reasonable to expect much in the way of testing (or development, or anything, really)? I'm a happy freetard, using a range of free software, but I accept that there's no redress.
"Quite seriously, if they aren't charging, is it reasonable to expect much in the way of testing (or development, or anything, really)?"
I would ask "Are you serious?" but you appear to be...!
If someone is offering a product which is designed to protect your computer from software which may damage it, but which has been inadequately tested and so *causes* damage to your system, then they cannot simply disclaim liability for that failure by saying "well, it was free, so people shouldn't expect it to work properly"!
More importantly, the idea of the "free product" is to get people to sign up for the paid product, so making such a monumental cock-up as this is liable to damage confidence in your business and mean they go to another, more reliable, supplier.
This post has been deleted by its author
At uni had norton installed on my PC, suddenly "Virus detected, deleting infected file" okay fair enough "explorer.exe deleted" wait what?
Computer dies and I cannot do anything anymore, had to copy explorer.exe over manually and replace it, only for norton to try pulling the same shit again.
MSE is nice, but it's not effective enough. I tested it myself in a vitual enviroment several times on live malware links and it really could not detect a lot of ransomeware from hijacking my virtual PC. The best combo that I found, after loads of extensive testing was using PrivateFirewall together with Prevx/Webroot. Stopped EVERYTHING in it's tracks, one way or another, nothing else did as an effective job, and no false positives that I can recall.
"What's wrong with MS Security Essentials etc?"
A user's PC came in recently with XP running slow. The installed MSE had not detected any problems - but an offline Norton scan found a "high risk" Trojan. After it had deleted it the XP ran smoothly again. The user is now going to use Norton.
A few year's ago a PC had the free AVG belatedly installed - which found over twenty infections. However it still had obvious problems. A Norton scan found another twenty and fixed the problems.
Norton obviously isn't perfect - but it does seem to work for my idiots user base.
Four of the files included in the download are not even digitally signed.
An anti-malware firm wants me to download and run unsigned executables? That's what I call setting a good example!
(Yes, I realise that just 'cos it's signed, doesn't mean it isn't malicious, but it's a good start).
This post has been deleted by its author
Well spotted, I also noticed the same issue last year. I kicked up a big fuss about it with them, but they were arrogant and in my opinion dumb. They may be smart script kiddies, but they are ignoring the fundamentals.
I evenetually replaced their software as both an on-demand or realtime extra layer and got Hitman Pro on-demand, run nightly, takes only 2-3 mins, and which uses about half a dozen other AV vendor databases. It's a great concept although it did quarantine one false-positive on one occasion, thankfully did not delete this digitally signed MS file which one of their vendor databases flagged as malware.
No vendor is perfect, you just need to always ensure you have regular image backups....which reminds me, ahem!
Why does this not surprise me? Ah yes, if they knew about digital signatures, they would understand the wisdom of white-listing anything signed by the Windows kernel team.
These idiots are now the umpteenth AV firm to destroy installations by allowing their "advanced heuristics" to trump the mathematical near-certainties of a digital signature. It's getting beyond a joke. This is not an unfortunate mistake. This is a fundamental design flaw. This is *negligence*.
More people adopting scrum perhaps? At least the traditional waterfall method had a clearly defined sequence of 'develop then test'. I do like scrum but with increased freedom comes increased responsibility and a careless developer could forget to create a separate testing task for their PBI.
Also pressure of management who just want a product out of the door on a certain date. Scrum aids that by allow efficiency gains but in a weak environment the gains could come through corner cutting.
shouldn't you be designing unit tests as you go?
Absolutely but with some management styles standing up at the review meeting and saying you spent half your time writing code that would never be shipped to the customer could be unpleasant. There's nothing wrong with scrum if it's done properly but it seems to me that there is greater opportunity for steps to be missed or poorly executed. A team is after all a largely self-contained and self-policed entity. That's one of the advantages of the system - but also a weakness.
"If you're using a Scrum development framework, shouldn't you be designing unit tests as you go?"
Unit testing wouldn't have caught this issue...
In fact the only thing that Unit testing does is save the real testers a little time at the cost of developer time. After all, integration, runtime, and clicky clicky user issues don't show up on unit tests.
Because testing doesn't add value from a management perspective. Testing either reveals problems with the software, which then have to be fixed, which costs more time. Or Testing shows that everything is ok, in which case you might as well have skipped it anyway because it was obviously a waste of time.
Testing gets labelled as non-productive time and sidelined.
Until something goes wrong. Then some poor developer gets a kicking for making a mistake and not correcting it. Which is difficult when there's no decent testing process.
There's a perfectly good economic reason. Testing costs time. If your competitors reach the market first because you are stuck in testing, then even if you eventually deliver a better product, all your potential customers are now locked-into your rival. Your customers are then faced with the cost of switching to you versus the benefits of doing so. Therefore, unless your testing has produced a *markedly* better product (perhaps because your rival is truly dreadful), it doesn't make sense for the customer to switch and so you go bust.
Doing no testing is idiotic, but so is trying to expunge all bugs. The sweet spot is somewhere in between and that means the sweet spot is "slightly buggy". For a complex product, the sweet spot will be "really quite buggy, actually".
Sophos did the same thing recently - getting peacefully through "5 levels" of checks. Sophos deleted it's own updater (as well as lots of other software).
It's the reason I didn't renew with Sophos this year, I thought they handled it badly, no compensation at all - even free renewals. When our Enterprise licence was up for renewal I went with someone else instead, there's no way I would reward a company with a renewal, you have to give large companies consequences for screwing up or else they will not improve.
If Sophos remain without incident for the next three years, I might go back - I'll see.
We are in the process of pulling all of our clients from Sophos. Rumour has it they have serious internal issues and this seems to be borne out through their performance lately, starting with the updater issue. That being said, we did get compensation from them - discounted renewals etc.
In partial and general defense of Anti-malware and Anti-virus software, it absolutely has to be released rapidly. This is at odds with the need to do comprehensive testing before release.
No excuse if it breaks ALL Windows installs, but I can imagine cases where it passes all the vendor's tests and then screws up a small fraction of configurations that weren't covered by the quick-release tests.
This is patently untrue.
What's worse: taking an extra day to do it right or constantly run the chance of crippling your userbase with a bad update? Hint: self inflicted wounds are worse.
It generally takes a bit for viruses to go across the globe. If you follow any type of standard practices like firewalls and regular OS patches you are already filtering the vast majority of the crap out.
In the past 5 years I've seen more machines go tits up over a bad virus scanner update than from a virus themselves. Quite frankly I've only seen 2 positive infections in that time. One due to someone thinking kazaa was a good place to get music. Another due to a known security bug in an older version of Firefox. However in that same window I've seen 10s of thousands of machines have to be individually touched to recover from bad virus scanners.
Lack of testing is unacceptable.
One of the great features of Microsoft Security Essentials is that, when It encounters a file that it considers dodgy, it doesn't take a default action. Rather, it lets the user decide what to do with it.
Malwarebytes, however, by default, quarantines files that it doesn't like.
Open Malwarebytes and click on the Protection tab.You will see:
Automatically quarantine flesystem threats detected by the protection module
Uncheck the box to the left of that.
(BTW, the icon choice is a joke.)
Roll on the -1's for honesty :p
anyone recommending MSE has absolutely no clue what they are talking about.
Malwarebytes has continuously been one of the best malware scanners out there, been using it for about 6 or 7 years
(it does not register itself as an antivirus-nor does PrevX, - if you have either installed, windows security centre will tell you that there is no AV installed on your PC.)
Avira, an truly excellent AV product ...did a similar thing last year -buggy updates crippling PCs, avg have done it twice in as many years. -guess QC testing didn't work then either?
Norton, macafee etc., no one is/has been immune to bad definition updates.
Normally the comments section on reg can be the most informative part of an article, this is not the case here imo
I've worked in computer repair last 14 years, I've removed more malware than 99% of people reading this site.
Malwarebytes is an excellent product, has been for years
MSE is not, never has been..
btw, the idea that some(any) €30 product can properly shield you from attack vectors is utter rubbish.
All anti virus's are reactive not proactive(with exception of heuristics- which account for very little detections)
NASA spend millions on security, and Gary Mckinnon got in on blank administrator passwords.
rant over ;)
Given Windows is a Target for Miscreants and as a result Third Parties deliver stuff to prevent Borking then rather than Mistakenly Borking the Computah and Locking it into Multiple Reboot Syndrome themselves can't the Third Parties be given or create some 'Whoops Space' during Reboot that says "Perhaps We Have Borked Your 'Putah'. Click Yes to Go Back to the Time Before We Fucked it For You'.
Given Windows is a Target for Miscreants and as a result Third Parties deliver stuff to prevent Borking then rather than Mistakenly Borking the Computah and Locking it into Multiple Reboot Syndrome themselves can't the Third Parties be given or create some 'Whoops Space' during Reboot that says "Perhaps We Have Borked Your 'Putah'. Click Yes to Go Back to the Time Before We Fucked it For You'.
That over-arching program would need testing too, which would be even more tricky than testing the virus update program.
(Sorry if I've made a serious comment about a joke, in which case perhaps both can stand.)