back to article 'Webroot made my PCs s*** the bed' – AV update borks biz machines hard

Anti-malware firm Webroot has apologized after an update pushed out this week borked computers at unlucky companies, leaving the PCs unbootable. El Reg learned of the issue through reader Andrew, who reported that the Webroot update for enterprises has "shit the bed," creating all sorts of problems on corporate …

  1. Gis Bun

    Wow. Some corporates use Webroot?

    1. Mark 85

      Indeed and some use McAfee.... go figure.

      1. Halfmad

        At least EPO can be leveraged to install something useful now and then.

    2. cyberdemon Silver badge

      Some people still use Anti Virus?

      Seriously - if you're a user, just don't run suspicious files, don't browse dodgy websites, and make sure all your important data exists somewhere that is NOT accessible to your computer on a regular basis. If you DO find yourself in need of browsing dodgy websites (for whatever reason) then make sure you are using a whitelist script/flash blocker, or a virtual machine. And if you don't understand how to do that, you'd best get a clue before going anywhere near said dodgy websites.

      And if you're a business - don't give users sufficient privileges to cause any damage unless they thoroughly understand the above and are prepared to take responsibility for it!

      Antivirus programs IN GENERAL should be considered harmful. The entire AV industry/culture needs to die. At best it lulls users into a false sense of security - (NO antivirus software can ever be perfect, so no matter what super duper AV you bought, you are still vulnerable.) and at worst, it's just a racket. (Users should NOT be trained to trust anything that calls itself an anti-virus program!)

      So-called "real-time" or "on-access" antivirus is essentially installing a rootkit on your machine, interrupting the basic system calls that programs rely on e.g. fopen() and replacing them with their own (in this case buggy) code. THIS IS EXACTLY WHAT THE WORST VIRUSES DO, and it's the reason why antivirus software slows down your machine, and why if you have more than one AV software installed, it causes a world of grief, because they are both trying to usurp the same syscalls.

      The only "anti-virus" that I ever use is Clam, which is the traditional "scanner" type which just recursively traverses directories and looks at files one by one - it's handy for sanitising backups of machines I don't trust, or screening suspicious files.

      1. Anonymous Coward
        Anonymous Coward

        Re: Some people still use Anti Virus?

        Yes some people use antivirus, especially with behavior blockers and / or whitelisting. Users are not all f'g experts and want to use their machines for actual work and not piss about in the engine room forever. We therefore give our money to the likes of Webroot who tend to normally do a pretty decent job of keeping us safe.

    3. JCitizen

      NO!! The question is..

      why does anyone use Webroot? I learned a LONG time ago to never trust that brand again!!

  2. The Man Who Fell To Earth Silver badge

    Some UK companies have 130 overseas installs?

    And no overseas IT support?


    1. Drew 11

      Re: Some UK companies have 130 overseas installs?

      Who would want to work in Trumpistan? Or risk visiting?

    2. This post has been deleted by its author

    3. Anonymous Coward
      Anonymous Coward

      Re: Some UK companies have 130 overseas installs?

      Not just UK companies. My US multinational of 90 installs also didn't have any IT guy, just a helldesk in India. It took a year of politicking to make the case that everything was slowly going to shit to be allowed to get one.

    4. _Absinthe_

      Re: Some UK companies have 130 overseas installs?

      Quite a few of my customers at work have a decent number of overseas locations, but each location only has a handful of users, so having onsite IT resource at any of them doesn't make sense. I have one customer with about 300 overseas users I think it was, but they're split across about 25+ sites; they only have a (part-time) local IT presence on 2 of those sites as the user count at the rest simply doesn't justify it. A somewhat strange business model which I'll admit I don't understand, but that's probably why I'm the techie, not the commercial guy in the equation :)

    5. Halfmad

      Re: Some UK companies have 130 overseas installs?

      Yeah I'm a little mystified why they'd assume they'd NEVER need any IT boots on the ground for something like this, management need their heads seen to.

      1. Anonymous Coward
        Anonymous Coward

        Re: Some UK companies have 130 overseas installs?

        I don't know if it is still the case, but Tesla UK didn't have any boots on the ground staff, but did have an agreement with a UK MSP to go in and do any physical bits that were needed (both for their Maidenhead office and the show rooms).

  3. Anonymous Coward
    Anonymous Coward

    "where we don't have any IT staff."

    I wonder why.... Because you sh1tcanned them then outsourced to India...??? Meanwhile senior execs got a huge bonus for that single act and soon after retired to the Caribbean. Globalisation at work...

    1. Halfmad

      Re: "where we don't have any IT staff."

      Yeah but, who REALLY needs IT staff right? Oh right well until you REALLY need them that is and remember they no longer work for you.

      Sounds like they had zero contingency plans in place for this, so those 130 staff can put their feet up - bet that's not costing them much.

  4. Anonymous Coward
    Anonymous Coward

    Webroot has issued an update now

  5. Anonymous Coward
    Anonymous Coward

    We have somewhere between hundreds and a thousand machines affected, but we don't know how many in each site, yet. Oddly we don't get BSOD, we just can't log in... not regular users, not domain admins, not local admins. There is a fix... but that requires intervention at the PC, and with machines at more than a hundred sites, that's going to take our techs a while...

    1. David 132 Silver badge

      There is a fix... but that requires intervention at the PC, and with machines at more than a hundred sites, that's going to take our techs a while...

      AC, you might want to take a(-nother) look at Intel vPro, if your machines are suitably equipped. Once you switch on the AMT hardware management, it gives you over-the-network power/boot control and a hardware-based VNC server - really useful for this type of scenario, because it pretty much means that you can do anything to a PC remotely that you'd do to it locally (well, OK, apart from upgrading/replacing hardware).

      Something like this then becomes a case of selecting the collection of target machines in SCCM then using AMT to take control of the machines or boot them from a patching ISO, even if they won't boot or log into Windows.

  6. Anonymous Coward
    Anonymous Coward

    Doesn't anyone test?

    I know that in many enterprise situations the whole IT department has been put into a degraded state. As in: you want a test park but the beancounters in control over the budget don't deem this necessary. However, I also don't think it's fully the beancounters fault either. How many IT'ers step up to them after an incident like this to tell them exactly how this could have been avoided? Pretty sure that the costs for a test environment outweigh the costs of total downtime.

    Even so... Enterprise, in my book (but I'm probably old school), means not taking any unnecessary risks. So most definitely NOT performing blind updates like this. First onto a test environment, then a controlled roll out. So yeah, I am surprised to read how many this hiccup affected.

    1. Doctor Syntax Silver badge

      Re: Doesn't anyone test?

      "As in: you want a test park but the beancounters in control over the budget don't deem this necessary. "

      That's an easy one. Beancounters are made to feel important: they get first dibs at all upgrades.

      1. Anonymous Coward
        Anonymous Coward

        Re: Doesn't anyone test?

        There is always that one company that runs something the others don't. Maybe they have a different infrastructure, or run Netware/notes instead of AD/Outlook, or they have some strange setting their unusual IT guy likes.

        I also remember when this happened to McAfee, that one was nasty, according to people I know on the ground.

        Also, I agree with the beancounters and would add people that don't even look when they sign off on an item. I know of a DB that was nuked because everyone approved a query but did not read the query, as it had a delete line at the end.

    2. Mpeler
      Paris Hilton

      Re: Doesn't anyone test?

      Uninitialised variable? (time-dishonored failure).....

      Ahhh, the days of desk-checking are long since gone. Where's John McAfee when we need him (and not that piece of Pferde-Merde that now bears his name)..... and, yep, I know this is CorpAV.....

      Paris is checking desks right now.....

    3. HurdImpropriety

      Re: Doesn't anyone test? Agile sux

      Oh here we go..."Doesn't anyone test?" Yeah because thanks to Agile software "development" and micromanaged and miniaturized time schedules, software doesn't get tested the way it should with the proper bake time. Please don't try to justify Agile either... that is why medical companies, NASA, automotive, you name it companies where lives actually count on the software to perform properly DO NOT USE Agile. Get it?

  7. Doctor Syntax Silver badge

    At least they can't get a virus while they're BSODed so AV is protecting them.

    1. Tim036

      Sort of curious, if a PC is 'Bricked' how do you get to install the fix ? as there is no way in.

      Personally I keep an image of the hard drive also the data on a separate partition.

      So recovery is easy, but then I'm not in the corporate world.

  8. Anonymous Coward
    Anonymous Coward


    Because they Root the web

    Ditched those pricks years ago.

    1. Anonymous Coward
      Anonymous Coward

      Re: Webroot

      "Ditched those pricks years ago."

      Seriously, what bad experiences did you have with them to cause such an outburst?

  9. Tezfair

    one of the reasons I don't let AV near a server

    Dead PCs I can handle, but a dead server is a whole different level of shit I can live without

    1. Anonymous Coward
      Anonymous Coward

      Re: one of the reasons I don't let AV near a server

      Restore from backup, selective restore of data. Job done.

      Had to do this regularly due to backup verification work at a previous job, all servers had to have a bare metal restore every 90 days, it became one of the less stressful parts of the job even getting AD working on a little network between the various DCs in our test bay when they were restored.

      But getting to that stage requires management to give you time and resources - something many companies don't want to do.

  10. rmstock

    LinkFixer Advanced - AutoDesk[tm]

    The Windows Root based community decided to earn some extra cash through some Hegelian dialectic based process on the Windows server based platform. Thats a bad omen, which might foretell that also the Windows 10 installed base is lacking in numbers and revenue. A good Administrator does a clean reinstall and only adds needed data afterwards .. A lot of fancy AV software nowadays pretend to also guard against CyberSecurity Identify Theft, Foreign and Domestic. Strange to see that on my Linux laptop, when playing YouTube Videos, Adds pop-up like `install the right Win32 driver' and why don't you install `LinkFixer Advanced' here :

    1. rmstock

      Re: LinkFixer Advanced - AutoDesk[tm]

      see also :

  11. Anonymous Coward
    Anonymous Coward

    how do you apply a release to a computer that won't boot?

  12. TeeCee Gold badge

    ... v9.0.15.50 has been deployed automatically to all of our WSAB customers ...

    Well, apart from those machines that fell over and now won't boot as a result of the previous update of course.

  13. steve 124


    Been using this for 4 years now on our network and this is the first problem we've encountered. Despite the rhetoric above, we've been amazed at how well this product works, but it definitely screwed up at least 3 of our machines last week. I was very disappointed to find out WR was the cause because it has seriously cut out almost all our cleanup issues since deployment. I certainly hope WR QA gets it together and makes sure this NEVER happens again. If this had been a server bsod I'd be seriously miffed. As it was, we spent about 4 hours fixing 3 machines and were done (at least as far as I know).

    what a CF though, right?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon