Webroot antivirus goes bananas, starts trashing Windows system files Webroot's security tools went berserk today, mislabeling key Microsoft Windows system files as malicious and temporarily removing them – knackering countless PCs in the process. Not only were people's individual copies of the antivirus suite going haywire, but also business editions and installations run by managed service …
Ummm, look again at what you quoted from the article:
Webroot's security tools went berserk today, mislabeling key Microsoft Windows system files as malicious and temporarily removing them
See that word "temporarily"? It might have been doing a better job than other AV s/w but then it screwed up by not removing the files permanently.
The problem is, you need a balanced approach, risk by doing something vs risk by not doing something. This is something my people don't get.
We had a AV signature update silently delete some of our compiled support EXEs from our build server during the build process (as the guys in charge of AV don't understand what heuristic means). It wasn't spotted by the testers (as it was tested as an upgrade), only when it hit the field, did customers spot that our latest software release wasn't complete, making the company look like idiots. Of course the team in charge of AV, it wasn't THEIR fault, it never is...
A good virus detection program has good positive detection and LOW false positives ratios. Kaspersky fails badly on the later metric, it's also regularly screwing up systems here, deleting important files, and refusing to boot the system. It's extremely invasive, unreliable trash.
"A good virus detection program has good positive detection and LOW false positives ratios. Kaspersky fails badly on the later metric, it's also regularly screwing up systems here, deleting important files, and refusing to boot the system. It's extremely invasive, unreliable trash."
Thanks for the info. I have experience of Symantec, Sophos, McAfee, and Microsoft amongst others but not that one...
this made my day! (Shadenfreude)
Anti-virus is SO overrated.
"Safe Surfing" works better, In My Bombastic Opinion. That is no MS browsers, aggressively use the 'NoScript' plugin, don't view HTML e-mail as HTML, don't auto-view e-mail attachments, no MS Outlook (aka 'virus outbreak'), and NEVER access the internet or e-mail while logged in with ADMIN privs [unless you're doing a software update with a legitimate source, and then be vewy vewy caweful...]
It would've been even funnier if MS's anti-virus had caused this
The masses should by now no longer be using PCs as a personal connected device - only used in professional/business environments properly locked down and maintained by IT. (not that that would have changed the outcome of this particular situation)
Thankfully the masses seem to have moved on as shown by the drop in PC sales over the years and prevalence of safer devices like tablets, smartphones and chromebooks.
Other devices can be even less safe, especially when the manufacturers or providers fail to provide OS updates, or the OS is provided by spy driven businesses like Google!
I have Android devices but I seriously restrict what personal content is on them because I expect it to be vulnerable.
companies can choose to implement a safe surfing approach
Only against the obvious NSFW sites. Unfortunately safer-surfing and white-listing won't protect a company from watering hole attacks, and I'd suspect that the main corporate threat is from well organised crims who won't be relying on some dumbo looking at that sort of content.
I barely tolerate spyware behaviour in Win. 10, because it can be disabled/blocked, but I won't tolerate malware like behaviour in application software, so SRWare Iron instead of the spyware Chrome, LibreOffice instead of Microsoft Office, Firefox instead of Edge, Avast (several false positive plugins disabled) instead of conflict of interest (Chocolatey false positives) Avira etc.!
I use NoScript, but uMatrix is also useful for protecting multiple browsers, because by default it blocks frames and other sites, and allow selective enabling/disabling of cookies, css, images, plugins, scripts, XHR (XML requests), etc. for each domain and sub-domain, in a drop-down table pane.
With some sites I even disable images, because they are not essential for the content and mostly used for annoying adverts.
I will rarely trust/use Microsoft anti-malware because it will allow their OS spyware and may add other malware like behaviour.
I saw the same BBC headline and was thrown by it until I read the article. Turns out that the request actually makes sense: their health problems (cardiovascular issues, diabetes, extreme obesity, etc.) mean that the sedative to knock them unconscious might not work properly, leaving them to suffer horribly during execution. Witness accounts on whether each did or not are conflicting.
"The timing of the file classification blunder couldn't be worse for at least one employee. Gary Hayslip was hired earlier this month as Webroot's chief information security officer, and this can't be a fun first few weeks on the job."
Ooh, I geddit - haze the new guy! Really funny, guys.
Not sure the new CISO will G-a-F. If he's doing his job properly then he'll be a million miles from the technical activities that buggered up his company's customers. His job is to protect the information assets of Webroot (intellectual property, employee and customer data) though arguably he'll have less to protect as the existing customers go elsewhere.
For home use?
I recommend Sophos, they offer the full product (AV, Web Protection etc) for free to home users, including Cloud-based managed.
As the "family's PC repair man", I have the whole family on this, so I can manage everything from 1 console, including the kids and grand parents!
I recommend Sophos, they offer the full product (AV, Web Protection etc) for free to home users, including Cloud-based managed.
I wondered about using them (but then, I only have one Windows desktop and it only gets used for Word/Excel type stuff) especially as I'm using what used to be called Astao Linux (now Sophos UTM - and even more amazingly, they don't appear to have broken it).
Sopfos UTM comes with built-in management for the Windows & Mac Sophos AV.
Mind you, if I think need AV on my Mac, I'd be using clamav..
My advice would be to steer well away from Sophos.
They have been particularly bad with false positives causing big issues with key software. They managed to take out many of the key apps on all PCs, including their own software updater (which meant that you couldn't easily fix it as you couldn't download an updated definition file).
It had gone through 5 layers of testing which should have picked up the issue but none managed to spot the problem (let me reiterate, it borked their own software!).
After that I left them and since then they have had more issues, even towards the end of last year they killed winlogon.exe and disabled PCs. Luckily we had moved on since then.
F Secure have been around a long time, as has been Kaspersky, both with a rather low error count on signatures that nuke your computer's OS. That said, Kaspersky on macOS* is thoroughly disappointing so I can't really recommend it.
In addition, I recommend a rebuild every year if possible, especially Windows machines appear to accumulate the electronic equivalent of kettle fur and a rebuild speeds them up - just make sure you have all the license codes and passwords and a damn good (tested!) backup before you do it.
I'm about to do the same on macOS, but that's because it's gone weird after making installing Office 365 (client request, but that project is finished). I won't make that mistake again.
* Yes, macOS and anti-virus, I believe in facts rather than marketing.
Serious question from a habitual Norton Antivirus user who's sick of it -What do folks recommend as a superior and safe alternative?
Well. Nothing.
Seriously. Running nothing would protect you more than Norton!
If you're looking for paid, and what IME is best overall (as of a couple of years back when I last looked), I would recommend Eset.
Free.. MS's own program wasn't too bad IME, but I found Avira and Avast better. But one of the two did a lot of advertising. Bit Defender is currently one I like as well (paid or free), largely because of how good their rescue disk was and how not-crap the rest of their system was.
I've heard good things about Trend Micro and Comodo but have never tried them. I did set up Comodo's firewall at one workplace, and the place never had a problem despite the best efforts of the retard who did most of their filing (I do not have the language to describe how bad this guy was). It was a whitelisting firewall comparable at least to Zone Alarm back then.
Overall though I recommend Eset, however it has been a while so my information may be out-dated. Part of that is based on the customer service I got from them, which was pretty good.
If WebRoot are aware of a way of faking a signature, perhaps they'd be willing to share this major breakthrough in cryptography that undermines the security of all e-commerce everywhere.
If not ... it is surely criminally negligent not to whitelist files that are signed by Microsoft.
There's a system for compromised certificates and whilst I've heard stories that CAs have been tricked into issuing certificates that say "Microsoft" on the front, I haven't heard stories of rogue certificates that have been counter-signed by Microsoft's own root certs. And unless you (or an AV vendor) can find an instance where this happened, I maintain that the presence of such a signature proves beyond reasonable doubt that the file in question is not malware. Quarantining it is just reckless and proves that the AV vendor doesn't care about trashing your system.
I've decided that I'll bite: let's ask, What if we invented all this shit now, instead of letting it grow like cancer for the last 30 years?
A reasonable person might agree that for any device you own:
1. You'd complete a preferences questionnaire about which private data about yourself you are willing to share, with whom and under what circumstances. So "Share my family photos with everyone" would be a NO, whereas a YES might be "Allow retailer to keep my credit card on file if I click YES for their certified site". "Send loads of usage data including contents of my documents to an OS vendor" would probably be a NO.
2. A modern anti-malware system would take those preferences into account, and if it were a *true* learning system, would observe that some software tried to appropriate and export data that you don't want it to. It would determine that some software providers were untrustworthy and block access to data, and then disable functionality if necessary. It would be acting according to your express wishes.
3. In that respect, a product like Webroot is doing exactly what we would want it to: identifying data theft and stopping it.
If anti-malware software gets clever enough—moves from blind signature-based recognition to a more learning-of-intentions based approach—my guess is that Windows would have to be excluded as an entire unit from any checking, else it would constantly be blocked as malware.
"You'd complete a preferences questionnaire about which private data about yourself you are willing to share"
That's nothing to do with the internet per se, it's to do with all the wide boys setting up businesses and taking advantage of the stupidity of the numpties who use it. The only way of preventing that by re-inventing the internet is to make it too difficult for the numpties to use.
There would be no peer to peer networking.
There would be no such thing as universal email. There would be lots of walled gardens.
The Telcos would control which sites you could use/visit. Only they would be able to produce servers.
There would be no anonymous sites or browsing.
But fortunately, all those things got out of the bag before the MBAs took control.
"Between 1200 and 1500 MST (1800 and 2100 UTC) today, Webroot's gear labeled Windows operating system data as W32.Trojan.Gen – generic-Trojan-infected files, in other words – and moved them into quarantine, rendering affected computers unstable. Files digitally signed by Microsoft were whisked away – but, luckily, not all of them, leaving enough of the OS behind to reboot and restore the quarantined resources."
If your going to flag Windows system files you could at least do it correctly and completely brick it. I don't know these companies and their half measures. /sarcasm
Webroot's security tools went berserk today, mislabeling key Microsoft Windows system files as malicious and temporarily removing them
[..]
Its software also..misidentified Facebook .. as phishing .., blocking access to them.
About time we got some decent, accurate AV and anti-phishing software out there for those poor windows victims!
Gotta love how HSBC are STILL offering webroot when you log into their system (hsbcnet.com) :-
--
Webroot SecureAnywhere
WebRoot Secure Anywhere promotion
Maximise your security with Webroot SecureAnywhere online protection.
Webroots
HSBC has teamed up with Webroot to provide HSBCnet online banking customers exclusive access to download the award-winning SecureAnywhere security software at no charge.
In addition to advanced anti-virus protection, Webroot SecureAnywhere software uses a number of innovative features and methods to protect your device against sophisticated malware attacks that may go undetected by your standard anti-virus software. This enhanced security helps protect against the threats most prevalent in today’s online environment: phishing e-mails and users visiting websites which automatically download malicious software (or malware). Webroot SecureAnywhere offers:
protection against highly adaptive and ever-evolving threats using superior malware detection and advanced anti-virus protection;
a cloud-based delivery that is compatible with existing security applications and ensures you always have the latest protection;
protection that keeps working even when users are offline.
To get your complimentary extra protection right away select "Download now". Or, select "Tell me more", for more information about Webroot SecureAnywhere software.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
