Print 25 comment(s) - last by random2.. on Apr 24 at 10:03 PM

Malware software targeted legitimate Windows files

Security vendor Malwarebytes has crippled thousands of computers around the world after a faulty update was applied to its software. The faulty security update applied to the software marked legitimate system files as malware code.

The company admitted to the problem on its official blog earlier this week and has since pulled the faulty update.

"At around 3PM PST yesterday [Tuesday] Malwarebytes released a definitions update that disabled thousands of computers worldwide," wrote Malwarebytes’ Marcin Kleczynski.

"Within eight minutes, the update was pulled from our servers. Immediately thereafter, users flocked to our support helpdesk and forums to ask us for a fix."

The specific operating system files that the malware update targeted included Windows.dll and.exe files. By targeting those files, the security application prevented them from running, taking IT systems and individual computers off-line.
One company that uses a software claims that the update knocked 80% of its servers off-line. Malwarebytes maintains that it has begun reworking its update policy to ensure the sort of mistake never happens again.

"We acted over-zealously in that mission and realise far superior procedures around updating are needed. More was expected of us, and we failed," wrote Kleczynski.

"We are commissioning several new resources to stop this from happening again. We are building more redundancy to check our researchers' work and improving our peer review."

Source: V3

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Effective but risky ...
By Motoman on 4/18/2013 7:59:07 PM , Rating: 2
Oh look, the children are downrating me again for pointing out reality. As they frequently do.

Spend 2 seconds on Google to find this stuff from just a couple years ago:

With a flick of a switch, metaphorically speaking, McAfee (and Symantic and Norton) have in the past, more than once, effectively bricked hundreds of thousands of computers worldwide, and brought many corporations to their knees.

Sure...AVG, Avast, and now Malwarebytes have all had problems too. But nothing on the scale of what the "big guys" have done.

I'll note that I also became a non-fan of Microsoft Security Essentials a while ago - for a long time I'd been happily recommending and installing it on people's PCs. But on at least 3 computers now I've seen MSE absolutely borked by malware to the point where you can't really ever make it work again.

So...I went back to AVG as the primary recommendation. With the free version of Malwarebytes for an additional manual scan once in a while.

"We shipped it on Saturday. Then on Sunday, we rested." -- Steve Jobs on the iPad launch

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki