AV Provider Webroot Melts down as Update Nukes Hundreds of Legit Files

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,000
Webroot has just reinforced my decision for not using antivirus: you never know when the software is going to go berserk and start quarantining legit files. Yesterday, their AV program mislabeled key Microsoft Windows system files, taking PCs down and creating huge losses for businesses. The cause was “bad definitions” that were allegedly up for only 13 minutes, but it was more than enough time to screw over many users. Files digitally signed by Microsoft were mistakenly identified as W32.Trojan.Gen, reportedly.

A signature update just nuked hundreds of benign files needed to run Microsoft Windows, as well as apps that run on top of the operating system. Social media sites ignited on late Monday afternoon with customers reporting that servers and computers alike stopped working as a result of the mishap. The admin and security pundit who goes by the Twitter handle SwiftOnSecurity told Ars that, at the company he or she worked for, the false positive quarantined "several hundred" files used by Windows Insider Preview. Hundreds of "line of business" apps, such as those that track patient appointments or manage office equipment, suffered the same fate. Webroot was also flagging Facebook as a phishing site.
 
A while back, I had BitDefender as an AV. They had a definition update that labeled all 64-bit executables as viruses, including many vital system files within 64-bit Windows 7. 64-bit was just starting to get into the mainstream at the time, but I had been running it since Vista came out. It crippled my main machine, forcing a full reformat. The apologized and issued a fix, but the damage was done for thousands. Then, a week after I had to rebuild my OS from scratch, it happened AGAIN.

I have never again purchased BitDefender AV. I changed over to ESET even though I still had 8 months left on my subscription with BitDefender, and never looked back. I've heard they've repeatedly apologized and haven't had an incident like it since, but I still don't trust them, even after almost a decade.
 
ab0467b32da03d17631051b43d5da44fd75a3a66ee61d66f7bf7ae18887b5415.jpg
 
Might as well not use an OS either because you never know when one of it's updates is going to screw over your system and render it inoperable. Hell, might as well not use a computer at all because you never know when a hard drive might fail and cause the same effect.

That said, I absolutely hate WR with a passion. I have yet to meet a system that it hasn't royally screwed over in some way. At least with the Nortons/McAfees/AVGs of the world they just slow your system down. Webroot seems hell bent on actually destroying the system it's installed on. In my book, it belongs on the PUP/Fake AV list.
 
Might as well not use an OS either because you never know when one of it's updates is going to screw over your system and render it inoperable. Hell, might as well not use a computer at all because you never know when a hard drive might fail and cause the same effect.

That said, I absolutely hate WR with a passion. I have yet to meet a system that it hasn't royally screwed over in some way. At least with the Nortons/McAfees/AVGs of the world they just slow your system down. Webroot seems hell bent on actually destroying the system it's installed on. In my book, it belongs on the PUP/Fake AV list.

I had a VM for learning Linux running CentOS 5.4 a while back. Updates came out to update it to 5.7 (it had been a little while since I'd last used it) and installing them caused my LVM config to go sideways. I had to totally reformat and rebuild the OS from scratch.

This behavior isn't limited to Windows.
 
Many years ago I purchased some Webroot software and the amount of run-around they gave me on some issues made me want to cancel my sub, which they didn't make easy (they ended up charging me another year anyway, if I recall correctly). Needless to say they were at one time a good company but they haven't been that in a long time.
 
i'm not sure if i agree with the article.
Webroot and creating huge losses for business specifically.
I never knew webroot even existed. I wonder how many businesses were affected.
 
Updating to creatores update in windows 10 did the same shit. totaly nuked my deamon tool install.

its amazing how we now have to protect our data not just against blackhats, but now also legit companies due to obsolete not interest in testing and keeping the customers interest.


Also the amount of false positives AV gives these days is just horrendous, there is absolut no intereste in quality/accurate products behind AV makers these days. its all about bell and whistles and scare tactics
 
  • Like
Reactions: ktos2
like this
Panda had this problem maybe a year or two ago. I think there was a fix you could do if you had rescue media and could boot into powershell. I can't exactly remember what I did to fix it but the first thing I did after i got back up and running was uninstall panda and go back to eset.
 
Nuked Microsoft AND Facebook in a single patch? Sounds like a disgruntled employee to me.
 
Happened to me yesterday. I work for a City, and Webroot nuked the executable to a court software on the server and a couple clients. What made it worse was that court session was to begin at 4pm and this happened at 3:55pm. Judge was not happy. Took about 15min to figure out it was Webroot.

Thank god for backups!
 
I always have my AV ask me what I want to do first, cause I know there's false positives
 
Gee. A 3rd party AV software messed up files. That never happens right? I've stopped using 3rd party security software a while ago. No real incentive to use them. Windows Defender + custom HOSTS files + common sense. I don't even use adblockers. Yeah yeah, I'm living on the edge aren't I? :ROFLMAO:
 
Having been working in this particular field, it is a serious issue, but there are a couple good solutions that do work (albiet with cons). Hopefully they can conjure up a good solution. Simply whitelisting is far a good solution.
 
It's pretty scary the amount of damage these companies can potentially do to other businesses. Do these AV companies have anything akin to malpractice insurance?
 
Webroot for example..is being used by Gateprotect, owned by Rhode & Schwarz ( a company you should know ) as their EndPoint-Security. Tried it free for 1 month a few years back and decided against it.

As many friendly states/nations are on their customer list ( mil + police radio equipment..and more ) they for sure have a good day today..haha

https://cybersecurity.rohde-schwarz...r-deliver-holistic-approach-complete-security
 
Back
Top