AV Provider Webroot Melts down as Update Nukes Hundreds of Legit Files

Discussion in 'HardForum Tech News' started by Megalith, Apr 25, 2017.

  1. Megalith

    Megalith 24-bit/48kHz Staff Member

    Messages:
    13,004
    Joined:
    Aug 20, 2006
    Webroot has just reinforced my decision for not using antivirus: you never know when the software is going to go berserk and start quarantining legit files. Yesterday, their AV program mislabeled key Microsoft Windows system files, taking PCs down and creating huge losses for businesses. The cause was “bad definitions” that were allegedly up for only 13 minutes, but it was more than enough time to screw over many users. Files digitally signed by Microsoft were mistakenly identified as W32.Trojan.Gen, reportedly.

    A signature update just nuked hundreds of benign files needed to run Microsoft Windows, as well as apps that run on top of the operating system. Social media sites ignited on late Monday afternoon with customers reporting that servers and computers alike stopped working as a result of the mishap. The admin and security pundit who goes by the Twitter handle SwiftOnSecurity told Ars that, at the company he or she worked for, the false positive quarantined "several hundred" files used by Windows Insider Preview. Hundreds of "line of business" apps, such as those that track patient appointments or manage office equipment, suffered the same fate. Webroot was also flagging Facebook as a phishing site.
     
  2. dgingeri

    dgingeri 2[H]4U

    Messages:
    2,830
    Joined:
    Dec 5, 2004
    A while back, I had BitDefender as an AV. They had a definition update that labeled all 64-bit executables as viruses, including many vital system files within 64-bit Windows 7. 64-bit was just starting to get into the mainstream at the time, but I had been running it since Vista came out. It crippled my main machine, forcing a full reformat. The apologized and issued a fix, but the damage was done for thousands. Then, a week after I had to rebuild my OS from scratch, it happened AGAIN.

    I have never again purchased BitDefender AV. I changed over to ESET even though I still had 8 months left on my subscription with BitDefender, and never looked back. I've heard they've repeatedly apologized and haven't had an incident like it since, but I still don't trust them, even after almost a decade.
     
  3. Travolta

    Travolta Gawd

    Messages:
    649
    Joined:
    Sep 19, 2004
    I fail to see the problem......windows is a virus. Facebook was also flagged as a phishing site, imagine that.
     
  4. ir0nw0lf

    ir0nw0lf [H]ardness Supreme

    Messages:
    6,257
    Joined:
    Feb 7, 2003
  5. U-238

    U-238 Limp Gawd

    Messages:
    252
    Joined:
    Aug 14, 2008
    Might as well not use an OS either because you never know when one of it's updates is going to screw over your system and render it inoperable. Hell, might as well not use a computer at all because you never know when a hard drive might fail and cause the same effect.

    That said, I absolutely hate WR with a passion. I have yet to meet a system that it hasn't royally screwed over in some way. At least with the Nortons/McAfees/AVGs of the world they just slow your system down. Webroot seems hell bent on actually destroying the system it's installed on. In my book, it belongs on the PUP/Fake AV list.
     
  6. rudedog

    rudedog Gawd

    Messages:
    717
    Joined:
    Dec 23, 2004
    Could not agree more about Facebook....
     
    Wizard220 and azuza001 like this.
  7. dgingeri

    dgingeri 2[H]4U

    Messages:
    2,830
    Joined:
    Dec 5, 2004
    I had a VM for learning Linux running CentOS 5.4 a while back. Updates came out to update it to 5.7 (it had been a little while since I'd last used it) and installing them caused my LVM config to go sideways. I had to totally reformat and rebuild the OS from scratch.

    This behavior isn't limited to Windows.
     
    Chupachup, Talyrius and Vader1975 like this.
  8. Maxx

    Maxx [H]ard|Gawd

    Messages:
    1,332
    Joined:
    Mar 31, 2003
    Many years ago I purchased some Webroot software and the amount of run-around they gave me on some issues made me want to cancel my sub, which they didn't make easy (they ended up charging me another year anyway, if I recall correctly). Needless to say they were at one time a good company but they haven't been that in a long time.
     
    Chupachup likes this.
  9. Gigus Fire

    Gigus Fire 2[H]4U

    Messages:
    2,275
    Joined:
    Oct 14, 2004
    i'm not sure if i agree with the article.
    Webroot and creating huge losses for business specifically.
    I never knew webroot even existed. I wonder how many businesses were affected.
     
  10. SvenBent

    SvenBent 2[H]4U

    Messages:
    2,790
    Joined:
    Sep 13, 2008
    Updating to creatores update in windows 10 did the same shit. totaly nuked my deamon tool install.

    its amazing how we now have to protect our data not just against blackhats, but now also legit companies due to obsolete not interest in testing and keeping the customers interest.


    Also the amount of false positives AV gives these days is just horrendous, there is absolut no intereste in quality/accurate products behind AV makers these days. its all about bell and whistles and scare tactics
     
    ktos2 likes this.
  11. Seventyfive

    Seventyfive [H]ard|Gawd

    Messages:
    1,346
    Joined:
    Jul 14, 2004
    Panda had this problem maybe a year or two ago. I think there was a fix you could do if you had rescue media and could boot into powershell. I can't exactly remember what I did to fix it but the first thing I did after i got back up and running was uninstall panda and go back to eset.
     
  12. Miikun

    Miikun Limp Gawd

    Messages:
    359
    Joined:
    Dec 22, 2011
    Nuked Microsoft AND Facebook in a single patch? Sounds like a disgruntled employee to me.
     
  13. Darunion

    Darunion 2[H]4U

    Messages:
    3,722
    Joined:
    Oct 6, 2010
    or a radicalized linux user?
     
    Master_shake_ and cyclone3d like this.
  14. the-one1

    the-one1 2[H]4U

    Messages:
    2,982
    Joined:
    Jan 16, 2003
    Happened to me yesterday. I work for a City, and Webroot nuked the executable to a court software on the server and a couple clients. What made it worse was that court session was to begin at 4pm and this happened at 3:55pm. Judge was not happy. Took about 15min to figure out it was Webroot.

    Thank god for backups!
     
  15. Galvin

    Galvin 2[H]4U

    Messages:
    2,687
    Joined:
    Jan 22, 2002
    I always have my AV ask me what I want to do first, cause I know there's false positives
     
  16. cyclone3d

    cyclone3d [H]ardForum Junkie

    Messages:
    12,893
    Joined:
    Aug 16, 2004
    This right here... but the general populace is not smart enough to know what is legit and what isn't.
     
    Talyrius likes this.
  17. bobdabilder

    bobdabilder Limp Gawd

    Messages:
    292
    Joined:
    Oct 7, 2009
    Yes, yes i'm confident you've nailed it. I'm laughing at you, not with you.
     
  18. midnightfrolic

    midnightfrolic [H]Lite

    Messages:
    79
    Joined:
    Dec 20, 2015
    Gee. A 3rd party AV software messed up files. That never happens right? I've stopped using 3rd party security software a while ago. No real incentive to use them. Windows Defender + custom HOSTS files + common sense. I don't even use adblockers. Yeah yeah, I'm living on the edge aren't I? :ROFLMAO:
     
  19. lilbabycat

    lilbabycat 2[H]4U

    Messages:
    3,810
    Joined:
    Jun 21, 2011


    Who says they were false positives?
     
  20. MotionBlur

    MotionBlur [H]ard|Gawd

    Messages:
    1,634
    Joined:
    Mar 27, 2001
    Having been working in this particular field, it is a serious issue, but there are a couple good solutions that do work (albiet with cons). Hopefully they can conjure up a good solution. Simply whitelisting is far a good solution.
     
  21. Chupachup

    Chupachup Limp Gawd

    Messages:
    435
    Joined:
    Jan 12, 2014
    REVOLUTION!!! POWER TO THE PEOPLEZ!!!!
     
    Darunion likes this.
  22. Smashing Young Man

    Smashing Young Man [H]ard|Gawd

    Messages:
    1,525
    Joined:
    Sep 11, 2009
    It's pretty scary the amount of damage these companies can potentially do to other businesses. Do these AV companies have anything akin to malpractice insurance?
     
  23. DeathFromBelow

    DeathFromBelow [H]ardness Supreme

    Messages:
    7,106
    Joined:
    Jul 15, 2005
    Can't blame them. Windows 10 looks like malware to me, too.
     
  24. Tiberian

    Tiberian DILLIGAFuck

    Messages:
    5,725
    Joined:
    Feb 12, 2012
    Damn man, that's a pretty serious insult to the malware, I mean geez. :D
     
  25. BitMaster

    BitMaster Limp Gawd

    Messages:
    368
    Joined:
    Nov 10, 2016
    Webroot for example..is being used by Gateprotect, owned by Rhode & Schwarz ( a company you should know ) as their EndPoint-Security. Tried it free for 1 month a few years back and decided against it.

    As many friendly states/nations are on their customer list ( mil + police radio equipment..and more ) they for sure have a good day today..haha

    https://cybersecurity.rohde-schwarz...r-deliver-holistic-approach-complete-security