nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
Webroot antivirus goes bananas, starts trashing Windows system files

Oops.

8
0
Anonymous Coward

Kaspersky No Better

Nobody measures the downtime due to Kaspersky foul ups vs the protection it gives from viruses that do similar damage.

Kaspersky encryption has left my laptop unusable SO many times, and it's virus "protection" is laughable.

5
2
Silver badge
Trollface

Re: Kaspersky No Better

I'm in two minds on this story.

On the one hand you have a company borking thousands of Windows machines (do they test their signature packs before delivery?!) - and on the other you have the possibility that the software is actually doing it's job :P

21
2
Gold badge

Re: Kaspersky No Better

Yup, that was my immediate reaction too.

Webroot's security tools went berserk today, mislabeling key Microsoft Windows system files as malicious and temporarily removing them

AFAIK that makes it the only anti malware tool actually doing its job :).

20
3
Anonymous Coward

Re: Kaspersky No Better

The problem is, you need a balanced approach, risk by doing something vs risk by not doing something. This is something my people don't get.

We had a AV signature update silently delete some of our compiled support EXEs from our build server during the build process (as the guys in charge of AV don't understand what heuristic means). It wasn't spotted by the testers (as it was tested as an upgrade), only when it hit the field, did customers spot that our latest software release wasn't complete, making the company look like idiots. Of course the team in charge of AV, it wasn't THEIR fault, it never is...

3
0
Silver badge
Trollface

Re: AFAIK that makes it the only anti malware tool actually doing its job

Ummm, look again at what you quoted from the article:

Webroot's security tools went berserk today, mislabeling key Microsoft Windows system files as malicious and temporarily removing them

See that word "temporarily"? It might have been doing a better job than other AV s/w but then it screwed up by not removing the files permanently.

3
3
Silver badge

Re: AFAIK that makes it the only anti malware tool actually doing its job

" it screwed up by not removing the files permanently."

You know that putting files into Quarantine doesn't actually delete them, and is normal behavior for AV software?

5
0
Silver badge

"meaning companies and organizations relying on the software were hit"

People use webroot in companies?!

0
1
Silver badge

Re: Kaspersky No Better

"and it's virus "protection" is laughable."

Could you explain why? I don't use Kaspersky, but it's one of the best at detecting the many zero day nasties I upload to Virus Total.

2
0
Anonymous Coward

Re: AFAIK that makes it the only anti malware tool actually doing its job

You know that putting files into Quarantine doesn't actually delete them, and is normal behavior for AV software?

Yes, quite a shame in this instance, isn't it?

:)

2
0
Anonymous Coward

Re: Kaspersky No Better

A good virus detection program has good positive detection and LOW false positives ratios. Kaspersky fails badly on the later metric, it's also regularly screwing up systems here, deleting important files, and refusing to boot the system. It's extremely invasive, unreliable trash.

1
0
Silver badge

Re: Kaspersky No Better

"A good virus detection program has good positive detection and LOW false positives ratios. Kaspersky fails badly on the later metric, it's also regularly screwing up systems here, deleting important files, and refusing to boot the system. It's extremely invasive, unreliable trash."

Thanks for the info. I have experience of Symantec, Sophos, McAfee, and Microsoft amongst others but not that one...

0
0
Bronze badge
FAIL

Never

I learned a LONG time ago to never use anything made by Webroot again. My new clients keep proving this to me for years now.

0
0
Silver badge

Best type of security - kill the PC on your terms before letting miscreants do it :-0

14
1
Silver badge
Happy

a crowning moment of AWESOME!

this made my day! (Shadenfreude)

Anti-virus is SO overrated.

"Safe Surfing" works better, In My Bombastic Opinion. That is no MS browsers, aggressively use the 'NoScript' plugin, don't view HTML e-mail as HTML, don't auto-view e-mail attachments, no MS Outlook (aka 'virus outbreak'), and NEVER access the internet or e-mail while logged in with ADMIN privs [unless you're doing a software update with a legitimate source, and then be vewy vewy caweful...]

It would've been even funnier if MS's anti-virus had caused this

11
21
Silver badge

Re: a crowning moment of AWESOME!

That may be a better solution for people with a clue, but even "don't use a Microsoft browser" will confuse some of the masses and "use the 'NoScript' plugin" will confuse almost all of the rest.

13
2
LDS
Silver badge

Re: a crowning moment of AWESOME!

In many company environments, you CAN'T install whatever you like on a machine assigned to you. And that's a sensible security practice as well.

10
0
Silver badge

Re: a crowning moment of AWESOME!

.. and in many company environments (company specified /controlled / deployed) anti virus is mandatory.

3
0
Anonymous Coward

Re: a crowning moment of AWESOME!

Not if you are a Software Engineer it is not. It's a pain in the butt.

2
2
Mk4

Re: a crowning moment of AWESOME!

And none of the above objections to Bob notes that companies can choose to implement a safe surfing approach. No-one is asking users to be IT experts. I think the suggestion is that IT experts should be the IT experts.

5
0

Re: a crowning moment of AWESOME!

The masses should by now no longer be using PCs as a personal connected device - only used in professional/business environments properly locked down and maintained by IT. (not that that would have changed the outcome of this particular situation)

Thankfully the masses seem to have moved on as shown by the drop in PC sales over the years and prevalence of safer devices like tablets, smartphones and chromebooks.

0
5

Re: a crowning moment of AWESOME!

I think the suggestion is that IT experts should be the IT experts.

Like the ones at Webroot? ^^

(yeah, easy shot... sorry for pouring water on a drowning person)

3
0
Bronze badge
Holmes

Re: a crowning moment of AWESOME!

I barely tolerate spyware behaviour in Win. 10, because it can be disabled/blocked, but I won't tolerate malware like behaviour in application software, so SRWare Iron instead of the spyware Chrome, LibreOffice instead of Microsoft Office, Firefox instead of Edge, Avast (several false positive plugins disabled) instead of conflict of interest (Chocolatey false positives) Avira etc.!

I use NoScript, but uMatrix is also useful for protecting multiple browsers, because by default it blocks frames and other sites, and allow selective enabling/disabling of cookies, css, images, plugins, scripts, XHR (XML requests), etc. for each domain and sub-domain, in a drop-down table pane.

With some sites I even disable images, because they are not essential for the content and mostly used for annoying adverts.

I will rarely trust/use Microsoft anti-malware because it will allow their OS spyware and may add other malware like behaviour.

2
2
Bronze badge

Re: a crowning moment of AWESOME!

Often that horrible resource hog McAfee too for businesses!

0
0
Silver badge
Linux

Re: a crowning moment of AWESOME!

You forgot the most important recommendation:

Don't use Windows, PERIOD!!!!!!!

5
5
Bronze badge
Facepalm

Re: a crowning moment of AWESOME!

Other devices can be even less safe, especially when the manufacturers or providers fail to provide OS updates, or the OS is provided by spy driven businesses like Google!

I have Android devices but I seriously restrict what personal content is on them because I expect it to be vulnerable.

3
0
Silver badge

Re: a crowning moment of AWESOME!

companies can choose to implement a safe surfing approach

Only against the obvious NSFW sites. Unfortunately safer-surfing and white-listing won't protect a company from watering hole attacks, and I'd suspect that the main corporate threat is from well organised crims who won't be relying on some dumbo looking at that sort of content.

1
0
Anonymous Coward

Re: a crowning moment of AWESOME!

"Safe Surfing" works better, In My Bombastic Opinion.

Yeah, but you look weird in a full body condom, trust me.

0
0
Silver badge

Finally the truth

So they finally told the truth about 'Bloat that it is the biggest pile of malware, spyware, etc. known.

10
7
Silver badge

Second thing to make be laugh today

1st was on the beeb about lawyers seeking stays of execution for two death row inmates on the grounds of poor health.

4
10

That actually made sense

I saw the same BBC headline and was thrown by it until I read the article. Turns out that the request actually makes sense: their health problems (cardiovascular issues, diabetes, extreme obesity, etc.) mean that the sedative to knock them unconscious might not work properly, leaving them to suffer horribly during execution. Witness accounts on whether each did or not are conflicting.

5
1
Silver badge

"The timing of the file classification blunder couldn't be worse for at least one employee. Gary Hayslip was hired earlier this month as Webroot's chief information security officer, and this can't be a fun first few weeks on the job."

Ooh, I geddit - haze the new guy! Really funny, guys.

12
0
Anonymous Coward

Not sure the new CISO will G-a-F. If he's doing his job properly then he'll be a million miles from the technical activities that buggered up his company's customers. His job is to protect the information assets of Webroot (intellectual property, employee and customer data) though arguably he'll have less to protect as the existing customers go elsewhere.

0
0
Silver badge
Devil

Webrooted

Seems they haven't changed much since I last used their software.

0
0

Sounds like the anti-virus prog was working fine, getting rid of the spyware (MS windoze)

10
8
Bronze badge

Don't use MS browsers? I have a customer who says "but I like it" when referring to Internet Explorer on their windows 10 machine.

What can I do?

They're running Norton Antivirus too...

2
2
Bronze badge

Get firefox to show the IE logo and point the shortcut at it?

11
0
Anonymous Coward

They're running Norton Antivirus too...

Serious question from a habitual Norton Antivirus user who's sick of it -

What do folks recommend as a superior and safe alternative?

/ Still on Win 7 (fight the power, etc.)

// No, Linux is not the superior alternative I'm looking for

1
0
K
Silver badge

Re: They're running Norton Antivirus too...

For home use?

I recommend Sophos, they offer the full product (AV, Web Protection etc) for free to home users, including Cloud-based managed.

As the "family's PC repair man", I have the whole family on this, so I can manage everything from 1 console, including the kids and grand parents!

0
0

Re: They're running Norton Antivirus too...

Take a look at the current av tests here. I was using Avast but I got fed up of it's nagware, currently I'm using bitdefender (free)

https://www.av-test.org/en/antivirus/home-windows/windows-7/

https://www.av-comparatives.org/

0
0

Re: They're running Norton Antivirus too...

GData seems good on Windoz 7 and has 2 scanning engines. Also F secure seems to have it's a good set of software.

Avoid the others

AVG

Symantec

1
1
Silver badge

Re: They're running Norton Antivirus too...

I recommend Sophos, they offer the full product (AV, Web Protection etc) for free to home users, including Cloud-based managed.

I wondered about using them (but then, I only have one Windows desktop and it only gets used for Word/Excel type stuff) especially as I'm using what used to be called Astao Linux (now Sophos UTM - and even more amazingly, they don't appear to have broken it).

Sopfos UTM comes with built-in management for the Windows & Mac Sophos AV.

Mind you, if I think need AV on my Mac, I'd be using clamav..

0
0
Bronze badge

Re: They're running Norton Antivirus too...

I identified the offending plugins and settings in Avast and disabled them because they really aren't necessary.

0
0
Anonymous Coward

Re: They're running Norton Antivirus too...

Thank you all - time to change!

0
0
Anonymous Coward

Re: They're running Norton Antivirus too...

My advice would be to steer well away from Sophos.

They have been particularly bad with false positives causing big issues with key software. They managed to take out many of the key apps on all PCs, including their own software updater (which meant that you couldn't easily fix it as you couldn't download an updated definition file).

It had gone through 5 layers of testing which should have picked up the issue but none managed to spot the problem (let me reiterate, it borked their own software!).

After that I left them and since then they have had more issues, even towards the end of last year they killed winlogon.exe and disabled PCs. Luckily we had moved on since then.

1
0
Anonymous Coward

Re: They're running Norton Antivirus too...

F Secure have been around a long time, as has been Kaspersky, both with a rather low error count on signatures that nuke your computer's OS. That said, Kaspersky on macOS* is thoroughly disappointing so I can't really recommend it.

In addition, I recommend a rebuild every year if possible, especially Windows machines appear to accumulate the electronic equivalent of kettle fur and a rebuild speeds them up - just make sure you have all the license codes and passwords and a damn good (tested!) backup before you do it.

I'm about to do the same on macOS, but that's because it's gone weird after making installing Office 365 (client request, but that project is finished). I won't make that mistake again.

* Yes, macOS and anti-virus, I believe in facts rather than marketing.

0
0
Silver badge
Boffin

Re: They're running Norton Antivirus too...

Serious question from a habitual Norton Antivirus user who's sick of it -

What do folks recommend as a superior and safe alternative?

Well. Nothing.

Seriously. Running nothing would protect you more than Norton!

If you're looking for paid, and what IME is best overall (as of a couple of years back when I last looked), I would recommend Eset.

Free.. MS's own program wasn't too bad IME, but I found Avira and Avast better. But one of the two did a lot of advertising. Bit Defender is currently one I like as well (paid or free), largely because of how good their rescue disk was and how not-crap the rest of their system was.

I've heard good things about Trend Micro and Comodo but have never tried them. I did set up Comodo's firewall at one workplace, and the place never had a problem despite the best efforts of the retard who did most of their filing (I do not have the language to describe how bad this guy was). It was a whitelisting firewall comparable at least to Zone Alarm back then.

Overall though I recommend Eset, however it has been a while so my information may be out-dated. Part of that is based on the customer service I got from them, which was pretty good.

1
0
Bronze badge

Check Check and Check again!

0
0
Anonymous Coward

Check Check and Check again!

That sounds like Microsoft. No, wait,, that's cheque, cheque and cheque again, my bad.

:)

1
1
Gold badge

Quarantined *signed* files?

If WebRoot are aware of a way of faking a signature, perhaps they'd be willing to share this major breakthrough in cryptography that undermines the security of all e-commerce everywhere.

If not ... it is surely criminally negligent not to whitelist files that are signed by Microsoft.

6
2

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing