Wow. Some corporates use Webroot?
'Webroot made my PCs s*** the bed' – AV update borks biz machines hard
Anti-malware firm Webroot has apologized after an update pushed out this week borked computers at unlucky companies, leaving the PCs unbootable. El Reg learned of the issue through reader Andrew, who reported that the Webroot 9.0.15.43 update for enterprises has "shit the bed," creating all sorts of problems on corporate …
COMMENTS
-
-
Saturday 4th February 2017 14:57 GMT cyberdemon
Some people still use Anti Virus?
Seriously - if you're a user, just don't run suspicious files, don't browse dodgy websites, and make sure all your important data exists somewhere that is NOT accessible to your computer on a regular basis. If you DO find yourself in need of browsing dodgy websites (for whatever reason) then make sure you are using a whitelist script/flash blocker, or a virtual machine. And if you don't understand how to do that, you'd best get a clue before going anywhere near said dodgy websites.
And if you're a business - don't give users sufficient privileges to cause any damage unless they thoroughly understand the above and are prepared to take responsibility for it!
Antivirus programs IN GENERAL should be considered harmful. The entire AV industry/culture needs to die. At best it lulls users into a false sense of security - (NO antivirus software can ever be perfect, so no matter what super duper AV you bought, you are still vulnerable.) and at worst, it's just a racket. (Users should NOT be trained to trust anything that calls itself an anti-virus program!)
So-called "real-time" or "on-access" antivirus is essentially installing a rootkit on your machine, interrupting the basic system calls that programs rely on e.g. fopen() and replacing them with their own (in this case buggy) code. THIS IS EXACTLY WHAT THE WORST VIRUSES DO, and it's the reason why antivirus software slows down your machine, and why if you have more than one AV software installed, it causes a world of grief, because they are both trying to usurp the same syscalls.
The only "anti-virus" that I ever use is Clam, which is the traditional "scanner" type which just recursively traverses directories and looks at files one by one - it's handy for sanitising backups of machines I don't trust, or screening suspicious files.
-
Tuesday 28th February 2017 17:38 GMT Anonymous Coward
Re: Some people still use Anti Virus?
Yes some people use antivirus, especially with behavior blockers and / or whitelisting. Users are not all f'g experts and want to use their machines for actual work and not piss about in the engine room forever. We therefore give our money to the likes of Webroot who tend to normally do a pretty decent job of keeping us safe.
-
-
-
This post has been deleted by its author
-
-
Thursday 2nd February 2017 23:44 GMT _Absinthe_
Re: Some UK companies have 130 overseas installs?
Quite a few of my customers at work have a decent number of overseas locations, but each location only has a handful of users, so having onsite IT resource at any of them doesn't make sense. I have one customer with about 300 overseas users I think it was, but they're split across about 25+ sites; they only have a (part-time) local IT presence on 2 of those sites as the user count at the rest simply doesn't justify it. A somewhat strange business model which I'll admit I don't understand, but that's probably why I'm the techie, not the commercial guy in the equation :)
-
-
Friday 3rd February 2017 10:41 GMT Halfmad
Re: "where we don't have any IT staff."
Yeah but, who REALLY needs IT staff right? Oh right well until you REALLY need them that is and remember they no longer work for you.
Sounds like they had zero contingency plans in place for this, so those 130 staff can put their feet up - bet that's not costing them much.
-
-
Thursday 2nd February 2017 22:48 GMT Anonymous Coward
We have somewhere between hundreds and a thousand machines affected, but we don't know how many in each site, yet. Oddly we don't get BSOD, we just can't log in... not regular users, not domain admins, not local admins. There is a fix... but that requires intervention at the PC, and with machines at more than a hundred sites, that's going to take our techs a while...
-
Thursday 2nd February 2017 23:27 GMT David 132
There is a fix... but that requires intervention at the PC, and with machines at more than a hundred sites, that's going to take our techs a while...
AC, you might want to take a(-nother) look at Intel vPro, if your machines are suitably equipped. Once you switch on the AMT hardware management, it gives you over-the-network power/boot control and a hardware-based VNC server - really useful for this type of scenario, because it pretty much means that you can do anything to a PC remotely that you'd do to it locally (well, OK, apart from upgrading/replacing hardware).
Something like this then becomes a case of selecting the collection of target machines in SCCM then using AMT to take control of the machines or boot them from a patching ISO, even if they won't boot or log into Windows.
-
-
Thursday 2nd February 2017 23:28 GMT Anonymous Coward
Doesn't anyone test?
I know that in many enterprise situations the whole IT department has been put into a degraded state. As in: you want a test park but the beancounters in control over the budget don't deem this necessary. However, I also don't think it's fully the beancounters fault either. How many IT'ers step up to them after an incident like this to tell them exactly how this could have been avoided? Pretty sure that the costs for a test environment outweigh the costs of total downtime.
Even so... Enterprise, in my book (but I'm probably old school), means not taking any unnecessary risks. So most definitely NOT performing blind updates like this. First onto a test environment, then a controlled roll out. So yeah, I am surprised to read how many this hiccup affected.
-
-
Friday 3rd February 2017 13:58 GMT Anonymous Coward
Re: Doesn't anyone test?
There is always that one company that runs something the others don't. Maybe they have a different infrastructure, or run Netware/notes instead of AD/Outlook, or they have some strange setting their unusual IT guy likes.
I also remember when this happened to McAfee, that one was nasty, according to people I know on the ground.
Also, I agree with the beancounters and would add people that don't even look when they sign off on an item. I know of a DB that was nuked because everyone approved a query but did not read the query, as it had a delete line at the end.
-
-
Friday 3rd February 2017 18:15 GMT Mpeler
Re: Doesn't anyone test?
Uninitialised variable? (time-dishonored failure).....
Ahhh, the days of desk-checking are long since gone. Where's John McAfee when we need him (and not that piece of Pferde-Merde that now bears his name)..... and, yep, I know this is CorpAV.....
Paris is checking desks right now.....
-
Friday 3rd February 2017 19:21 GMT HurdImpropriety
Re: Doesn't anyone test? Agile sux
Oh here we go..."Doesn't anyone test?" Yeah because thanks to Agile software "development" and micromanaged and miniaturized time schedules, software doesn't get tested the way it should with the proper bake time. Please don't try to justify Agile either... that is why medical companies, NASA, automotive, you name it companies where lives actually count on the software to perform properly DO NOT USE Agile. Get it?
-
-
-
Friday 3rd February 2017 14:47 GMT Anonymous Coward
Re: one of the reasons I don't let AV near a server
Restore from backup, selective restore of data. Job done.
Had to do this regularly due to backup verification work at a previous job, all servers had to have a bare metal restore every 90 days, it became one of the less stressful parts of the job even getting AD working on a little network between the various DCs in our test bay when they were restored.
But getting to that stage requires management to give you time and resources - something many companies don't want to do.
-
-
Friday 3rd February 2017 19:30 GMT rmstock
LinkFixer Advanced - AutoDesk[tm]
The Windows Root based community decided to earn some extra cash through some Hegelian dialectic based process on the Windows server based platform. Thats a bad omen, which might foretell that also the Windows 10 installed base is lacking in numbers and revenue. A good Administrator does a clean reinstall and only adds needed data afterwards .. A lot of fancy AV software nowadays pretend to also guard against CyberSecurity Identify Theft, Foreign and Domestic. Strange to see that on my Linux laptop, when playing YouTube Videos, Adds pop-up like `install the right Win32 driver' and why don't you install `LinkFixer Advanced' here : http://s29.postimg.org/bnu8j4r7b/Link_Fixer_Advanced.png
-
Monday 6th February 2017 18:25 GMT steve 124
ouch
Been using this for 4 years now on our network and this is the first problem we've encountered. Despite the rhetoric above, we've been amazed at how well this product works, but it definitely screwed up at least 3 of our machines last week. I was very disappointed to find out WR was the cause because it has seriously cut out almost all our cleanup issues since deployment. I certainly hope WR QA gets it together and makes sure this NEVER happens again. If this had been a server bsod I'd be seriously miffed. As it was, we spent about 4 hours fixing 3 machines and were done (at least as far as I know).
what a CF though, right?