Bad BitDefender Update Clobbers Windows PCs

alphadogg writes "Users of the BitDefender antivirus software started flooding the company's support forums Saturday, apparently after a faulty antivirus update caused 64-bit Windows machines to stop working. The company acknowledged the issue in a note explaining the problem. 'Due to a recent update it is possible that BitDefender detects several Windows and BitDefender files as infected with Trojan.FakeAlert.5,' the company said. The acknowledgment came after BitDefender users had logged hundreds of posts on the topic. Some complained of being unable to reboot their systems."

How Appropriate

[Nemyst]

Valid files detected as "FakeAlert"? Wow, irony DOES go a long way.

what incompetent boobs

[FudRucker]

you would think they would at least test updates on a few different systems (including the 64 bit systems) before releasing it to customers

Re:Quick

[Aphoxema]

Quick, someone send Microsoft a 64 bit version of Vista and Windows 7.

BitDefender and Windows Defender are two different things.

Re:Update Filter / Schedule

[GIL_Dude]

Well, you really don't need a 3rd party security application to make your machine secure. We just saw the other day http://ask.slashdot.org/story/10/03/18/1831246/What-Free-Antivirus-Do-You-Install-On-Windows [slashdot.org] that many people have good things to say about MS Security Essentials as an anti-virus program. As advanced users, we also all know what the weak link is: end users who click on and run any old thing. Honestly, take a modern version of Windows (Vista or Windows 7) and the out of box (and on by default) firewall coupled with the automatic "run programs as a standard user even if you are an administrator" (UAC) and Windows itself isn't "insecure" like it was in the days of Windows XP. This is why current attacks are mostly social engineering / trojan ("run this for free stuff!" or "enter your password here"), or instead application level attacks (Adobe Reader, IE, Firefox). Gone are the days of the Blaster type "you are owned if your machine is just on the network" attacks. Even the most recent SMBv2 vulnerability and subsequent attacks required that you modified your default firewall settings to allow serving files from your machine.

There really isn't a need for a 3rd party product here and the major ones (McAfee, Symantec, etc.) slow your machine and act like malware themselves.

If anything, user education about what they should trust and what they can safely run goes much farther than anti-virus or anti-malware can.

How many times does this happen?

[khasim]

And why hasn't the "security industry" started to validate hashes and signatures and checksums on KNOWN GOOD FILES yet?

Seriously. Identifying the safe files is easier than identifying the infected ones.

Re:How many times does this happen?

[1s44c]

And why hasn't the "security industry" started to validate hashes and signatures and checksums on KNOWN GOOD FILES yet?

It's a good question but a better one would be 'Why do virus scanners have to exist at all?'

It's deeply sick to have to check all files against a huge list of checksums of magic incantations. It's better, but still not good to keep a list of checksums of files that don't contain magic windows-trashing incantations. The real solution is to not use a OS that is so easy to subvert.

The cure is worse than the disease

[FoolishOwl]

One of the things that precipitated my move to Linux was the way Kaspersky -- at the time, the top-rated security suite -- was shutting down my LAN. There were lots of posts on the official forums complaining about the problem, a handful of useless responses from users guessing at which part of the suite might be the source of the problem, and about which of the undocumented menu options might disable that part of the suite, and one short, incomprehensible message from one of the developers, suggesting they were looking into the problem, from several months before.

My experience with security software for Windows is that they bog down the operating system, disable basic features of the operating system without warning, and cause frequent crashes -- the very problems that they warn malicious software may cause. Simply put, malicious software *may* cause problems for Windows, but most third-party security software *will*.

To Microsoft's credit, they finally sealed some of the fundamental security holes with Vista and Windows 7, and they offer a decent security suite for free, so there's really no longer any reason to buy one of these wretched third-party security suites.

On the whole, though, you'll still get better security by switching to Linux, or at least Mac OS X.

Re:How many times does this happen?

[1s44c]

Yes, but the abacus isn't a very practical computing device.

There are any number of other computing devices that don't get viruses and are not abacuses. Linux is just one of these.

Re:Or maybe...

[adolf]

It's not fake Latin, or incorrect. It's English, which is my language. I'll use it any fucking way I want to.

Thanks!

Re:How many times does this happen?

[Opportunist]

It's simply a matter of a number of targets.

As you know, software has to be written once, no matter if it is then supposed to run on one or a million devices. Writing malware for VMS or OS/390 is pretty much pointless, since these machines are rarely found in the hands of inapt administrators/users, and even less likely in the homes of anyone who isn't at least to some degree quite geeky. You simply get the best penetration with an OS that has the largest userbase.

And yes, mobile phones do have a sizable penetration by now, but they are still mostly used for their original purpose: Making phone calls. And if you ever tried to develop for mobiles, you will have noticed that you neither get easy access to the more interesting parts of the device (which isn't really necessary either because, well, there aren't so many options to choose from, it's not like you have to install drivers for that new graphics card you just decided to plug into your Nokia phone) and that writing portable software, i.e. software that runs on more than a single specific model, means that you have to do without pretty much any low level access at all. Thus, again, the amount of machines you could infect with a possible trojan is simply insignificantly small, since the market itself is segregated way too much.

The reason why Windows has been and still is a main target for malware is simply that it has to provide the ability to tie low level drivers into the system (simply because the hardware setup options are near limitless) and that it also has a very sizable userbase and market share. If you take these two factors into account, it makes no sense to write malware for any other system if your goal is the infection of as many devices as possible.