Forgot your password?
typodupeerror
Bug Microsoft Security Windows IT

Bad BitDefender Update Clobbers Windows PCs 150

Posted by Soulskill
from the it-actually-dispatches-a-man-with-a-bat dept.
alphadogg writes "Users of the BitDefender antivirus software started flooding the company's support forums Saturday, apparently after a faulty antivirus update caused 64-bit Windows machines to stop working. The company acknowledged the issue in a note explaining the problem. 'Due to a recent update it is possible that BitDefender detects several Windows and BitDefender files as infected with Trojan.FakeAlert.5,' the company said. The acknowledgment came after BitDefender users had logged hundreds of posts on the topic. Some complained of being unable to reboot their systems."
This discussion has been archived. No new comments can be posted.

Bad BitDefender Update Clobbers Windows PCs

Comments Filter:
  • How Appropriate (Score:5, Insightful)

    by Nemyst (1383049) on Sunday March 21, 2010 @11:58AM (#31557944) Homepage
    Valid files detected as "FakeAlert"? Wow, irony DOES go a long way.
    • by khasim (1285) <brandioch.conner@gmail.com> on Sunday March 21, 2010 @01:52PM (#31558662)

      And why hasn't the "security industry" started to validate hashes and signatures and checksums on KNOWN GOOD FILES yet?

      Seriously. Identifying the safe files is easier than identifying the infected ones.

      • by Nadaka (224565) on Sunday March 21, 2010 @02:11PM (#31558782)

        Sure.
        It is called trusted computing.
        But who is the gatekeeper of trust?
        In order to only allow "KNOWN GOOD FILES" you need a white-list.
        That means that no mere user is going to be write his own software.
        That means that small software producers are going to have to go through an arduous and prohibitively expensive vetting process in order to be white-listed.
        In practice this means that only Microsoft and its partners will be able to produce software for your pc at a reasonable price.
        This could even mean that user generated data files are not trusted and therefor not allowed, making the pc a device for consuming content.
        Perhaps the user could produce content remotely through software as a service providers, who would either charge highly or claim ownership rights to your content.

        Sounds really nice to you?

        • by stg (43177)

          It's a big step to presume that the user won't be able to just click on an Ignore button and continue. After all, that's how it works now on most security software, isn't it?

          Small software producers already have to go begging the antivirus companies to whitelist their software when it hits one of their poorly made signatures. I've seen several cases where they get some random malware with a common software protection system and suddenly any software that uses that protection system shows up as a threat (I'm

        • You've gone from "files signed by known providers should be whitelisted" to "zomg end of software freedom!" which is crazy. Having a valid signature means the file can be skipped, but not having one doesn't mean the file would necessarily be identified as bad. I agree with the OP - why the hell isn't BitDefender whitelisting files signed with known good keys? Surely that's one of the first things a virus scanner should implement?
        • Re: (Score:3, Informative)

          by drsmithy (35869)

          Sounds really nice to you?

          Sounds like paranoia to me.

        • There are a finite number of windows XP patch levels, and thus a very limited set of system file signatures. They dont need whitelists on 3rd party stuff.
      • Re: (Score:3, Insightful)

        by 1s44c (552956)

        And why hasn't the "security industry" started to validate hashes and signatures and checksums on KNOWN GOOD FILES yet?

        It's a good question but a better one would be 'Why do virus scanners have to exist at all?'

        It's deeply sick to have to check all files against a huge list of checksums of magic incantations. It's better, but still not good to keep a list of checksums of files that don't contain magic windows-trashing incantations. The real solution is to not use a OS that is so easy to subvert.

        • Yes, but the abacus isn't a very practical computing device.
          • Re: (Score:2, Insightful)

            by 1s44c (552956)

            Yes, but the abacus isn't a very practical computing device.

            There are any number of other computing devices that don't get viruses and are not abacuses. Linux is just one of these.

            • LOL. Go preach that junk to a college kid. They might buy it. Outside of not running by admin as default (which has been on MS OS's for like 5 years now so get with the times) is the user based is culled by default.

              If your typical dumbass uncle was running Linux and installing crap, their computer would be infested too. Well, except for the crap that nothing he wants to install actually runs on Linux.
              • by 1s44c (552956)

                LOL. Go preach that junk to a college kid. They might buy it. Outside of not running by admin as default (which has been on MS OS's for like 5 years now so get with the times) is the user based is culled by default.

                If your typical dumbass uncle was running Linux and installing crap, their computer would be infested too. Well, except for the crap that nothing he wants to install actually runs on Linux.

                Who ever said running as admin was the problem here? Running a web browser or email client as a non-admin user doesn't make the virus problem go away.

                You should look at the software packages that come with ubuntu, there is software for everything. Just about anything my uncle would want to do can be catered for by software that can be downloaded by ubuntu's tools without messing around manually downloading stuff and without having to get out a credit card.

            • by drsmithy (35869)

              There are any number of other computing devices that don't get viruses and are not abacuses. Linux is just one of these.

              Can you name a single, unique, technical aspect of Linux that prevents viruses or other forms of malicious code ?

            • Oh so Linux is more secure? Want an example that shows how Linux is actually less secure when put into the paws of the average clueless Joe Randomuser?

              Please forgive for the crudeness of the example, I hashed it out in a minute or two. I could polish it, but I think it'll do.

              Scenario: Joe Randomuser uses his computer and gets an email. From: Bank. Subject: Must verify account Body: We noticed that your account might have been hijacked, please read the enclosed document and act accordingly or your account h

              • by 1s44c (552956)

                Oh so Linux is more secure?

                I avoided saying that. I also didn't mention security in general, the discussion was about viruses in particular.

                Forget Linux and Unix for a moment. What about VMS, OS/390, or Nokia OS ? You can't tell me there are not a very large number of devices running Nokia OS that run all day every day. How come these devices are not crawling with viruses? They are general purpose computing devices too, all the weird and wonderful software these things can run proves that.

                • Re: (Score:3, Insightful)

                  by Opportunist (166417)

                  It's simply a matter of a number of targets.

                  As you know, software has to be written once, no matter if it is then supposed to run on one or a million devices. Writing malware for VMS or OS/390 is pretty much pointless, since these machines are rarely found in the hands of inapt administrators/users, and even less likely in the homes of anyone who isn't at least to some degree quite geeky. You simply get the best penetration with an OS that has the largest userbase.

                  And yes, mobile phones do have a sizable pe

                  • by 1s44c (552956)

                    It's simply a matter of a number of targets.

                    That's a common argument. However there are around the same number of Nokia phones on at any one time as there are Windows OS's running. It fails to explain why Nokia viruses are not everywhere.

                    • Did you read the whole comment or just that line?

                      It's compatibility and ability to get "deep" enough in the system. Read my previous comment, the one you commented, again and ask again, please.

        • If there were sufficient motivation, people would write scripts to wget ubuntu rootkits and sudo make install them, and it would be posted to an ubuntu wiki, and thousands of people would end up on the ubuntuforums compliaining about viruses and how they thought ubuntu was immune.

          This keeps coming up on slashdot, linux is not some magical barrier to viruses. Windows has its share of blame for crappy security, but many viruses are from users downloading stuff-- and the ones that ARENT (ie, most of them n
        • Care to tell me of one? Hint: "Linux" is the wrong answer.

          Any OS is easy to subvert and hijack as long as the user grants root/admin/whatevertheheadhonchoiscalled access to any moronic program that zips about and refuses to run without. It's called the Dancing pig problem [wikipedia.org]. While I can agree that it is exceptionally bad in Windows, where programs like games routinely require admin privileges to install (and quite often to run, too), this is not to blame on the OS itself. You could get the same kind of crappy

      • Of course. Well, in theory.

        'tween you'n me... we do that already. Whitelisting is pretty much the ONLY way how contemporary scanners can be halfway decently fast. But those guys that make the other software are really, really spitting in our soup. They dare to launch updates for their software without notifying us. They just do, imagine, what cheek! And then they go and ram that up our ass... well, up our customer's ass and we don't know about it. Now, as you may imagine, especially system files and here es

  • by Jorl17 (1716772)
    PWN.
  • They could have claimed it was all a part of a mock cyber-attack! Oh joy!
    • Or maybe... (Score:5, Funny)

      by Hansele (579672) * on Sunday March 21, 2010 @12:14PM (#31558036)
      Or maybe they should have put up a payment screen on their site, "We're sorry, your antivirus subscription has expired. To prevent your computer from being exposed to malware and virii, we have taken the proactive step of disabling your computer until you have made payment. For the low renewal fee plus a small reactivation fee of $199, we will be happy to walk you through the re-enablement process. Have a nice secure day!"
      • Using PayPal of course.
      • Re: (Score:2, Informative)

        by Anonymous Coward
        Viruses. Virii is fake latinization and incorrect.
        • by shentino (1139071)

          What about cactus -> cactii?

          Same pattern.

          Is it

          ( ) Virus doesn't follow the pattern
          ( ) Virii is correct
          ( ) Cactii is wrong

          • well, cactii is definitely wrong, its cacti. virus does follow a pattern, just a different pattern than cactus, due to differing latin roots.

            • According to a quick bit of research, the latin "virus" that is the root is declined in singular only [wiktionary.org], so you would presumably use the singular always. There IS a "vir" which is declined to "viri" (long i) in the plural, however that refers to "man", so is totally unrelated. Regardless, the word we use today is an english word with a different meaning, so regardless of how the base word was originally declined, it is not done that way in english. We do not tack on endings to "faithful" as we would to "fi
          • Re:Or maybe... (Score:5, Informative)

            by vbraga (228124) on Sunday March 21, 2010 @01:28PM (#31558510) Journal

            Not a native speaker, but from alt.usage.english FAQ [archive.org]:

            Not all Latin words ending in "-us" had plurals in "-i". "Apparatus", "cantus", "coitus", "hiatus", "impetus", "Jesus", "nexus", "plexus", "prospectus", and "status" were 4th declension in Latin, and had plurals in "-us" with a long "u". "Corpus", "genus", and "opus" were 3rd declension, with plurals "corpora", "genera", and "opera". "Virus" is not attested in the plural in Latin, and is of a rare form (2nd declension neuter in -us) that makes it debatable what the Latin plural would have been; the only plural in English is "viruses". "Omnibus" and "rebus" were not nominative nouns in Latin. "Ignoramus" was not a noun in Latin.

            Emphasis mine.

            • by selven (1556643)

              Simpler explanation: Latin plurals ending in -ii (eg. filii, anything ending in -arii, nuntii) come from singulars ending in -ius, so the -us -> -i 2nd declension plural rule still holds. "virii", if it exists, can only be a plural of "virius".

          • http://en.wikipedia.org/wiki/Plural_form_of_words_ending_in_-us [wikipedia.org]

            The English plural of "virus" is "viruses"[1].

            Mass noun in Latin

            Virus comes to English from Latin. The Latin word vrus (the indicates a long i) means "poison; venom", denoting the venom of a snake. This Latin word is probably related to the Greek (ios) meaning "venom" or "rust" and the Sanskrit word visham meaning "toxic, poison".[2]

            Since vrus in antiquity denoted something uncountable, it was a mass noun. Mass nouns — such as
          • by MrMr (219533)
            Virus is probably fourth declension, and thus has a -us in the plural as well:
            http://en.wikipedia.org/wiki/Latin_declension#Fourth_declension_.28u.29 [wikipedia.org]
            unlike the better known second declension nouns that floow thus -us->-i rule:
            http://en.wikipedia.org/wiki/Latin_declension#Second_declension_.28o.29 [wikipedia.org]
        • by sjames (1099)

          Great! Now we have grammar nazis in multiple languages.

        • Re: (Score:3, Insightful)

          by adolf (21054)

          It's not fake Latin, or incorrect. It's English, which is my language. I'll use it any fucking way I want to.

          Thanks!

          • You can do that, but that doesn't make it correct usage. The way languages work is that they have certain "correct" spellings and grammar; youre free to ignore them, but you will be incorrect in doing so.

            Disclaimer: I make no claim to the correctness or lack thereof within this post.
            • by adolf (21054)

              Are we speaking Latin right now?

              No.

              We're using English. To hell with "correct" parlance in terms of any foreign and/or dead language. English is based on several different languages, including Latin, and bastardizes huge parts of all of them. Latin should not be exceptional in its retained purity.

              "Virii," if it suits you. "Viruses" if it does not. "More then one virus" if you can't decide, though such phraseology reeks of superfluous verbosity.

              Your version of "correct" and my version of "correct" are n

              • You missed the point. We arent speaking latin, so latin rules do not apply, the english ones do. You are certainly free to mismatch your subject and verb tenses, but to try to claim it is correct is silly. Likewise you are free to give "virus" an inappropriate ending, but anyone with authority on the subject will call it incorrect.

                This isnt a subjective thing, there is a right and a wrong when it comes to english syntax and word construction.
  • by Hansele (579672) * on Sunday March 21, 2010 @12:07PM (#31558000)
    Its a new security paradigm. The newly locked down computer will not run anything, and therefore no virii, malware, bots, or solitaire, will run. Truly they've created the "most secure antivirus ever".
    • Re: (Score:3, Funny)

      by Anonymous Coward

      Who has the most secure OS now? Take THAT Linux and Mac fanboys!

      • Re: (Score:3, Funny)

        by Aphoxema (1088507) *

        Who has the most secure OS now? Take THAT Linux and Mac fanboys!

        Ouch. I feel so... insecure now!

        • Re: (Score:2, Funny)

          by Anonymous Coward
          Don"t worry.I"m sure one of the Mac users won't mind holding you in a comforting embrace.
    • FTLOG, virii [wikipedia.org] is not [wsu.edu] a word [encycloped...matica.com].
  • FTA: "Some complained of being unable to reboot their systems."
  • This actually happened to me, at first I couldn't log in with my password, had to use Bart's PE disc to reset that, then I couldn't get any icons on my desktop of use the start button, then just a black screen, I thought I had a virus for real, so I reformatted , this was yesterday, wish I could have seen this but I don't know how they would have reversed it anyway.
    • by hairyfeet (841228) <bassbeast1968@@@gmail...com> on Sunday March 21, 2010 @12:50PM (#31558268) Journal

      That is why I use and would recommend Comodo Time Machine [comodo.com] as it gives you a nice little screen before boot where you just hit the home key and can restore your machine from snapshot before the little boo boo. And if the Bitdefender burn has turned you off of them I would try Comodo AV/Firewall [comodo.com] from the same company. Both are free, no nags or need to register, and I have been running it on both 32 and 64 bit XP and Windows 7.

      Note-not affiliated with the company, just a humble PC repairman that has tried just about every AV and security software out there and found Comodo to be the best all around. I have been running them on XP X64 for a couple of years now and never had any show stoppers like this. In fact the only problem I've ever seen with a Comodo product is you can't run Time Machine in a dual boot with Windows 7 and XP because 7 changes drive letters, but even then there wasn't any hangup or problems, it simply wouldn't install.

      But if your machine is running a single OS Time Machine can keep problems like TFA from happening. I have had family members bork their machines beyond booting and with Time Machine I was able to walk them through restoring from snapshot in under 15 minutes. hell of a lot better than a multi-hour reinstall.

      • Re: (Score:2, Interesting)

        by Threni (635302)

        I only run Windows software in a VM these days - all the stuff I want to be fast, stable, secure and safe I do under Ubuntu. Windows 7/xp both work fine under the free VM Player. None of this malware crap for me, thanks.

      • by Blakey Rat (99501)

        What does Time Machine do different than System Restore?

        I'm wagering (not 100% sure) that System Restore would also have been able to repair the parent's issue, it sounds like he didn't bother to try it before reformatting. But it definitely can replace lost system DLL files.

        • Allows you to boot into Time Machine if Windows is so hosed that you cannot get to System Restore? Sounds like GoBack.

        • by Bungie (192858)

          System Restore saves incremental snapshots of the system files to subdirectories in the SystemVolumeInformation folder on your hard disk. It doesn't do the whole drive, and usually has a limited number of snapshots which you can use. Most of these time machine style progtams take snapshots of the entire drive and back it up to a separate partition or drive. They usually give you more control over what can be restored and what times you can restore from. Usually you can also run restores by booting a CD or f

      • by DesScorp (410532)

        " That is why I use and would recommend Comodo Time Machine "

        This is why I would recommend a Mac, or at least something other than Windows. The anti-malware that you have to use on Windows is sometimes almost as bad as the malware itself.

        Windows, in and of itself, has become a stable, useful operating system. It's come a long way from the unstable 9X days, and truthfully, in some ways its easier to use than OS X. Were it not for the security issue, I might still be running Windows at home. But the cost in

        • Yet for some reason I have friends asking what Mac AV to use, which means shortly they will be running crappy, poorly written antivirus software as well. The OS isnt really any kind of protection against this, what kind of crazy world is this where technical people are blaming the OS for what a low-level piece of software managed to do to it?
  • by FudRucker (866063) on Sunday March 21, 2010 @12:19PM (#31558082)
    you would think they would at least test updates on a few different systems (including the 64 bit systems) before releasing it to customers
    • Re: (Score:3, Funny)

      by Anonymous Coward

      Let me answer in the manner of a hammer legion member poster on a Steam forum:

      Wrks fine 4 me. Must b ur computer. loL!! Time 2 upgrade.

    • Re: (Score:1, Interesting)

      by Anonymous Coward

      It's not that simple in reality. Obviously you can test RTM, service packs, etc, but system files can also be updated in individual security patches. It's simply not feasible to test every single security patch for every single supported system and platform, at least not if you want timely definition updates. Perhaps in the future Microsoft could make all released binaries available for AV vendors to regression test against.

      • by Abcd1234 (188840)

        It's not that simple in reality. Obviously you can test RTM, service packs, etc, but system files can also be updated in individual security patches. It's simply not feasible to test every single security patch for every single supported system and platform, at least not if you want timely definition updates

        An excellent point, and if only a small number of users were affected, it may be relevant. Unfortunately, at least based on the article and the volume of reports, all you need is a run-of-the-mill 64-bi

    • This seems to be a semi-common issue. One place I kill time at uses Trend Micro on a couple of machines, and two updates within the past eight months have broken networking in funky ways that made updating impossible until workarounds were determined.

    • It's one of those "shit happens" things.

      AV signatures get updated at the very least twice a day. In some companies, the (internal) updatecycle is 3-4 hours. And not all of them have the manpower of Kaspersky. The whole signatures-packaging is often a job for one or two people. Sure, 99% of it is automated, but that's also one of the reasons why something like this can happen.

      One good reason for something like this happening is what I like to call the "race for a First". Being the first to detect something.

  • by linzeal (197905)
    Quick, someone send Microsoft a 64 bit version of Vista and Windows 7.
    • I dare say they already have copies... and they are probably running windows security essentials Joke = fail
    • Re: (Score:3, Insightful)

      by Aphoxema (1088507) *

      Quick, someone send Microsoft a 64 bit version of Vista and Windows 7.

      BitDefender and Windows Defender are two different things.

    • by Blakey Rat (99501)

      Look, I know this is Slashdot and we like bashing Microsoft but... what the hell?

      Don't you mean, "sent BitDefender a 64-bit version of Vista and Windows 7?" Or are you making a joke going way over my head?

      What does Microsoft have to do with a bug in BitDefender?

      • by Teun (17872)

        What does Microsoft have to do with a bug in BitDefender?

        The reason d'etre for BitDefender = Microsoft...

  • by Anonymous Coward on Sunday March 21, 2010 @12:32PM (#31558154)

    Anticlobber software. To protect your computer against misbehaving antivirus software.

  • Nothing new (Score:1, Redundant)

    by 0123456 (636235)

    I remember a few years ago that an update to the compulsory antivirus software on some of our PCs at work went ahead and deleted some important Windows system files if you had it configured to auto-scan the disk; mine wasn't so I was able to disable it before losing the files, but anyone who let it run overnight came into work to find a dead PC waiting for them.

  • by runward (1772390) on Sunday March 21, 2010 @12:45PM (#31558232)

    This happened to me, too... bitdefender would flag nearly any file, and it first flagged a file that I had just updated, so I was genuinely concerned. The next file is flagged, however, was usbstor.sys, so I knew the AV was probably wrong.

    Some people were running virus scans... tens of thousands of false detection, and all of the files were quarantined or deleted... it was a really bad situation for many. I'm not sure how non-technical users fared.

    I use bitdefender on my computer only - I like the aggressive detection capabilities and reporting options. However, no one else in my house wants to know what their AV is doing - they just want it to work - and bitdefender is probably the worst option for them.

  • Another Antivirus software package (COMODO) has caused problems of this nature for me at work - it updated, asked to reboot and on rebooting we were just presented with a black screen, the desktop wouldn't load. Fortunately we were able to reboot into safe mode and just uninstall it until there was an update issued, but it was still part of a morning lost... While it's impossible to test every configuration ever, I'd have thought that something that would affect EVERY system in an office using this softwar
    • by pe1chl (90186)

      Interestingly enough, even companies that test every software update before rolling it out on their network often pass virusscanner database updates untested.
      This means they are at constant risk of disabling their entire computer network due to a mistake of the virusscanner maker.

    • There was another definition update for Comodo Antivirus (around the middle of last year, I think) that caused the CPU to peg at 100% usage on Windows XP 32-bit and possibly other versions of Windows.

  • It never ceases to amaze me how much Windows users will endure.. Perhaps they are masochists and enjoy the pain of having their system occasionally rendered useless.. Living a life full of worry that their machine is an accidental click away from hours of removing crap from their system, followed by weeks of wondering whether or not they got all the cancer out.. Perhaps they enjoy the challenge of constantly defending themselves.. Proving that the are SMARTER than the other masochists that get burned.. Keep
    • by Blakey Rat (99501)

      How is this Windows' fault exactly? Third-party makes an anti-virus program, third-party doesn't bother to test an update, anti-virus breaks Windows.

      Lessee, the *user* bought the program. The *user* installed it with Admin permissions. The *third-party* put in a buggy update.

      But you're blaming the OS somehow?

  • by FoolishOwl (1698506) on Sunday March 21, 2010 @03:58PM (#31559570) Journal

    One of the things that precipitated my move to Linux was the way Kaspersky -- at the time, the top-rated security suite -- was shutting down my LAN. There were lots of posts on the official forums complaining about the problem, a handful of useless responses from users guessing at which part of the suite might be the source of the problem, and about which of the undocumented menu options might disable that part of the suite, and one short, incomprehensible message from one of the developers, suggesting they were looking into the problem, from several months before.

    My experience with security software for Windows is that they bog down the operating system, disable basic features of the operating system without warning, and cause frequent crashes -- the very problems that they warn malicious software may cause. Simply put, malicious software *may* cause problems for Windows, but most third-party security software *will*.

    To Microsoft's credit, they finally sealed some of the fundamental security holes with Vista and Windows 7, and they offer a decent security suite for free, so there's really no longer any reason to buy one of these wretched third-party security suites.

    On the whole, though, you'll still get better security by switching to Linux, or at least Mac OS X.

  • Windows IS the virus.

Programmers do it bit by bit.

Working...