Bad BitDefender Update Clobbers Windows PCs

alphadogg writes "Users of the BitDefender antivirus software started flooding the company's support forums Saturday, apparently after a faulty antivirus update caused 64-bit Windows machines to stop working. The company acknowledged the issue in a note explaining the problem. 'Due to a recent update it is possible that BitDefender detects several Windows and BitDefender files as infected with Trojan.FakeAlert.5,' the company said. The acknowledgment came after BitDefender users had logged hundreds of posts on the topic. Some complained of being unable to reboot their systems."

How Appropriate

[Nemyst]

Valid files detected as "FakeAlert"? Wow, irony DOES go a long way.

How many times does this happen?

[khasim]

And why hasn't the "security industry" started to validate hashes and signatures and checksums on KNOWN GOOD FILES yet?

Seriously. Identifying the safe files is easier than identifying the infected ones.

Re:How many times does this happen?

[Nadaka]

Sure.
It is called trusted computing.
But who is the gatekeeper of trust?
In order to only allow "KNOWN GOOD FILES" you need a white-list.
That means that no mere user is going to be write his own software.
That means that small software producers are going to have to go through an arduous and prohibitively expensive vetting process in order to be white-listed.
In practice this means that only Microsoft and its partners will be able to produce software for your pc at a reasonable price.
This could even mean that user generated data files are not trusted and therefor not allowed, making the pc a device for consuming content.
Perhaps the user could produce content remotely through software as a service providers, who would either charge highly or claim ownership rights to your content.

Sounds really nice to you?

Re:

[stg]

It's a big step to presume that the user won't be able to just click on an Ignore button and continue. After all, that's how it works now on most security software, isn't it?

Small software producers already have to go begging the antivirus companies to whitelist their software when it hits one of their poorly made signatures. I've seen several cases where they get some random malware with a common software protection system and suddenly any software that uses that protection system shows up as a threat (I'm

Re:

[IamTheRealMike]

You've gone from "files signed by known providers should be whitelisted" to "zomg end of software freedom!" which is crazy. Having a valid signature means the file can be skipped, but not having one doesn't mean the file would necessarily be identified as bad. I agree with the OP - why the hell isn't BitDefender whitelisting files signed with known good keys? Surely that's one of the first things a virus scanner should implement?

Re:

[drsmithy]

Sounds really nice to you?

Sounds like paranoia to me.

Re:

[LordLimecat]

There are a finite number of windows XP patch levels, and thus a very limited set of system file signatures. They dont need whitelists on 3rd party stuff.

Re:

[1s44c]

And why hasn't the "security industry" started to validate hashes and signatures and checksums on KNOWN GOOD FILES yet?

It's a good question but a better one would be 'Why do virus scanners have to exist at all?'

It's deeply sick to have to check all files against a huge list of checksums of magic incantations. It's better, but still not good to keep a list of checksums of files that don't contain magic windows-trashing incantations. The real solution is to not use a OS that is so easy to subvert.

Re:

[Liquidrage]

Yes, but the abacus isn't a very practical computing device.

Re:

[1s44c]

Yes, but the abacus isn't a very practical computing device.

There are any number of other computing devices that don't get viruses and are not abacuses. Linux is just one of these.

Re:

[Liquidrage]

LOL. Go preach that junk to a college kid. They might buy it. Outside of not running by admin as default (which has been on MS OS's for like 5 years now so get with the times) is the user based is culled by default.

If your typical dumbass uncle was running Linux and installing crap, their computer would be infested too. Well, except for the crap that nothing he wants to install actually runs on Linux.

Re:

[1s44c]

LOL. Go preach that junk to a college kid. They might buy it. Outside of not running by admin as default (which has been on MS OS's for like 5 years now so get with the times) is the user based is culled by default.

If your typical dumbass uncle was running Linux and installing crap, their computer would be infested too. Well, except for the crap that nothing he wants to install actually runs on Linux.

Who ever said running as admin was the problem here? Running a web browser or email client as a non-admin user doesn't make the virus problem go away.

You should look at the software packages that come with ubuntu, there is software for everything. Just about anything my uncle would want to do can be catered for by software that can be downloaded by ubuntu's tools without messing around manually downloading stuff and without having to get out a credit card.

Re:

[sqlrob]

Much easier to clean != goes away.

A bot is a bot, regardless of privilege. And it doesn't matter how easy it is to clean if the user isn't looking.

Re:

[drsmithy]

There are any number of other computing devices that don't get viruses and are not abacuses. Linux is just one of these.

Can you name a single, unique, technical aspect of Linux that prevents viruses or other forms of malicious code ?

Re:

[Opportunist]

Oh so Linux is more secure? Want an example that shows how Linux is actually less secure when put into the paws of the average clueless Joe Randomuser?

Please forgive for the crudeness of the example, I hashed it out in a minute or two. I could polish it, but I think it'll do.

Scenario: Joe Randomuser uses his computer and gets an email. From: Bank. Subject: Must verify account Body: We noticed that your account might have been hijacked, please read the enclosed document and act accordingly or your account h

Re:

[1s44c]

Oh so Linux is more secure?

I avoided saying that. I also didn't mention security in general, the discussion was about viruses in particular.

Forget Linux and Unix for a moment. What about VMS, OS/390, or Nokia OS ? You can't tell me there are not a very large number of devices running Nokia OS that run all day every day. How come these devices are not crawling with viruses? They are general purpose computing devices too, all the weird and wonderful software these things can run proves that.

Re:

[Opportunist]

It's simply a matter of a number of targets.

As you know, software has to be written once, no matter if it is then supposed to run on one or a million devices. Writing malware for VMS or OS/390 is pretty much pointless, since these machines are rarely found in the hands of inapt administrators/users, and even less likely in the homes of anyone who isn't at least to some degree quite geeky. You simply get the best penetration with an OS that has the largest userbase.

And yes, mobile phones do have a sizable pe

Re:

[1s44c]

It's simply a matter of a number of targets.

That's a common argument. However there are around the same number of Nokia phones on at any one time as there are Windows OS's running. It fails to explain why Nokia viruses are not everywhere.

Re:

[Opportunist]

Did you read the whole comment or just that line?

It's compatibility and ability to get "deep" enough in the system. Read my previous comment, the one you commented, again and ask again, please.

Re:

[LordLimecat]

If there were sufficient motivation, people would write scripts to wget ubuntu rootkits and sudo make install them, and it would be posted to an ubuntu wiki, and thousands of people would end up on the ubuntuforums compliaining about viruses and how they thought ubuntu was immune.

This keeps coming up on slashdot, linux is not some magical barrier to viruses. Windows has its share of blame for crappy security, but many viruses are from users downloading stuff-- and the ones that ARENT (ie, most of them n

Re:

[Opportunist]

Care to tell me of one? Hint: "Linux" is the wrong answer.

Any OS is easy to subvert and hijack as long as the user grants root/admin/whatevertheheadhonchoiscalled access to any moronic program that zips about and refuses to run without. It's called the Dancing pig problem [wikipedia.org]. While I can agree that it is exceptionally bad in Windows, where programs like games routinely require admin privileges to install (and quite often to run, too), this is not to blame on the OS itself. You could get the same kind of crappy

Re:

[Opportunist]

Of course. Well, in theory.

'tween you'n me... we do that already. Whitelisting is pretty much the ONLY way how contemporary scanners can be halfway decently fast. But those guys that make the other software are really, really spitting in our soup. They dare to launch updates for their software without notifying us. They just do, imagine, what cheek! And then they go and ram that up our ass... well, up our customer's ass and we don't know about it. Now, as you may imagine, especially system files and here es

PWN?

[Jorl17]

PWN.

PR - from blue screen to no screen!

[voodoo cheesecake]

They could have claimed it was all a part of a mock cyber-attack! Oh joy!

Or maybe...

[Hansele]

Or maybe they should have put up a payment screen on their site, "We're sorry, your antivirus subscription has expired. To prevent your computer from being exposed to malware and virii, we have taken the proactive step of disabling your computer until you have made payment. For the low renewal fee plus a small reactivation fee of $199, we will be happy to walk you through the re-enablement process. Have a nice secure day!"

Re:

[voodoo cheesecake]

Using PayPal of course.

Re:

[Anonymous Coward]

Viruses. Virii is fake latinization and incorrect.

Re:

[shentino]

What about cactus -> cactii?

Same pattern.

Is it

( ) Virus doesn't follow the pattern
( ) Virii is correct
( ) Cactii is wrong

Re:

[quantumplacet]

well, cactii is definitely wrong, its cacti. virus does follow a pattern, just a different pattern than cactus, due to differing latin roots.

Re:

[LordLimecat]

According to a quick bit of research, the latin "virus" that is the root is declined in singular only [wiktionary.org], so you would presumably use the singular always. There IS a "vir" which is declined to "viri" (long i) in the plural, however that refers to "man", so is totally unrelated. Regardless, the word we use today is an english word with a different meaning, so regardless of how the base word was originally declined, it is not done that way in english. We do not tack on endings to "faithful" as we would to "fi

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[selven]

Simpler explanation: Latin plurals ending in -ii (eg. filii, anything ending in -arii, nuntii) come from singulars ending in -ius, so the -us -> -i 2nd declension plural rule still holds. "virii", if it exists, can only be a plural of "virius".

Re:

[WhatAmIDoingHere]

http://en.wikipedia.org/wiki/Plural_form_of_words_ending_in_-us [wikipedia.org]

The English plural of "virus" is "viruses"[1].

Mass noun in Latin

Virus comes to English from Latin. The Latin word vrus (the indicates a long i) means "poison; venom", denoting the venom of a snake. This Latin word is probably related to the Greek (ios) meaning "venom" or "rust" and the Sanskrit word visham meaning "toxic, poison".[2]

Since vrus in antiquity denoted something uncountable, it was a mass noun. Mass nouns — such as

Re:

[MrMr]

Virus is probably fourth declension, and thus has a -us in the plural as well:
http://en.wikipedia.org/wiki/Latin_declension#Fourth_declension_.28u.29 [wikipedia.org]
unlike the better known second declension nouns that floow thus -us->-i rule:
http://en.wikipedia.org/wiki/Latin_declension#Second_declension_.28o.29 [wikipedia.org]

Re:

[shentino]

No, if I had mod points and hadn't posted here I'd give you an Informative.

Re:

[sjames]

Great! Now we have grammar nazis in multiple languages.

Re:

[adolf]

It's not fake Latin, or incorrect. It's English, which is my language. I'll use it any fucking way I want to.

Thanks!

Re:

[LordLimecat]

You can do that, but that doesn't make it correct usage. The way languages work is that they have certain "correct" spellings and grammar; youre free to ignore them, but you will be incorrect in doing so.

Disclaimer: I make no claim to the correctness or lack thereof within this post.

Re:

[adolf]

Are we speaking Latin right now?

No.

We're using English. To hell with "correct" parlance in terms of any foreign and/or dead language. English is based on several different languages, including Latin, and bastardizes huge parts of all of them. Latin should not be exceptional in its retained purity.

"Virii," if it suits you. "Viruses" if it does not. "More then one virus" if you can't decide, though such phraseology reeks of superfluous verbosity.

Your version of "correct" and my version of "correct" are n

Re:

[LordLimecat]

You missed the point. We arent speaking latin, so latin rules do not apply, the english ones do. You are certainly free to mismatch your subject and verb tenses, but to try to claim it is correct is silly. Likewise you are free to give "virus" an inappropriate ending, but anyone with authority on the subject will call it incorrect.

This isnt a subjective thing, there is a right and a wrong when it comes to english syntax and word construction.

Re:

[Anarke_Incarnate]

What do you have against blag people? Blag people, blag people, taste blag, walk like people.

So secure, NOTHING will run

[Hansele]

Its a new security paradigm. The newly locked down computer will not run anything, and therefore no virii, malware, bots, or solitaire, will run. Truly they've created the "most secure antivirus ever".

Re:

[Anonymous Coward]

Who has the most secure OS now? Take THAT Linux and Mac fanboys!

Re:

[Aphoxema]

Who has the most secure OS now? Take THAT Linux and Mac fanboys!

Ouch. I feel so... insecure now!

Re:

[Anonymous Coward]

Don"t worry.I"m sure one of the Mac users won't mind holding you in a comforting embrace.

Re:

[Aphoxema]

Their soggy, brainless tenderness will surely make everything better.

Re:

[loxosceles]

FTLOG, virii [wikipedia.org] is not [wsu.edu] a word [encycloped...matica.com].

What does this say about "some" windows users?

[voodoo cheesecake]

FTA: "Some complained of being unable to reboot their systems."

This happened to me

[ProfessorKaos64]

This actually happened to me, at first I couldn't log in with my password, had to use Bart's PE disc to reset that, then I couldn't get any icons on my desktop of use the start button, then just a black screen, I thought I had a virus for real, so I reformatted , this was yesterday, wish I could have seen this but I don't know how they would have reversed it anyway.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[Threni]

I only run Windows software in a VM these days - all the stuff I want to be fast, stable, secure and safe I do under Ubuntu. Windows 7/xp both work fine under the free VM Player. None of this malware crap for me, thanks.

Re:

[Teun]

You talk like a Microsoft marketeer.

The newer generation of *ubuntu users will only get their aps from the official repositories (yeah I know, a weird concept to the MS world) and be protected that way.
Hard core Linux fans would find your type of exploit before it could do harm, after all they'd only use Open Source aps, right?

Re:

[Blakey Rat]

What does Time Machine do different than System Restore?

I'm wagering (not 100% sure) that System Restore would also have been able to repair the parent's issue, it sounds like he didn't bother to try it before reformatting. But it definitely can replace lost system DLL files.

Sounds like GoBack

[ScottCooperDotNet]

Allows you to boot into Time Machine if Windows is so hosed that you cannot get to System Restore? Sounds like GoBack.

Re:

[Bungie]

System Restore saves incremental snapshots of the system files to subdirectories in the SystemVolumeInformation folder on your hard disk. It doesn't do the whole drive, and usually has a limited number of snapshots which you can use. Most of these time machine style progtams take snapshots of the entire drive and back it up to a separate partition or drive. They usually give you more control over what can be restored and what times you can restore from. Usually you can also run restores by booting a CD or f

Re:

[DesScorp]

" That is why I use and would recommend Comodo Time Machine "

This is why I would recommend a Mac, or at least something other than Windows. The anti-malware that you have to use on Windows is sometimes almost as bad as the malware itself.

Windows, in and of itself, has become a stable, useful operating system. It's come a long way from the unstable 9X days, and truthfully, in some ways its easier to use than OS X. Were it not for the security issue, I might still be running Windows at home. But the cost in

Re:

[LordLimecat]

Yet for some reason I have friends asking what Mac AV to use, which means shortly they will be running crappy, poorly written antivirus software as well. The OS isnt really any kind of protection against this, what kind of crazy world is this where technical people are blaming the OS for what a low-level piece of software managed to do to it?

what incompetent boobs

[FudRucker]

you would think they would at least test updates on a few different systems (including the 64 bit systems) before releasing it to customers

Re:

[Anonymous Coward]

Let me answer in the manner of a hammer legion member poster on a Steam forum:

Wrks fine 4 me. Must b ur computer. loL!! Time 2 upgrade.

Re:

[Interoperable]

What upgrade path from 64-bit Windows do you recommend? 128-bit or 32-bit Windows? Or Linux? I'm all for that last one ;-)

Re:what incompetent boobs

[TheRaven64]

Well, Windows NT version numbers have gone 3.11, 4, 2000, 2003, 7, so the upgrade from 64-bit Windows must be... -512 bit Windows?

Re:

[lbft]

Windows NT version numbers have gone 3.1, 3.5, 3.51, 4.0, 5.0 (2000), 5.1 (XP), 5.2 (Server 2003, XP 64-bit, XP x64, Home Server), 6.0 (Vista, Server 2008), 6.1 (7, Server 2008 R2). If you ignore the marketing names the version numbering is actually pretty reasonable.

Re:

[Bungie]

Windows for Workgroups

Re:

[Anonymous Coward]

It's not that simple in reality. Obviously you can test RTM, service packs, etc, but system files can also be updated in individual security patches. It's simply not feasible to test every single security patch for every single supported system and platform, at least not if you want timely definition updates. Perhaps in the future Microsoft could make all released binaries available for AV vendors to regression test against.

Re:

[Abcd1234]

It's not that simple in reality. Obviously you can test RTM, service packs, etc, but system files can also be updated in individual security patches. It's simply not feasible to test every single security patch for every single supported system and platform, at least not if you want timely definition updates

An excellent point, and if only a small number of users were affected, it may be relevant. Unfortunately, at least based on the article and the volume of reports, all you need is a run-of-the-mill 64-bi

Re:

[Platinum Dragon]

This seems to be a semi-common issue. One place I kill time at uses Trend Micro on a couple of machines, and two updates within the past eight months have broken networking in funky ways that made updating impossible until workarounds were determined.

Re:

[Opportunist]

It's one of those "shit happens" things.

AV signatures get updated at the very least twice a day. In some companies, the (internal) updatecycle is 3-4 hours. And not all of them have the manpower of Kaspersky. The whole signatures-packaging is often a job for one or two people. Sure, 99% of it is automated, but that's also one of the reasons why something like this can happen.

One good reason for something like this happening is what I like to call the "race for a First". Being the first to detect something.

Quick

[linzeal]

Quick, someone send Microsoft a 64 bit version of Vista and Windows 7.

Re:

[dmacleod808]

I dare say they already have copies... and they are probably running windows security essentials Joke = fail

Re:

[Aphoxema]

Quick, someone send Microsoft a 64 bit version of Vista and Windows 7.

BitDefender and Windows Defender are two different things.

Re:

[Blakey Rat]

Look, I know this is Slashdot and we like bashing Microsoft but... what the hell?

Don't you mean, "sent BitDefender a 64-bit version of Vista and Windows 7?" Or are you making a joke going way over my head?

What does Microsoft have to do with a bug in BitDefender?

Re:

[Teun]

What does Microsoft have to do with a bug in BitDefender?

The reason d'etre for BitDefender = Microsoft...

Re:

[Teun]

Now go and read the definition for "reason d'etre".

I see a market for a new product:

[Anonymous Coward]

Anticlobber software. To protect your computer against misbehaving antivirus software.

Nothing new

[0123456]

I remember a few years ago that an update to the compulsory antivirus software on some of our PCs at work went ahead and deleted some important Windows system files if you had it configured to auto-scan the disk; mine wasn't so I was able to disable it before losing the files, but anyone who let it run overnight came into work to find a dead PC waiting for them.

Trusting your AV too far...

[runward]

This happened to me, too... bitdefender would flag nearly any file, and it first flagged a file that I had just updated, so I was genuinely concerned. The next file is flagged, however, was usbstor.sys, so I knew the AV was probably wrong.

Some people were running virus scans... tens of thousands of false detection, and all of the files were quarantined or deleted... it was a really bad situation for many. I'm not sure how non-technical users fared.

I use bitdefender on my computer only - I like the aggressive detection capabilities and reporting options. However, no one else in my house wants to know what their AV is doing - they just want it to work - and bitdefender is probably the worst option for them.

I've had similar with COMODO

[thatbloke83]

Another Antivirus software package (COMODO) has caused problems of this nature for me at work - it updated, asked to reboot and on rebooting we were just presented with a black screen, the desktop wouldn't load. Fortunately we were able to reboot into safe mode and just uninstall it until there was an update issued, but it was still part of a morning lost... While it's impossible to test every configuration ever, I'd have thought that something that would affect EVERY system in an office using this softwar

Re:

[pe1chl]

Interestingly enough, even companies that test every software update before rolling it out on their network often pass virusscanner database updates untested.
This means they are at constant risk of disabling their entire computer network due to a mistake of the virusscanner maker.

Re:

[Cl1mh4224rd]

There was another definition update for Comodo Antivirus (around the middle of last year, I think) that caused the CPU to peg at 100% usage on Windows XP 32-bit and possibly other versions of Windows.

Re:

[TheThiefMaster]

I noticed that too.

I think the lesson is that no AV is perfect...

Insanity

[dbcad7]

It never ceases to amaze me how much Windows users will endure.. Perhaps they are masochists and enjoy the pain of having their system occasionally rendered useless.. Living a life full of worry that their machine is an accidental click away from hours of removing crap from their system, followed by weeks of wondering whether or not they got all the cancer out.. Perhaps they enjoy the challenge of constantly defending themselves.. Proving that the are SMARTER than the other masochists that get burned.. Keep

Re:

[Blakey Rat]

How is this Windows' fault exactly? Third-party makes an anti-virus program, third-party doesn't bother to test an update, anti-virus breaks Windows.

Lessee, the *user* bought the program. The *user* installed it with Admin permissions. The *third-party* put in a buggy update.

But you're blaming the OS somehow?

The cure is worse than the disease

[FoolishOwl]

One of the things that precipitated my move to Linux was the way Kaspersky -- at the time, the top-rated security suite -- was shutting down my LAN. There were lots of posts on the official forums complaining about the problem, a handful of useless responses from users guessing at which part of the suite might be the source of the problem, and about which of the undocumented menu options might disable that part of the suite, and one short, incomprehensible message from one of the developers, suggesting they were looking into the problem, from several months before.

My experience with security software for Windows is that they bog down the operating system, disable basic features of the operating system without warning, and cause frequent crashes -- the very problems that they warn malicious software may cause. Simply put, malicious software *may* cause problems for Windows, but most third-party security software *will*.

To Microsoft's credit, they finally sealed some of the fundamental security holes with Vista and Windows 7, and they offer a decent security suite for free, so there's really no longer any reason to buy one of these wretched third-party security suites.

On the whole, though, you'll still get better security by switching to Linux, or at least Mac OS X.

Re:The cure is worse than the disease

[Teun]

To Microsoft's credit, they finally sealed some of the fundamental security holes with Vista and Windows 7, and they offer a decent security suite for free,

You have an amusing way of explaining how MS applied a (yet to be proven) band-aid to their self-inflicted wounds.

Re:

[Teun]

I agree, it's looking good.

But it'll only prove itself over time.

BitDefender was right

[Lost Penguin]

Windows IS the virus.

Re:Update Filter / Schedule

[KarmaMB84]

BitDefender is a third party anti-virus package.

Re:

[Rivalz]

your right sorry I jumped the gun and confused bitdefender with windows defender

Re:

[Rockoon]

The shame is that even though you put so much time into that post, you didn't bother knowing what the fuck you were talking about.

Re:Update Filter / Schedule

[Rivalz]

Thats the motto of my life my friend.

Re:

[tomhudson]

BitDefender is a third party anti-virus package.

Not any more ...

How many people still have their Windows recovery CD (needed to work around the problem) or know where to find it under all the other obsolete CDs?

Re:

[Runaway1956]

The real irony here is, that you even NEED a 3rd party application to make your machine secure. The bit of irony on the tail end is just for amusement - the security software kills your machine, LMAO

Re:

[GIL_Dude]

Well, you really don't need a 3rd party security application to make your machine secure. We just saw the other day http://ask.slashdot.org/story/10/03/18/1831246/What-Free-Antivirus-Do-You-Install-On-Windows [slashdot.org] that many people have good things to say about MS Security Essentials as an anti-virus program. As advanced users, we also all know what the weak link is: end users who click on and run any old thing. Honestly, take a modern version of Windows (Vista or Windows 7) and the out of box (and on by default)

Re:

[1s44c]

The real irony here is, that you even NEED a 3rd party application to make your machine secure.

It doesn't even do that. The third party application takes time to react to new viruses so can never do more than reduce the insecurity.

Re:

[drsmithy]

The real irony here is, that you even NEED a 3rd party application to make your machine secure.

You don't. You may choose to use a third party tool to help prevent you shooting yourself in the foot.

Re:

[Anonymous Coward]

you good sir, are an idiot. This update has nothing todo with Windows updates. Before you go on a rant about something you obviously have no clue about, how about RTFA first.

I guess you must work in the food industry after all, probably the dumb fuck who always messes up my food when I go out to eat. Perhaps the root of the problem for you, was that your mom did drugs and drank while you were developing, and then she opted for a water-birth and you drowned a bit too long after you fell out of her cunt.

Do us

Re:

[ProfessorKaos64]

Thanks for the insightful post

Re:

[wampus]

I do try, but obviously not hard enough.

Re:

[1s44c]

Flash is a huge security nightmare. Maybe BitDefender was doing the right thing there.

Re:

[daveime]

Why exactly would Microsoft give you support for a 3rd part application that has fucked up ?

You saw the word "defender", automatically assumed is was another MS problem, and couldn't wait to add your 2 cents. Don't worry, you're not the first person in this thread to have egg on their face, and you probably won't be the last.