Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security Windows IT

Antivirus Webroot Deletes Windows Files, Causes Serious Problems For Users (pcworld.com) 67

Users of Webroot's endpoint security product, consumers and businesses alike, had a nasty surprise Monday when the program started flagging Windows files as malicious. From a report: The reports quickly popped up on Twitter and continued on the Webroot community forum -- 14 pages and counting. The company came up with a manual fix to address the issue, but many users still had problems recovering their affected systems. The problem is what's known in the antivirus industry as a "false positive" -- a case where a clean file is flagged as malicious and is blocked or deleted. False positive incidents can range in impact from merely annoying -- for example, when a program cannot run anymore -- to crippling, where the OS itself is affected and no longer boots. The Webroot incident falls somewhere in the middle because it affected legitimate Windows files and sent them to quarantine. This is somewhat unusual because antivirus firms typically build whitelists of OS files specifically to prevent false positive detections.
This discussion has been archived. No new comments can be posted.

Antivirus Webroot Deletes Windows Files, Causes Serious Problems For Users

Comments Filter:
  • by richy freeway ( 623503 ) on Tuesday April 25, 2017 @11:01AM (#54298707)

    I'm sure all three users were massively upset though.

  • by Anonymous Coward on Tuesday April 25, 2017 @11:03AM (#54298721)

    > the program started flagging Windows files as malicious

    I don't see the problem. Works well.

    • by kurkosdr ( 2378710 ) on Tuesday April 25, 2017 @12:53PM (#54299569)
      Translation: GOT THE JOKE??? I am an FSF neckbeard and consider Windows malicious for not conforming with my personal definition of non-malicious, and for that reason I think Webroot flagging Windows files as malicious is funny!!111 Joking aside, this incident proves WebRoot doesn't run automated tests before farting out a definition update, which every AV vendor should do.
    • You beat me to it; now if only it went the whole hog and forcibly installed an upgrade to Linux or BSD

  • by rmdingler ( 1955220 ) on Tuesday April 25, 2017 @11:04AM (#54298735) Journal
    Something /. users have been doing for years.
  • by Anonymous Coward

    Are they sure those Windows files weren't malicious? Just because they belong to the OS doesn't mean they should automatically be trusted, especially in Windows.

  • by freeze128 ( 544774 ) on Tuesday April 25, 2017 @11:12AM (#54298815)
    This has happened to every Antivirus. This is why Microsoft made their own - Microsoft Security Essentials, and also Windows Defender. In the era of Microsoft's own AV, there is no need for a third-party AV installed on Windows.
    • Re: (Score:2, Insightful)

      by Anonymous Coward

      including microsoft's.

      and, btw, microsoft did not "make their own".

      they bought rav from gecad in '03, and giant antispyware in '04. those turned into onecare (later mse) and defender, respectively.

      this is what they do: buy other companies or other companies technologies; and failing that, copy someone else's idea or product or poach their employees to recreate them.

      • > they bought rav from gecad in '03, and giant antispyware in '04. those turned into onecare (later mse) and defender, respectively.

        Yup, those were Microsoft Acquisitions [wikipedia.org] #72 and #77, respectively.

        Number Date Company Business Country Value (USD) References
        72 June 10, 2003 GeCAD Software Antivirus technology Romania $???,??? [93]
        77 December 16, 2004 GIANT Company Software Anti-spyware United States $???,??? [98]

      • by godefroi ( 52421 )

        So, pretty much like any company ever, then?

    • by DrYak ( 748999 ) on Tuesday April 25, 2017 @02:27PM (#54300225) Homepage

      In the era of Microsoft's own AV, there is no need for a third-party AV installed on Windows.

      Nope, quite the contrary : There IS need for third-parties too.

      The more diverse the antivirus landscape is, the more AV virus-writer needs to test their creations against.
      Avoid monoculture !
      It's harder when a Virus needs to go unnoticed by all of Microsoft AV, Kaspersky AV, Avira, F-Prot, Clam, etc. rather than only the first one on the list.

    • In the era of Microsoft's own AV, there is no need for a third-party AV installed on Windows.

      Not according to Microsoft. They say that Defender is intended as a fallback to provide some level of protection when no other antivirus is installed. It is not intended to provide full anti-malware protection.

  • by Greyfox ( 87712 ) on Tuesday April 25, 2017 @11:33AM (#54298975) Homepage Journal
    After it can't boot anymore, Windows is WAY more secure than it was. Really, you could say they're doing a GREAT job of keeping your system free of virusses!
  • by Anonymous Coward

    It found NSA malware hidden code in .dll files

  • Comment removed based on user account deletion
    • by godefroi ( 52421 )

      Yes, multithread that file scan! That way, both your disk *and* your CPU can be pegged full-time, and any potential viruses won't have any CPU time or IO available to do anything nefarious!

  • by OneHundredAndTen ( 1523865 ) on Tuesday April 25, 2017 @12:32PM (#54299401)
    Windows users are probably used to this kind of nonsense by now.
  • Microsoft announced today the acquisition of the Webroot Antivirus program in order to incorporate its detection technology into Microsoft Defender. Steve Ballmer is quoted as saying, "No one fucks with our users, well...except for us, and this provides an excellent means by which to do so."

  • The company I was working at in 2010 was effectively shut down for a day when McAfee flagged and quarantined svchost.exe.

    http://www.theregister.co.uk/2... [theregister.co.uk]

  • "Users of Webroot's endpoint security product, consumers and businesses alike, had a nasty surprise Monday when the program started flagging Windows files as malicious."

    If the files in question are from Win 10, then it's pretty much a case of Webroot just doing its job.

It's currently a problem of access to gigabits through punybaud. -- J. C. R. Licklider

Working...