Dodgy BitDefender update bricks systems
BullGuard also bitten by borked box balls-up
A dodgy update from BitDefender on Saturday bricked Win 64-Bit systems after it was applied.
Rogue signature updates meant that multiple Windows and BullGuard files were falsely flagged as infected with a Trojan (now identified as Trojan-FakeAlert-5) and quarantined. Affected systems were subsequently left with applications that wouldn't work on boxes that were incapable of successfully rebooting.
The ropey update was available for around three and half hours before it was pulled. BitDefender has apologised for the snafu and issued advice on restoring borked systems.
Customers of anti-spyware and spam filtering firm firm BullGuard, which uses BitDefender's anti-virus engine, were also similarly affected. BullGuard also apologised for the problem and gave a renewed vote of confidence in the effectiveness of BitDefender's technology in a blog posting.
Misfiring updates are a well known Achilles' Heel for anti-virus scanners. The problem of false alerts is becoming more common even as systems improve because of the increased number of malware threats, estimated at 50,000 a day.
The problems with the BitDefender update are more serious than the norm because system files were falsely detected as malign, resulting in unstable and unusable systems. ®
Why don't they test these things properly first??
A recent AVG 9.0 update didn't brick systems, but it's still incapable of working nicely with Zone Alarm and caused browsing problems for a lot of people.
The only way I found to get it working properly was to re-install it but remove the Link Scanner.
Once again I think updates should be released to the staff of the companies first, so they can properly Beta test it!
The advice for home users requires booting from the appropriate Windows installation disc and using the repair option.
How many home users have a copy of the windows installation disc?
That right your screwed!
number of malware threats
Given the total number of malware threats, isn't it the case that these false positives are going to increase. A virus signature is a hash of a variable length string. As such the function maps from a larger set to a smaller set.
Isn't it patently obvious by now that Anti-Virus software doesn't work. A better solution is a core OS that only allow a whitelist of approved apps to run. The approved-app detector running in read-only memory. Of course for such to work, the Memory Management unit would have to be immune to buffer-overflow attacks. Something the innovators don't seem to be able to do.