You publish 20,000 clean patches, but one goes wrong and you're a PC-crippler forever

Malwarebytes pushed a patch, then a patch for the patch

Security software maker Malwarebytes has emitted two product updates and apologised to users – after its code turned their machines into near-bricks.

The problem started with a production update the company pushed out last Friday, which sent users to their keyboards complaining of excessive RAM and CPU consumption.

Affected products included Malwarebytes for Windows Premium, Malwarebytes for Windows Premium Trial, Malwarebytes Endpoint Security (MBES) and Malwarebytes Endpoint Protection (Cloud Console).

Irritated users lit up the software slinger's forums with hundreds of messages about the issue.

The company moved to resolve the issue, but its first fix failed and punters kept venting. That led to this Sunday apology, as the company pushed out a second fix.

“The root cause of the issue was a malformed protection update that the client couldn’t process correctly,” the apology post said, something Malwarebytes says is rare since “we have pushed upwards of 20,000 of these protection updates routinely”.

The company also published the timeline below, in its analysis [PDF] of the issue.

Malwarebytes timeline

The company explained that the snafu arose because of work to try and improve its Web protection detection syntax controls.

“Recently we have been improving our products so that we can show the reason for a block, i.e. the detection 'category' for the web protection blocks. In order to support this new feature, we added enhanced detection syntaxes to include the block category in the definitions. The unfortunate oversight was that one of the syntax controls was not implemented in the new detection syntax, which cause the malformed detection to be pushed into production.” ®




Biting the hand that feeds IT © 1998–2018