Another bad AV Update... Comodo & Avast aren't the first

http://www.networkworld.com/news/2010/032010-bad-bitdefender-update-clobbers-windows.html

A Bitdefender AV Update on Saturday cause 64 bit computers to stop working completely. Bitdefender forums are steam rolling: The Bitdefender Expert Community

Tooby

I think that’s worse than any problem Comodo has had. It seems to be very widespread across all Windows 64 bit versions.

This doesn’t only apply to AV programs. SAS had a small disaster about a year ago falsely detecting/quarantining a Vista system DLL which made the computer unbootable. Without a system disk, you were basically ■■■■■■■.

However, I don’t blame the vendors, I blame the user. An alert/detection is just that, and immediate follow up by the user is prudent and expected. Sites like CIMA and VirusTotal make the task of ruling out f/p’s easier.

As a mod, “Sux to be them”.

Wow!! Nearly 126 thousand views on the bad update topic in 3 days!!

I don’t feel so bad now. :slight_smile:

When something like this happens, the only ones you can blame are the vendors. In no way can blame be put on the users. They are using an application they trust to protect their systems, not render them unusable. Hopefully the people afected by this can easily recover the quarantined files and fix their systems.

“the only ones you can blame” are - users themselves…

How many times that was pointed out - as soon as you install any AV / anti-malware

check the settings and disable “auto-quarantine” and “auto-delete”

Leave the “Notify” only option.

Cheers!

Disagree here. You DO need to blame the Vendors. And by the way, Bitdefender AUTOMATICALLY by default quarantines what it detects by default. So it’s not just a user saying “wahoo virus in bitdefender/windows, delete it”.

Bitdefender stuffed it up big time. People want compensation too. Paid security product causing this damage to users and businesses is huge.

Tooby

Your freaking joking mate!

You can’t expect every user, who install’s AV software, to simply “Ok, now check the settings and make sure it does not delete” Ummm lol that is so stupid sorry. My Mum would not check the settings.

Don’t forgot we are the geeks here, and then there is the other users too.

Tooby

Hi Tooby

Thanks for calling my point “stupid”, but I am not a newcomer in this area
It’s not my 1st year being involved with security & malware research… let’s leave other details…

Please consult any serious certified malware fighter out there and get his/her opinion before posting offensive remarks

The only thing I can tell defending poor users - they are definitely left in the dark here
and the vendors must tell them what are the dangers

How many times the similar happened with different vendors?
Avast was just a month or something earlier, etc. … and so on…

Avira, for example has notification only by default - that is correct approach

a-squared with the best detection rate on the market for many years does not have those options at all. It just shows the detection list.

Thanks… again

p.s.

Since you are considering yourself being a geek please tell her and others. That will help …

That only works for people who would know what a file was and whether or not it should be quarantined. Auto-quarantine is the best and safest option for 90% of users. The blame is solely on the vendor when something like this happens.

Dch48 ,

Definitely I am not saying that vendors are not guilty, when such things happens

But as I pointed above they should not keep users in the darkness, and educate their users too, so they know about the options / the dangers /how to investigate; ask; submit etc.

At the end of the day there is no way that users are not learning about the security; what to use and why; what are FPs. etc.
It is better to learn and probably sometimes make small mistakes rather than have such disasters.
Therefore it is always better having safer options in place… and I sill disagree that the “auto-” is “safest option for 90% of users” as you said.

That was 100% unsafe for those previously and this time … and that is not the last serious FP and not the last vendor to make such mistake in the future unfortunately

My regards

Of course , notification is the best option for knowledgeable people. Still, having the files quarantined should allow for them to somehow be recovered and the damage to be fixed. If they had been deleted, either by the program automatically , or by inexperienced users thinking they should remove anything their security app finds dangerous, that would be far worse. Then they would probably have to reinstall their system if they didn’t have a Windows disk (and many PC makers don’t provide them) and lose all their data. Recovery of the quarantined files could prevent that.

Thank you for reply , Dch48

Sure… but …

in most of the cases where critical / vital files from the system area were quarantined (I am not saying deleted) system cannot recover.
There are definitely some cases when the System will recover after the Reboot
The latter is actually belongs to more rare cases unfortunately.
Then, it does not mean that the system is “fine” after that.

The thing is - there are two (more? :slight_smile: ) scenarios:

  1. FP
  2. indeed the system files were compromised

If the scenario is #2 - you still cannot neither delete nor quarantine
There are special procedures that must be carried out in order to remove the infection and to substitute the system files

Most of AV’s cannot do that and never will be able to … Comodo included

The conclusion :

as you said (and I hope we agreed at least here) - the “notification is the best option”, but that is not only for “knowledgeable people” - that’s better be a rule for everybody

Being not knowledgeable is a normal and common stage … that is not a cine either.

We are learning constantly and that’s based on our mistakes.
If there is a will - the experience will come

My point is: at least a pass a message; help wherever and whenever you can

Do not ever blindly trust any security.

Otherwise, there is another way, which is - not using it at all.

Sure, the purchased CD-DVD / special recovery partition / disk images / backups… and you are fine … but shouldn’t that and the ways to perform that to be included to the knowledge ??? How “the ordinary” user can do that without learning… “something”?

Cheers!

Do you want me to give you a gold metal? :wink:

No. This is the wrong way to do things, when it comes to Internet Security.

SECURITY should NOT be an INCONVENIENCE. It should be enablement. I’m not going to tell her and others to make sure they check settings before you install a AV Product. It should be like: Heres a Security Software to protect your PC, Install, it updates, ■■■■. Leave the user alone. Let the product notify if something is wrong. Not anyone else.

Yes, education is good. We go to School, we then get Jobs, College, University etc. But if your NOT interested in internet security, or interested in computers, you want to use your PC for work and social, etc, and that’s it. Then you want to install Security Software, that’s it. And that’s exactly my point. Other people have lives. They have a Job, They have a Hobby, they have a family. They are busy people. They don’t want to spend their times here, or learn what FP’s are, or how to ask or whatever.

Tooby

Yes give me a meTal and some stones

You have rights to have your opinion… but one of the “secondary” (I have many) scanners here is BitDefender… somehow … there was no disaster here. Why?

Indeed

Who isn’t busy nowadays?
Is there anything we can do about it if they (we) don’t want to learn … and if more experienced users and/or vendors don’t want to help?
Therefore “they” have what they have … “or whatever” (using your terminology)

“They” are probably not willing to learn how to recover their systems as wall as it was pointed out above

You would only dream of how many security I am testing for a long time
I had multiple Explorer / Svchost / TcpIP.sys/ Kernel (FP and real )… and so on and so forth flaggings … there was not a single case where I needed to reinstall the system. There should be “something” in my approach shared & supported by, as a matter of fact, as I said with best of the best malware fighters out there

but … feel free please & set it to “auto-” …“or whatever” that’s your personal choice

Thanks

Hey Tooby,

Here’s another way to look at it - before we get in a car to drive, we are supposed to (under Australian law, anyway) check that the blinkers work and the tyres are OK. No-one does because it’s inconvenient, but it makes bloody good sense.

The same principle applies, IMHO with security software - why shouldn’t we check that the default settings before we take it for a spin? Following on from that, why don’t software vendors ensure that the default settings are what is considered best practice settings?

This is a “rock and a hard place” argument. Software vendors should make suitable default settings, but can’t possibly know what is best for each individual. Users have an obligation to make sure their software runs the way they want it to, suitable for the way they do work, but not all users have the knowledge to know whether the settings are correct.

I don’t think there is a definitive answer to this.

Ewen :slight_smile:

Hey Ewen :wink:

I agree with you here. As Being in Australia my self. But Internet Security Software, IMO is a whole different ball game. Default Settings should be the best, again IMO.

I won’t take this any further to show any more disrespect to SiberLynx. Sorry to offend anyone. I WILL, finally agree with you though… There is no real answer to this. Nothing is right or wrong.

Tooby

Tooby,

1st it happened that at least 3 of us participating in this debate are in Australia :slight_smile:

That is not a major issue “showing disrespect”. Please do if you think that is the way to express your opinion. I will survive… , believe me
We all can be rough & tough (applies to me as well) intentionally or unintentionally.

But that was the point and I gave the example above about two Security Packages (regarding anti-virus / anti-malaware) that are for a long time staying at the top and I have doubts that any other security in the foreseen future will beat them…

… their defaults are – “notify only”

Regards

The blame is solely on the vendor when something like this happens.
I partly agree with this, but I kind of partly blame the business with "IT" departments. Why??? Because That's their job. There job is to set up and configure everything for THAT companys needs. When a situation comes up like something gets flagged. They need to check out the situation to see if its a false-positive or it's actually malware. That's what they get paid to do. Besides they should know better then to delete everything that gets flagged. That's just PURE laziness and they weren't doing their job properly.

While I feel company with IT departments are to blame, but companys without IT department and users can blame bitdefender

As for default setting. My own opinion is this
auto “auto-quarantine” and “notify” or just “notify”
Computer tweakers in general are more then happy to adjust to how they see fit

edited by “jay2007tech”
*************I removed the bottom half of my post because it was off topic :o , *********

Let’s not let our emotions sit in the driving seat, OK??

Please take all arguments and personal opinions out of public view. PM or email - don’t care where, just not here in public.

Ewen :slight_smile: