The Inquirer-Home

Flawed Malwarebytes security update wipes out thousands of computers

Mistook legitimate files for malware
Wed Apr 17 2013, 17:55
First Shellshock malware emerges

SECURITY FIRM Malwarebytes has wiped out thousands of computers around the world with a faulty security update, mistaking legitimate system files as malware code.

The security firm confessed to the mistake in a blog post on Tuesday, and assured firms that the update has since been pulled.

"It saddens me to report that at around 3PM PST yesterday, Malwarebytes released a definitions update that disabled thousands of computers worldwide," wrote Malwarebytes Marcin Kleczynski.

"Within eight minutes, the update was pulled from our servers. Immediately thereafter, users flocked to our support helpdesk and forums to ask us for a fix."

The update definition made it so Malwarebytes protection software treated essential Windows .dll and .exe files as malware, stopping them from running and thus knocking IT systems and PCs offline.

The INQUIRER has heard from some IT managers that the update caused untold havoc on their systems.

One source at a UK organisation that uses Windows for customer facing as well as back office functions told us that the update knocked out 80 percent of the company's servers. Many others might have been left in similar predicaments.

Malwarebyte's Kleczynski said that Malwarebytes has already begun reworking its update policy to ensure that the mistake doesn't happen again.

"We acted overzealously in that mission and realise far superior procedures around updating are needed. More was expected of us, and we failed," wrote Kleczynski. "We are commissioning several new resources to stop this from happening again. We are building more redundancy to check our researchers' work and improving our peer review."

Malwarebytes is just one of many security firms that have released faulty updates at times.

Trend Micro security expert Rik Ferguson told The INQUIRER that the need to combat new and fast moving threats makes faulty updates a constant danger for all players in the security industry, big or small.

"Knocking servers or workstations offline due to a bad security software update is unfortunately real. It happens, and not just to the smaller players. The fact is that all security companies are potentially subject to this phenomenon, some have better track records than others, but no one has never suffered," he said. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Microsoft's Windows 10 Preview has permission to watch your every move

Does Microsoft have the right to keylog users of its Windows 10 Technical Preview?