bit-tech.net

BitDefender update wipes Windows

BitDefender update wipes Windows

Users of the BitDefender anti-virus package have been left with broken Windows installations following a bad update.

Users of BitDefender's anti-virus offering were left rather more secure than they would perhaps have liked after a flawed update was release causing the software to quarantine both itself and important Windows system files.

As reported over on ITworld, the update caused heartache for users of 64-bit editions of Windows by incorrectly assessing vital systems files as being examples of Trojan.FakeAlert.5 - causing the system to crash and fail to reboot.

Ironically, among the files detected as Trojans by BitDefender are files used by the software itself - meaning that the update can even cause BitDefender to stop working.

Unfortunately for those who chose to delete or quarantine the 'infected' files, it left their systems unable to boot - as several BitDefender users have bemoaned on the company's forums. Users who haven't rebooted are advised to restore the files from quarantine before doing so; users who are left with an unusable system are asked to try running Windows' System Restore feature or the Last Known Good Configuration boot option.

This kind of issue isn't restricted to a single vendor, of course - instead, all signature-based anti-virus applications are vulnerable to an improperly tested update going haywire. Software from vendors including Computer Associates and Grisoft have also resulted in users being unable to reboot their systems in the past.

For those BitDefender users who have not yet been bitten by the bug, the latest update corrects the signatures and prevents the misdetection.

Are you amazed that anti-virus companies can continue to release updates which cause such problems for their users, or is it simply impossible to perform enough testing on something as complicated as virus signatures to guarantee they won't trigger prematurely? Share your thoughts over in the forums.

39 Comments

Discuss in the forums Reply
Matt BD 22nd March 2010, 11:13 Quote
Hi everyone,

We are very sorry for the problems people may have had in regards to this issue.

We have been providing information to our users via support articles that are updated regularly as we implement solutions:

Home users will find solutions here: http://www.bitdefender.com/site/KnowledgeBase/consumer/#638

BitDefender Business Client users will find solutions here: http://www.bitdefender.com/site/KnowledgeBase/consumer/#643

BitDefender Security for File Servers users will find solutions here: http://www.bitdefender.com/site/KnowledgeBase/consumer/#642

If anyone has further problems please let me know here and I will help you to deal with them.

Best,

Matt Hicks
BitDefender UK
Showerhead 22nd March 2010, 11:22 Quote
WTH did they do any testing whatsoever before releasing it?
TWeaK 22nd March 2010, 11:25 Quote
I could understand if it affected a small userbase, but how the hell can they miss Win 7 x64?!
Pete J 22nd March 2010, 11:25 Quote
I find it quite ironic that anti-virus software, when it goes wrong, can do much more damage than your average virus. I recently used some reputable anti-virus software on a PC at work and it deleted some system files, meaning a fresh install is now needed. It's my fault I guess, I should have checked the files it was about to delete but I've grown used to simply clicking 'remove all'!
Unknownsock 22nd March 2010, 11:30 Quote
Whis is why i dont keep my anti-virus on..
Fizzban 22nd March 2010, 11:37 Quote
I did an update before I switched my pc off last night. Man I hope it wasn't the dodgy update...

Edit: I'm not on my home computer at the moment
rickysio 22nd March 2010, 11:45 Quote
Wow epic.
cybergenics 22nd March 2010, 11:49 Quote
I also don't use Antivirus, even the most efficient one out there, MSSE causes times out and 'not repsonding' errors when accessing other drives and partitions. I use a free firewall enhancement (Win 7 Firewall control by Sphinx) and Spybot, Spybot can be used to scan downloads and suspicious files and runs live by the 'Tea Timer'. Most of the other AV progs I've used, the worst being Kaspersky, are worse than having a Virus themselves.
MitchBomcanhao 22nd March 2010, 11:50 Quote
FAIL. yet another reason not to use antivirus software... not only I do not get any viruses anyway, but i would risk the antivirus doing more harm than most viruses around XD
shanky887614 22nd March 2010, 11:57 Quote
this is why i regually backup my system files

copy and paste only taeks 5minsto fix this
theskirrid 22nd March 2010, 13:08 Quote
I've had a bunch of these come into the shop over the years, with AV software killing system files through false-positive ID. It is a testing issue. It's essential to get new definitions out there fast, but smaller companies don't seem to have time to test, or to test thoroughly. It's madness. Bullguard used to do it regularly - horrible software [they gave me 30 copies free last year, at least the disk cases were useful], Kaspersky is nearly as bad. AVG has done it once too. MSSE has never done this [yet], but as Mr Cybergenics says it can bog down when new volumes are added, especially flash based ones.
Providing you have access to another machine this is simple to fix, but it should never happen in the first place.


My own personal setup is currently MSSE and Spybot for browser security and to cover the holes missed by MSSE. WHS backup makes a full disk restore take 10 mins or so.

Remember kids always look at what the AV has identified before you click remove/quarantine. Stay safe out there.
DeathAwaitsU 22nd March 2010, 13:43 Quote
RFL!
Nuff said.
Avast ftw :)
airchie 22nd March 2010, 13:54 Quote
Quote:
Originally Posted by
I have to say, respect to BitDefender getting out there and spreading the word on how to fix the issue as per Matt's post.
I'm more used to the larger companies trying to hide the issues.

Having said that, it does highlight the issue that there is no safety out there other than education and a little luck.
zero-day exploits are increasingly common and no matter how good your AV prog is, if its relying up signature updates to catch things, its still a reactionary process.
This means there's always a window for the user's PC to contract the virus before a signature can be written for it.
Or, the other extreme is that they rush out poorly tested sigs due to time pressures and mistakes can be made.

I see AV going the way of firewalls.
Originally, firewalls were set to allow all and block specific threats.
Now they're generally block all and allow specific ports.

Anyway, I'm AV free for now and happy.
I use Linux when I can, can't wait til all AAA games are released for Linux and Windows simultaneously then I'll be Linux exclusively. :D
Aracos 22nd March 2010, 13:59 Quote
Quote:
Originally Posted by Matt BD
Hi everyone,

We are very sorry for the problems people may have had in regards to this issue.

We have been providing information to our users via support articles that are updated regularly as we implement solutions:

Home users will find solutions here: http://www.bitdefender.com/site/KnowledgeBase/consumer/#638

BitDefender Business Client users will find solutions here: http://www.bitdefender.com/site/KnowledgeBase/consumer/#643

BitDefender Security for File Servers users will find solutions here: http://www.bitdefender.com/site/KnowledgeBase/consumer/#642

If anyone has further problems please let me know here and I will help you to deal with them.

Best,

Matt Hicks
BitDefender UK

1 post and join date today? Does that not ring any alarm bells for anyone else here that it may be 1 of 2 things, 1) He's a spammer and 2) He wants people to think that he is a bitdefender employee and while he's "help[ing] you deal with them" he might be trying to scam you into doing something you shouldn't?

Maybe I'm just more wary of these things than other people but I wouldn't trust him as far as I could throw him.....
gavomatic57 22nd March 2010, 14:54 Quote
Well it is understandable. Any software that slows your machine down and empties your bank account has to be malware. I can see how Bitdefender got confused. ;)
RichCreedy 22nd March 2010, 14:58 Quote
will only be a matter of time before avast has a similar problem

to the person spouting linux, will only be a matter of time before, like any other operating system, you will need antivirus.

even mac users are not totally protected, ok at the moment there are a small number of viruses that attack mac, but as it becomes more popular, so the virus writers will target more and more.
Matt BD 22nd March 2010, 15:42 Quote
Quote:
Originally Posted by storm20200
1 post and join date today? Does that not ring any alarm bells for anyone else here that it may be 1 of 2 things, 1) He's a spammer and 2) He wants people to think that he is a bitdefender employee and while he's "help[ing] you deal with them" he might be trying to scam you into doing something you shouldn't?

Maybe I'm just more wary of these things than other people but I wouldn't trust him as far as I could throw him.....

Hi,

You make a good point - we have had some problems with scammers trying to direct people to false url's over this isssue.

If anyone is in doubt about my previous post, please just find BitDefender through a search engine and visit one of our official sites - you should get the information you need from the news section on there.

Thanks,

Matt Hicks
BitDefender
rickysio 22nd March 2010, 16:27 Quote
Quote:
Originally Posted by storm20200
Quote:
Originally Posted by Matt BD
Hi everyone,

We are very sorry for the problems people may have had in regards to this issue.

We have been providing information to our users via support articles that are updated regularly as we implement solutions:

Home users will find solutions here: http://www.bitdefender.com/site/KnowledgeBase/consumer/#638

BitDefender Business Client users will find solutions here: http://www.bitdefender.com/site/KnowledgeBase/consumer/#643

BitDefender Security for File Servers users will find solutions here: http://www.bitdefender.com/site/KnowledgeBase/consumer/#642

If anyone has further problems please let me know here and I will help you to deal with them.

Best,

Matt Hicks
BitDefender UK

1 post and join date today? Does that not ring any alarm bells for anyone else here that it may be 1 of 2 things, 1) He's a spammer and 2) He wants people to think that he is a bitdefender employee and while he's "help[ing] you deal with them" he might be trying to scam you into doing something you shouldn't?

Maybe I'm just more wary of these things than other people but I wouldn't trust him as far as I could throw him.....

Being that he's not trying to direct us to websites like bitdefender.net or biitdefender.com, I'd hazard a guess that he's legit.
gavomatic57 22nd March 2010, 16:33 Quote
Quote:
Originally Posted by RichCreedy
will only be a matter of time before avast has a similar problem

to the person spouting linux, will only be a matter of time before, like any other operating system, you will need antivirus.

even mac users are not totally protected, ok at the moment there are a small number of viruses that attack mac, but as it becomes more popular, so the virus writers will target more and more.

Whilst it is true that more people will try to compromise a mac or 'nix system as it grows in popularity, the amount of damage a virus can do to a typical unix system is minimal thanks to everyone using a user account. Its the people who use XP or turn off UAC in Vista or Service Pack 3 that give any executable free reign over their system.

There will always be browser exploits letting the side down, but any damage a virus can do to nix is limited to the user's home folder, unless they are silly enough to put the admin password in when prompted.

Willing to be proved wrong, but that's the way I see it.
Aracos 22nd March 2010, 17:02 Quote
Quote:
Originally Posted by rickysio
Being that he's not trying to direct us to websites like bitdefender.net or biitdefender.com, I'd hazard a guess that he's legit.

I wasn't questioning the links I'm just wary about getting help from someone claiming to be from an anti-virus company.

He seems genuine enough I'm just an extremely cautious person :P
RichCreedy 22nd March 2010, 17:29 Quote
i am sure there will be holes in unix/linux based os's, its just they havent been found or exploited yet
Showerhead 22nd March 2010, 19:27 Quote
Quote:
Originally Posted by gavomatic57
Whilst it is true that more people will try to compromise a mac or 'nix system as it grows in popularity, the amount of damage a virus can do to a typical unix system is minimal thanks to everyone using a user account. Its the people who use XP or turn off UAC in Vista or Service Pack 3 that give any executable free reign over their system.

There will always be browser exploits letting the side down, but any damage a virus can do to nix is limited to the user's home folder, unless they are silly enough to put the admin password in when prompted.

Willing to be proved wrong, but that's the way I see it.

With you average user being conditioned on windows that they have to click allow to work, I don't see Joe Bloggs doing anything different on *nix he'll just be conditioned that he has to enter a password to allow programs to run and will do the same when a virus prompts.
airchie 22nd March 2010, 19:33 Quote
Quote:
Originally Posted by RichCreedy
i am sure there will be holes in unix/linux based os's, its just they havent been found or exploited yet
I don't think you 'get it'.
The reason Windows is constantly being pumped is due to the fact most users run as admins and simply double-clicking specific types of files gives those files free reign to modify anything it likes on the system.

The reason Macs and linux are more secure is that they dont run users as admins as default.
So you can double-click your nasty file but unless you type in your root password, its severely limited in what it can do.

Of course the argument of a much smaller target pool making nix/mac less appealing as a target is a strong one, but I do believe as their userbases get larger (which I think will happen faster and faster) they will remain more resilient than windows ever will be.

Time will tell I guess... :)
billysielu 22nd March 2010, 19:46 Quote
If I wrote AV. I would whitelist all Windows system files, and files required for my AV to work properly.

Just a suggestion.
ufk 22nd March 2010, 20:13 Quote
thats the problem, virus' sometimes hijack legit windows files so your whitelist would be a fail
Shagbag 22nd March 2010, 20:39 Quote
What's a virus?

***continues working on his unix box***
Neophyte4Life 22nd March 2010, 21:01 Quote
Quote:
Originally Posted by billysielu
If I wrote AV. I would whitelist all Windows system files, and files required for my AV to work properly.

Just a suggestion.

If i were a bad guy i would use that to my advantage
1ad7 22nd March 2010, 21:01 Quote
enough testing? you mean they didnt scan a single infected and non infected 64bit windows system before releasing this update? thats too much testing?... apparently they need to do more.
karx11erx 22nd March 2010, 23:05 Quote
To hell with your company, Matt. The bug hit me on Saturday afternoon, and after a while I couldn't launch any web browser and BD stopped working. In the end I reinstalled my Windows installation, and I am still not done with it.

To hell with your company and your ****ed up quality assurance.
karx11erx 22nd March 2010, 23:07 Quote
Quote:
Originally Posted by airchie
Quote:
Originally Posted by RichCreedy
i am sure there will be holes in unix/linux based os's, its just they havent been found or exploited yet
I don't think you 'get it'.
The reason Windows is constantly being pumped is due to the fact most users run as admins and simply double-clicking specific types of files gives those files free reign to modify anything it likes on the system.
Looks like you don't have a clue of Win7. Even if d-clicking some setup program, Win7 will ask you whether it is allowed to change system files if it tries to (unless you have completely turned off UAC). So stuff it, fanboy.
Bindibadgi 23rd March 2010, 00:02 Quote
Quote:
Originally Posted by storm20200
1 post and join date today? Does that not ring any alarm bells for anyone else here that it may be 1 of 2 things, 1) He's a spammer and 2) He wants people to think that he is a bitdefender employee and while he's "help[ing] you deal with them" he might be trying to scam you into doing something you shouldn't?

Maybe I'm just more wary of these things than other people but I wouldn't trust him as far as I could throw him.....

No, Matt is actually from Bit Defender in the UK.

I must say, they are being very proactive about replying and informing - so kudos!
LordPyrinc 23rd March 2010, 00:47 Quote
Being proactive is good, but I am at a loss for words when it comes to their product identifying it's own files as potentially harboring viruses. Seriously?? Did not one tester scan their computer with the software before releasing this product? They definitely need to improve their QA/Release process.
rickysio 23rd March 2010, 05:34 Quote
Quote:
Originally Posted by LordPyrinc
Being proactive is good, but I am at a loss for words when it comes to their product identifying it's own files as potentially harboring viruses. Seriously?? Did not one tester scan their computer with the software before releasing this product? They definitely need to improve their QA/Release process.

Perhaps not even 1 tester rebooted.
bennyjh 23rd March 2010, 06:46 Quote
I fell foul to this stupid little update. At first I thought I had a bad virus infection, as it was finding viruses in some program files folders. But then it just started quarantining the whole of my program files folder and then proceeded to start on my system 32 folder. Luckily I had a system restore from a few hours before, so I used that, then booted to safe mode to remove bit defender before it could do it again.

But seriously, these sorts of mistakes shouldn't happen. If i didn't have a recent system restore id be buggered.
brave758 23rd March 2010, 07:14 Quote
Quote:
Originally Posted by Bindibadgi
Quote:
Originally Posted by storm20200
1 post and join date today? Does that not ring any alarm bells for anyone else here that it may be 1 of 2 things, 1) He's a spammer and 2) He wants people to think that he is a bitdefender employee and while he's "help[ing] you deal with them" he might be trying to scam you into doing something you shouldn't?

Maybe I'm just more wary of these things than other people but I wouldn't trust him as far as I could throw him.....

No, Matt is actually from Bit Defender in the UK.

I must say, they are being very proactive about replying and informing - so kudos!

Agree we all make mistakes it how you handle them that shows your true colours.
gavomatic57 23rd March 2010, 09:20 Quote
Quote:
Originally Posted by karx11erx
Looks like you don't have a clue of Win7. Even if d-clicking some setup program, Win7 will ask you whether it is allowed to change system files if it tries to (unless you have completely turned off UAC). So stuff it, fanboy.

But you can turn it off, and people DO turn it off, because they can and because they think that their time is too precious to click an extra button. Vista had UAC right, it was just a big change after their XP seive. With Windows 7 they've dumbed it down so much it is almost meaningless.

Unless it asks for your password, you are not in a user account and are in some weird quasi admin account, so airchie is right.
Matt BD 23rd March 2010, 10:59 Quote
Hi everyone,

Again, I can only apologise for the problems people have experienced. The update in question was isolated to 64-bit OS and was withdrawn shortly after being issued, which meant very few users were affected.

Anyone still having problems can get support here -

http://www.bitdefender.com/site/KnowledgeBase/consumer/#638

Please feel free to let me know here if this does not fix things for you.

Best,

Matt Hicks
BitDefender UK
airchie 23rd March 2010, 15:04 Quote
Quote:
Originally Posted by karx11erx
So stuff it, fanboy.
LMAO! In a good mood today are we? :D
Quote:
Originally Posted by brave
we all make mistakes it how you handle them that shows your true colours.
Quote:
Originally Posted by bindi
I must say, they are being very proactive about replying and informing - so kudos!
I agree.
If it had hit me I too would be fuming but nothing is infallable.
I dare say your average BD user has been saved numerous times from infections etc so arguably they are allowed one slip up?
Providing they learn from it and improve their working practices it hasn't been a complete waste of time.
TheUn4seen 23rd March 2010, 21:09 Quote
Quote:
Originally Posted by gavomatic57
Quote:
Originally Posted by karx11erx
Looks like you don't have a clue of Win7. Even if d-clicking some setup program, Win7 will ask you whether it is allowed to change system files if it tries to (unless you have completely turned off UAC). So stuff it, fanboy.

But you can turn it off, and people DO turn it off, because they can and because they think that their time is too precious to click an extra button. Vista had UAC right, it was just a big change after their XP seive. With Windows 7 they've dumbed it down so much it is almost meaningless.

Unless it asks for your password, you are not in a user account and are in some weird quasi admin account, so airchie is right.

People are idiots, and click everything you tell them to click to watch their precious pr0n. Most of them don't even read what they click, I actually once made a popup with several lines of text saying that "your PC will be infected and all your details will be submitted to online databases." 96% of people (from about 45.000) clicked it.
And gavomatic57, UAC can be avoided by adding ONE short line of code to your virus. Well, four actually (one for each system - Vista and 7, x86 and x64 versions), I've never seen a virus to trigger UAC, besides very noobish ones.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums