Overclock.net › Forums › Industry News › Software News › [ARS] AV provider Webroot melts down as update nukes hundreds of legit files
New Posts  All Forums:Forum Nav:

[ARS] AV provider Webroot melts down as update nukes hundreds of legit files - Page 4

post #31 of 80
Quote:
Originally Posted by Particle View Post

People who think like this, as a group, help contribute to the persistence of botnets used for spam and any manner of other evil things every bit as much as the inexperienced users tech people like to poke fun at. It isn't just about you. Good personal security is to the benefit of us all.

That's a bit of a stretch to assume that don't you think? I'm one of those people and I haven't been infected in over 10 years due to not being an idiot and maintaining a solid firewall. I'm not saying it can't happen to me but that it hasn't.
post #32 of 80
Quote:
Originally Posted by Ghoxt View Post

After 21 years working in IT at one of the largest US datacenter I can say many have no idea about your network ports and how without A/V your PC is just publicly available to others within you ISP network and the International Internet in general. Many network broadcasts will hit your pc's network ports, play a "nice melody of syns and acks" and your PC will do what it shouldn't do and responds. Unless it's one of the brute force malware or trojans that drives your pc's cpu up, you likely wont notice.

Virus makers are not the same kids that they used to be, many are state sponsored, basically all states make viruses as they have no choice in the matter. When you are on the internet your PC is front doored by every nation on the planet and their systems. Parents don't realize their 12 year old baby has an International Presence on Instagra... Got Ya!  Just kidding haha. biggrin.gif   I'll stop there. Was wondering when one of you would reach thru my monitor /slap me in the face and say "stop preaching you idiot!" nerdsmiley.png:

worked in it for 21 years.....wink.gif

without A/V your PC is just publicly available to others within you ISP network and the International Internet in general.

That's so blatantly wrong I can't believe it. What is an ISP network?

And what does AV have to do with a firewall?

Even the basic firewall in Windows blocks incoming connections.

Many network broadcasts will hit your pc's network ports, play a "nice melody of syns and acks" and your PC will do what it shouldn't do and responds

Your firewall will send a response back saying the scanned port is closed unless you have a server or remote desktop enabled, listening for connections on that port. If your firewall does not respond, it means it's stealthed and an attacker would know you were there anyway because the attacker would not get a response. So even if your firewall responded to ping requests or whatever it doesn't make you any more vulnerable than if it blocked all requests if no port is open.

I agree that no one should have a naked internet connection without a router with an SPI firewall.
post #33 of 80
This has got to be one of the most destructive goofs I've heard about in a long time.

I can't even fathom how WebRoot will be able to recover from this. I wonder if a class action lawsuit could be coming?

Also, the name of their AV... WebRoot.. why?? It sounds like a virus it's self lol
 
ThinkPad Yoga
(10 items)
 
 
CPUMotherboardGraphicsRAM
Phenom II X4 970 @ 4 Ghz Asus M4A88TD-V EVO Asus STRIX Rx 470 4GB OC Edition  G.Skill Snipers 8GB DDR3 1333 (2x4GB) 
Hard DriveHard DriveHard DriveOptical Drive
Crucial MX300 275GB SSD Seagate NAS 2TB Seagate NAS 2TB Asus DVD Burner 
CoolingOSMonitorKeyboard
CoolerMaster GeminII S524 Win 7 Pro x64 Samsung 24" S24D590 (1080p) Logitech G510 
PowerCaseMouseMouse Pad
Corsair TX750 V2 Corsair 600T Silver Logitech Trackball Dead mouse carcass 
AudioOtherOther
Logitech Z313 Linksys WRT54G w/ DD-WRT @ 225Mhz Samsung Galaxy S3 16GB - Rooted/Carbon Rom 
CPUMotherboardGraphicsRAM
Baytrail Quad Core @ 2.16 Ghz OEM Lenovo 20DAS02X00 Intel HD Graphics 8GB DDR3L 1600 
Hard DriveOptical DriveOSMonitor
240GB Kingston SSD N/A Windows 8.1 Pro 11.6" IPS Touch Display @ 1366 x 768 
KeyboardAudio
ThinkPad baby... HD Audio 
  hide details  
Reply
 
ThinkPad Yoga
(10 items)
 
 
CPUMotherboardGraphicsRAM
Phenom II X4 970 @ 4 Ghz Asus M4A88TD-V EVO Asus STRIX Rx 470 4GB OC Edition  G.Skill Snipers 8GB DDR3 1333 (2x4GB) 
Hard DriveHard DriveHard DriveOptical Drive
Crucial MX300 275GB SSD Seagate NAS 2TB Seagate NAS 2TB Asus DVD Burner 
CoolingOSMonitorKeyboard
CoolerMaster GeminII S524 Win 7 Pro x64 Samsung 24" S24D590 (1080p) Logitech G510 
PowerCaseMouseMouse Pad
Corsair TX750 V2 Corsair 600T Silver Logitech Trackball Dead mouse carcass 
AudioOtherOther
Logitech Z313 Linksys WRT54G w/ DD-WRT @ 225Mhz Samsung Galaxy S3 16GB - Rooted/Carbon Rom 
CPUMotherboardGraphicsRAM
Baytrail Quad Core @ 2.16 Ghz OEM Lenovo 20DAS02X00 Intel HD Graphics 8GB DDR3L 1600 
Hard DriveOptical DriveOSMonitor
240GB Kingston SSD N/A Windows 8.1 Pro 11.6" IPS Touch Display @ 1366 x 768 
KeyboardAudio
ThinkPad baby... HD Audio 
  hide details  
Reply
post #34 of 80
Dang that's crazy...

I don't use anti-virus. I just run Malware AntiBytes every couple of months and have plenty of backups.
Kasuf
(9 items)
 
  
CPUMotherboardGraphicsRAM
Core i5 6600K ASRock Z170 Pro4 ASUS Radeon RX 480 ROG Strix Corsair Vengeance LPX 32GB 3000MHz 
Hard DriveCoolingMonitorPower
Samsung 850 EVO Noctua NH-D15 LG 34" Ultrawide (LG34UC98) Corsair HX750i 
Case
Silverstone FT05B-W 
  hide details  
Reply
Kasuf
(9 items)
 
  
CPUMotherboardGraphicsRAM
Core i5 6600K ASRock Z170 Pro4 ASUS Radeon RX 480 ROG Strix Corsair Vengeance LPX 32GB 3000MHz 
Hard DriveCoolingMonitorPower
Samsung 850 EVO Noctua NH-D15 LG 34" Ultrawide (LG34UC98) Corsair HX750i 
Case
Silverstone FT05B-W 
  hide details  
Reply
post #35 of 80
Quote:
Originally Posted by mrawesome421 View Post

This has got to be one of the most destructive goofs I've heard about in a long time.

I can't even fathom how WebRoot will be able to recover from this. I wonder if a class action lawsuit could be coming?

Also, the name of their AV... WebRoot.. why?? It sounds like a virus it's self lol

Sounds like a command in Linux that let's you delete the internet.
post #36 of 80
Quote:
Originally Posted by aweir View Post

without A/V your PC is just publicly available to others within you ISP network and the International Internet in general.

That's so blatantly wrong I can't believe it. What is an ISP network?

And what does AV have to do with a firewall?

Even the basic firewall in Windows blocks incoming connections.

Many network broadcasts will hit your pc's network ports, play a "nice melody of syns and acks" and your PC will do what it shouldn't do and responds

Your firewall will send a response back saying the scanned port is closed unless you have a server or remote desktop enabled, listening for connections on that port. If your firewall does not respond, it means it's stealthed and an attacker would know you were there anyway because the attacker would not get a response. So even if your firewall responded to ping requests or whatever it doesn't make you any more vulnerable than if it blocked all requests if no port is open.

I agree that no one should have a naked internet connection without a router with an SPI firewall.

 

At best when enterprise Firewalls are working normally things are great, that said when Checkpoint which is what we used had rulesets opened in a broad sense and were screwed up on the Provider (I assume you know what that is) we had problems. By and large nothing got through our Firewalls until People started asking for Entire swaths of port ranges opened as their new Linux & Windows servers/software wouldn't work in the dev environment. Mgmt gets tired of hearing about "We cannot do our job as the Netsec team has our new servers locked down in the DMZ/Dev/Prod areas"

 

People Open the firewalls, people screw up and don't clean up firewall rules not in use in 90 days. We had tons of SOX requirements that finally helped to close some of these gaps by putting some audit weight behind it. so your best case scenario is great until NAT tables get full because "people" werent watching the charts which were very clear. Also How many times we found holes punched in our Network as the eComm team didnt want to go through a Firewall at all...People.

 

And yeah, 21 years in IT Operations, and leading the MIRT (Major Incident Response Team, 13K incidents over the last 8-9 years) and travelling yearly to Stirling forest IBM to their BCRS facility to restore revenue generating systems 500+ servers. Fun. change control ITIL, all the usual stuff and running the 8:30am Intl Ops conf call with all IT departments to keep everyone on the same page about pending Inventories etc, "so don't touch those systems this week".

 

Thats all I did...Oh yeah, and oncall every 3rd week which was typically an 80 hour week cause our IT staff could not wait to change something without knowing the other things it would break. Loved the outsourcing as well and cleanup we had to do...constantly. 


Edited by Ghoxt - 4/25/17 at 9:37pm
post #37 of 80
Honestly, I've seen most "well known" AV programs get a bad update and start rendering systems inoperable at this point. Webroot, Kaspersky, AVG, Panda...it's infuriating, yes, but I think it's just something that's an eventuality given how AV programs need to operate to keep up with malware.
Rising Phoenix
(15 items)
 
  
CPUMotherboardGraphicsRAM
Intel i7 6700K @ 4.6GHz ASUS Maximus VIII Hero MSI GTX 980 Ti Gaming 16GB G.Skill Trident Z DDR4 3200 
Hard DriveCoolingOSMonitor
1TB Samsung 960 EVO m.2 Corsair Hydro H100i v2 Windows 10 Pro x64 ASUS VG248QE 
KeyboardPowerCaseMouse
Corsair Strafe RGB Corsair HX-850 Phanteks Enthoo Evolv ATX Logitech Proteus Spectrum 
Mouse PadAudioOther
Unknown Onboard Oculus Rift w/Touch Controllers 
  hide details  
Reply
Rising Phoenix
(15 items)
 
  
CPUMotherboardGraphicsRAM
Intel i7 6700K @ 4.6GHz ASUS Maximus VIII Hero MSI GTX 980 Ti Gaming 16GB G.Skill Trident Z DDR4 3200 
Hard DriveCoolingOSMonitor
1TB Samsung 960 EVO m.2 Corsair Hydro H100i v2 Windows 10 Pro x64 ASUS VG248QE 
KeyboardPowerCaseMouse
Corsair Strafe RGB Corsair HX-850 Phanteks Enthoo Evolv ATX Logitech Proteus Spectrum 
Mouse PadAudioOther
Unknown Onboard Oculus Rift w/Touch Controllers 
  hide details  
Reply
post #38 of 80
Quote:
Originally Posted by Flames21891 View Post

Honestly, I've seen most "well known" AV programs get a bad update and start rendering systems inoperable at this point. Webroot, Kaspersky, AVG, Panda...it's infuriating, yes, but I think it's just something that's an eventuality given how AV programs need to operate to keep up with malware.

I stopped using both payed and free AV when they started pushing pop up ads.
Some stopped with that practice, but overall, they are giving themselves bad rep.

But these kind of problems should never happen. Even if they are pressed to keep up with malware, you don't release without testing. Better a delayed response to a bad response.
Main system
(16 items)
 
Editing PC
(8 items)
 
 
CPUGraphicsGraphicsRAM
E5-1680v2 AMD FirePro D700 AMD FirePro D700 64GB 1866mhz 
Hard DriveOSMonitorCase
1TB PCIE SSD OSX 10.10.x Dell U2713H Mac Pro 
  hide details  
Reply
Main system
(16 items)
 
Editing PC
(8 items)
 
 
CPUGraphicsGraphicsRAM
E5-1680v2 AMD FirePro D700 AMD FirePro D700 64GB 1866mhz 
Hard DriveOSMonitorCase
1TB PCIE SSD OSX 10.10.x Dell U2713H Mac Pro 
  hide details  
Reply
post #39 of 80
I've had SEP delete legitimate applications and applications that I wrote. Nothing on this scale though.
    
CPUMotherboardGraphicsRAM
i7 920 D0 MSI X58 Pro-E GTX 560 Ti 448 3x2GB G.Skill DDR3-1333 9-9-9-24 
Hard DriveHard DriveOptical DriveOS
840 Pro Caviar Black LG BD-ROM Windows 8.1 Pro x64 
MonitorMonitorKeyboardPower
Dell U2713HM Dell U2311H Turbo-Trak (Google it :D) Corsair HX-520 
CaseMouseMouse PadAudio
CM690 Mionix Avior 7000 Everglide Titan AKG K 242 HD 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
i7 920 D0 MSI X58 Pro-E GTX 560 Ti 448 3x2GB G.Skill DDR3-1333 9-9-9-24 
Hard DriveHard DriveOptical DriveOS
840 Pro Caviar Black LG BD-ROM Windows 8.1 Pro x64 
MonitorMonitorKeyboardPower
Dell U2713HM Dell U2311H Turbo-Trak (Google it :D) Corsair HX-520 
CaseMouseMouse PadAudio
CM690 Mionix Avior 7000 Everglide Titan AKG K 242 HD 
  hide details  
Reply
post #40 of 80
sigh....

https://blog.avast.com/2009/12/04/apologies-for-bad-definition-update/

http://www.pcworld.com/article/2027173/bad-kaspersky-antivirus-update-keeps-users-from-accessing-websites.html

http://news.softpedia.com/news/Bad-AVG-Update-Crashes-Windows-7-Computers-170264.shtml

https://krebsonsecurity.com/2010/03/bad-bitdefender-antivirus-update-hobbles-windows-pcs/

http://www.infoworld.com/article/3116159/malware/sophos-false-positive-detection-ruins-weekend-for-some-windows-users.html

http://www.idigitaltimes.com/panda-antivirus-update-problems-bricked-your-computer-heres-how-fix-wiped-files-and-422132

every now or then everybody !@#$ up an update...
20 years in the business I had many cases of bad updates (generally speaking from bios to firmware to windows... etc.)
It's life. We must deal with it. Nobody is perfect.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [ARS] AV provider Webroot melts down as update nukes hundreds of legit files