Anti Malwarebytes just nuked 20 of our systems with False Positive

Re: Holly freaking shiat AntiMalwarebytes just nuked 20 of our systems with False Positiv

Does this ever happened to Microsoft security products ? Can Microsoft afford to kill millions of machines of universities, some companies, all the home users of MSE and now all the Windows 8/WD ?

Such false positive only happen to "best"-in-class products like MBAM.


This is very low quality - no quality assurance, no pre-release testing, no nothing. Just see what they are doing NOW:
http://blog.malwarebytes.org/news/2013/04/improvements-to-our-updating-process/
They did not have such testing configurations before?

This is a disaster. Imagine what would happen in a big organization if this was accepted and pushed.
https://www.wilderssecurity.com/showpost.php?p=2220571&postcount=4

 

Re: Holly freaking shiat AntiMalwarebytes just nuked 20 of our systems with False Positiv

No, it is not. How can you trust a community (not even a company with regular offices) like Malwarebytes, how can you trust the no-quality-assurance process ?

 

Re: AntiMalwarebytes just nuked 20 of our systems with False Positive

Thanks, God - we are in Europe - and it was night at Europe at 3PM PST. This could have affected many people in Europe, too.

 

Re: AntiMalwarebytes just nuked 20 of our systems with False Positive

Malwarebytes Longevity:

Seeing how Malwarebytes will be hiring more staff my number one question is: How the hell are you guys/gals expecting to run a sustainable business model? It's a lifetime lic so eventually the re-venue will dry up but the demand will continue. Not to rain on anyone's parade, but reality must be faced. Either malwarebytes "shuddeR" will be acquired by other company i.e. Symantec or they will have to go yearly pay versions and grandfather the old subscribers. Otherwise, how can one expect quality and quantity of updates with zero profit margin?

Just saying.

 

Re: AntiMalwarebytes just nuked 20 of our systems with False Positive

Currently it seems to be run from the love of the community - free antimalware help, free ~ok~ program, free love, community, love, community, love, some money from users-in-love, some money from users-not-so-much-in-live, community, support, love, community...

I would not trust such a company and product in my environment. The above is good/OK but is not serious.

 

Re: AntiMalwarebytes just nuked 20 of our systems with False Positive

I've no affiliations with MBAM but on the aspect of license models, I have an alternative viewpoint here if you're interested.

 

A 'disaster', questionable community-ware that apparantly runs mostly on 'community love', sustained by '0-quality assurance' and based on a '0-profit margin economic model'...

tsk tsk, quite the 'emotions' suddenly running high again almost one week after the occassion.

 

Re: Holly freaking shiat AntiMalwarebytes just nuked 20 of our systems with False Positiv

~ Snipped as per TOS ~ MBAM Pro had a stellar record for quite awhile, no reason not to distrust them after one hick up.

 

Re: AntiMalwarebytes just nuked 20 of our systems with False Positive

From what i have heard and seen around the tech communities they have seen astonishing growth in the corporate market sales over the past few years.

Heck they have companies complaining that that they cannot take their money off of them quick enough at their support forums.

That will not be a lifetime arrangement model but almost certainly yearly renewable subscriptions.

Just a FYI that is where the big money is for these security companies and not dependent upon the home user market.

 

Re: Holly freaking shiat AntiMalwarebytes just nuked 20 of our systems with False Positiv

How about two weeks ago?

2013-04-11

https://secure.dshield.org/diary/KB...issues in Brazil and some other locales/15593

http://threatpost.com/microsoft-uninstall-faulty-patch-tuesday-security-update-041213/

Sorry to interrupt your rant, please go on.

 

Re: Holly freaking shiat AntiMalwarebytes just nuked 20 of our systems with False Positiv

First, it's not a Microsoft security product. Second, it only happened to people who had a banking software, demanded by Brazilian banks.

Then, it appears that it also happened to Kaspersky users.

So, I'd say the problem were these two applications, that conflicted with the security update. If the problem was the security update, then it would happen to everybody, regardless of the system configuration. That was not the case.

 

Ask AVG about it. They may give you different sight.

 

I am emotional because I am part of the securty and antimalware community and industry [you are WSF member so you should also be] and I also value high quality products and services made from best in class reputable good people. And when I saw this I got kind of emotional - false positives are huge problem (some people don't realize). I was/am also ~ Snipped as per TOS ~ off about how much some people praise MBAM as The Security King.

And it was not a week after, and I do not keep on the news about MBAM - I just yesterday noticed the thread here @ Wilders.

 

Re: Holly freaking shiat AntiMalwarebytes just nuked 20 of our systems with False Positiv

As already written - this is not related to Microsoft security products (Microsoft Security Client - MSE, WD, SCEP2012, FEP2010, WI, etc.)

Second, as it was announced it was not exactly Microsoft fault but affected some 3rd party products who were written who know how (out of official rules most probably).

My words my sound like rant to you and to some other people but they are not. I am very critical when it comes to quality - sorry if you don't like it. I really can't stand low quality, mess and out of order things. I like perfection.

 

Nope, I don't get emotional over a system file FP.
Either it's potential mayhem is simply prevented by selecting non-automatic deletion of detected files (which MBAM only recently introduced, the previous 'lack of' and it's potential implications should have been a well-known fact, especially for those working in IT security. I don't work in the industry btw) or mitigated by a tested, documented/standardized recovery/'imaging&sync' procedure.
When working in IT, you should get emotional at the level fire/water/electricity calamity like when a considerate amount of hardware is ruined.
I'd go from the expectation that a particular bit, somewhere, some place, some time, will flip and just really tries to ruin your (holi)day. Simply prepare.

 

Ok to answer your multiple Questions.

1. The company is very profitable and we have a Corp Headquarters in San Jose California. see here: http://blog.malwarebytes.org/news/2013/04/our-new-digs/ We have a 25000 square foot office.

2. We had quality assurance and it was done manually. Now it is done by both manual and the automated shim server. But what happened was something we thought could never of happened. This was a multiple level failure in our existing safeguards. We have fixed a lot of issues we discovered because of this and the shim server is online so this will not happen again. All defs are scanned by all supported oses and even some that are not officially supported. We have been adding individual files from the past months that have caused other minor false positives. The database has to pass the shim server or it does not go out. No execeptions.


3. We did start from the community but we are a full fledged private company.

4. I cannot say what may happen with licensing models in the future but right now we ok with revenue and businesses are yearly. Home users are lifetime.

5. We have been hiring in all departments. We have more then doubled our personnel in the past year.

Anything i may have missed please let me know.

 

Re: Holly freaking shiat AntiMalwarebytes just nuked 20 of our systems with False Positiv

And?

So, millions and millions of people

Those two applications are well known and have been running for years without that problem. It was the Microsoft update who destroyed thousands and thousands of systems. You need to be a fantastic MS fanboy to demand every single developer on earth to anticipate every single Microsoft move.

If we are asking Malwarebytes to test their updates (about 12-15 a day) on every possible configuration it would be reasonable to expect that Microsoft would test their half a dozen monthly updates with, at least, widely used software like Kaspersky, for example.

 

Re: Holly freaking shiat AntiMalwarebytes just nuked 20 of our systems with False Positiv

Perfect is the enemy of good, or so they say.

 

Re: Holly freaking shiat AntiMalwarebytes just nuked 20 of our systems with False Positiv

And, what? Someone talked about a security product and you bring to discussion a security update. Oranges vs apples.

Compared to what? To millions and millions, and more who didn't have issues, because they weren't running those faulty applications?

Being well known has nothing to do with anything, at all. Nope, Microsoft's security update didn't wreck anything. Most likely it happened because they were probably using (undocumented) APIs they shouldn't be using.

I remember one security update that "ruined" systems in the past, because it patched systems that were running malicious code. But, what exactly ruined what?

By all means, search my nickname on this forum, and you'll see I'm quite the opposite. (If I were a fanboy, then I'd love Windows 8. LOL)

Microsoft didn't ruin its own system, though. They actually patched it against a security vulnerability. MBAM did ruin Windows. (By the way, nothing personal against MBAM, as I don't use it.)

It's expectable that security vendor do test their antimalware definitions to prevent such scenarios of deleting system files, but you can't possibly expect Microsoft to test every possible software combination to provide security patches to the operating system.

Software developers should also be aware that if they don't follow Microsoft's guidelines this kind of situation will happen (the security update in question).

Next, you're going to demand Microsoft to test security patches against every possible infection, and just in case not patch... one never knows... (I do believe that ever since what happened back then, that Microsoft first checks if the system is compromised and then won't patch that one system, just in case.)

 

Re: Holly freaking shiat AntiMalwarebytes just nuked 20 of our systems with False Positiv

Wow, thousands of systems? Destroyed ? Very strong words have you used.

To be precise (and perfect) the issue did not cause any data loss nor any files (info) getting deleted:
https://blogs.technet.com/b/msrc/ar...ty-bulletin-update-issue.aspx?Redirected=true


Then, simple System Restore or patch uninstallation fixes the issues (in appr. 5 minutes) with no data removed:
http://support.microsoft.com/kb/2839011


I really wish we and I had more and more technical information about this patch so that we could know more and be specific about what and why the issue appeared. Most probably it happened because the vendors were probably using unofficial/unapproved operations they shouldn't use. Currently, no specific information has been provided to the public.

MMPC does this with the anti-malware updates which are released multiple times per and due to this are with higher chance to cause fault on more machines. MMPC is different team(s) than the Windows Update team. So far MMPC produced no false positives (check their history).

 

Its nice ot hear Malwarebytes is hiring, goes to show how much the computer security sector seems to be growing lately. Now if only I had my degree

 

Degree isnt a necessary requirement. Its more knowledge and proving what you know.

 

How true! A degree says you are supposedly an expert in something...and an expert is a drip under pressure.

 

Things go wrong sometimes. the bigger a company gets the more likely it is to happen. How quickly the situation is solved is what is important.

 

THANKS!

Great to hear!
Good luck!