Flawed Malwarebytes security update wipes out thousands of computers

lehnerus2000 said:

Have these jokers even heard of the concept of "testing before release"?
Didn't they have any Windows PCs available?

Before you go slating them, do you even know who these 'jokers' are? Some of the biggest names in the security community are behind Malwarebytes: Atribune (creator of VundoFix), Merijn (creator of HijackThis), Metallica (author of so, so many removal guides), S!Ri (creator of SmitfraudFix), screen317 (creator of Security Check), sUBs (creator of Combofix), Swandog46 (creator of The Avenger) just to name a few, of which there are many others. They're given countless hours of their time to the community and have asked for nothing in return; maybe you should think twice before criticising them for a small mistake in a free tool, unless you could do better?

tom982 said:

Before you go slating them, do you even know who these 'jokers' are? Some of the biggest names in the security community are behind Malwarebytes: Atribune (creator of VundoFix), Merijn (creator of HijackThis), Metallica (author of so, so many removal guides), S!Ri (creator of SmitfraudFix), screen317 (creator of Security Check), sUBs (creator of Combofix), Swandog46 (creator of The Avenger) just to name a few, of which there are many others. They're given countless hours of their time to the community and have asked for nothing in return; maybe you should think twice before criticising them for a small mistake in a free tool, unless you could do better?

Tell that to the people whose PCs stopped working.
It's lucky it apparently didn't affect any mission critical software (e.g. hospitals, traffic control, etc.).

They couldn't load the update onto some Windows PCs in their lab and see if it worked?
I'm pretty sure I could have managed that much.

They don't have a list of "... essential Windows .dll and .exe files ..."?

Since these guys are security experts, they should be aware of the blunders committed by other AV companies (e.g. AVG, Avira, McAfee, etc.).

If anything, the fact that these guys are experts, makes it worse.

Good thing I didn't update!

The fact that they are experts in their field doesn't change matters, they're still human and these mistakes happen. What's more important is that they've learnt from this and have enforced various safeguards to prevent this from happening again:

Improvements to our Updating Process - Malwarebytes Forum

I can understand the frustration of the corporate users having hundreds of computers taken offline but for one home user of the software to complain about a small hitch in the excellent software that they provide for free, I think it's incredibly naive.

Lady Fitzgerald said:

lehnerus2000 said:

...They couldn't load the update onto some Windows PCs in their lab and see if it worked?
I'm pretty sure I could have managed that much...

Oh? You really think you can try to duplicate all the possible combinations of hardware and software running out there better than they can?

I'm not an international company that sells software (I can't afford more than one PC).
Also, I didn't say that I could have tested it on every computer in the world (and I'm not blaming them for not testing it on every computer in the world).

Last time I checked AV programs were software based.
What does the hardware have to do with "... essential Windows .dll and .exe files ..."?

Are you suggesting that this update would have crashed Macs or Linux machines?

Lady Fitzgerald said:

I'm sure they did test it in their labs before releasing it but there are so many combinations of software and hardware possible and actually running, there is no way they can be expected to anticipate every possible scenario. I'm amazed that they, M$, etc. do as well as they do.

They can't afford to have 100 VMs that they run from a group of servers?

Would you be so generous, if you bought a car and it crashed, because the factory forgot to fit wheel nuts?
"So your car crashed because we forgot the wheel nuts. The other 999,999 cars we made last year had wheel nuts. What are you complaining about? That's a good ratio in anyone's books."

tom982 said:

The fact that they are experts in their field doesn't change matters, they're still human and these mistakes happen. What's more important is that they've learnt from this and have enforced various safeguards to prevent this from happening again: ...

Wrong.
The whole point of procedures is to prevent human error.
Why do you think pilots go through checklists before they take off?

This isn't the very first time this problem has occurred with AV updates.
They should have had procedures to prevent this happening (i.e. learnt form the mistakes of the other companies).

tom982 said:

I can understand the frustration of the corporate users having hundreds of computers taken offline but for one home user of the software to complain about a small hitch in the excellent software that they provide for free, I think it's incredibly naive.

It didn't affect me.
I actually updated and ran MalwareBytes on my PC that night.

Maybe you don't get "slated" when you screw up, but most people do.

I hope you'll be that understanding when your surgeon goes "Oops", during your next operation.
After all he's only human.

1. We've installed a false positive shim server. This server will have virtual machines running a wide range of different configurations and operating system versions, to mirror the range of setups our customers run. Before an update gets pushed out, it will be tested on this server, on every configuration. If a false positive is detected, it will prevent our research team from uploading a database update.

2. We've modified the tools that compress and encrypt our definition updates. The false positives on Monday were not traditional, they were caused by a corrupted file that our encryption tool did not flag. We've made immediate changes to the tool and are testing it with a roll-out date to the entire research team by the end of the week.

Sounds like a good plan.

Jim

Phone Man said:

1. We've installed a false positive shim server. This server will have virtual machines running a wide range of different configurations and operating system versions, to mirror the range of setups our customers run. Before an update gets pushed out, it will be tested on this server, on every configuration. If a false positive is detected, it will prevent our research team from uploading a database update.

2. We've modified the tools that compress and encrypt our definition updates. The false positives on Monday were not traditional, they were caused by a corrupted file that our encryption tool did not flag. We've made immediate changes to the tool and are testing it with a roll-out date to the entire research team by the end of the week.

Sounds like a good plan.

Jim

Agreed.

I agree and disagree with the comments in this thread. I guess like anything if yur a victim the shoe is reversed. I also have used MB (pro) for the longest and just today it actually removed some ROUGE files that were causing me grief ! With that being said i have the program set to run once weekly on a Wednsday which so far has worked more than satisfactory. More so now since i was able to avoid Mondays smash Still and all i dont think its reason to argue, let's keep it simple and wish those Luck that have to recover there PC's ! Overall MB is a great Proggie