Image via WikipediaBitdefender antivirus unwittingly released a signature update to its users on March 20th that detected and quarantined key Windows system files as malware, causing general OS failures.
Bitdefender had this statement on the news portion of their site:
“Saturday around 8:20am PST, an update that we were working on was uploaded prematurely in our servers. This update affected only products running on Windows 64-bit systems.”
The premature update caused various .exe and .dll files to be quarantined for both the Windows software and the Bitdefender software, each file detected as Trojan.FakeAlert.5.
“Consequently, for some systems, BitDefender did not run anymore, applications did not work or Windows could not start.”
This caused quite an uproar among the AV’s users as well as Bullguard antivirus users, whose software relies on Bitdefender’s engine and signatures. Though both companies have offered assistance in remediating the situation, many customers are outraged, especially when the only compensation offered to users so far has been free usage of the very software that caused the problem. A blunder like this also does nothing for the image of AV whose credibility and effectiveness has been in question for the last few years.
Detection rates by some AV groups is often low and the gap between release of new malware and its detection by AV is currently too significant, allowing for the growth of large botnets like Mariposa. False alarms, especially when automatically quarantined, can disrupt or severely damage home user and business systems, as it has with this update mishap.
I’m sure many of the Bitdefender/Bullguard users will be jumping ship, scouting alternative antivirus software, but how will they know which one to choose and which one to trust? A lot of AV company blogs end with something like, make sure you are completely updated with the latest signatures or software versions to ensure your protection.
Bitdefender’s help page:
Bullguard’s help page:
Threat Research & Analysis