A flawed security update to Webroot, an antivirus programme for Windows, has impacted Windows computers running all versions of the operating system.
The flawed antivirus update identified Windows programmes and other legitimate apps as malware and shut them down, thereby crippling computers.
“A folder that is a known target for malware was incorrectly classified as bad, and Facebook was classified as a phishing site. The Facebook issue was corrected, and the Webroot team is in the process of creating a comprehensive fix for the false positive issue,” said Webroot to PC World.
Webroot has identified the error and is fixing it, but until it is done, the company is offering useful tips to Windows users to get around the issue. The company believes this may take another 24 hours to resolve.
“We are still working to resolve this issue through the night and will keep you updated as soon as more information becomes available. Webroot has not been breached and customers are not at risk. Legitimate malicious files are being identified and blocked as normal. We continue to work on a comprehensive resolution, but a live fix has been released for the Facebook issue and is propagating through to customers now,” wrote the company on its community forum.
“The files that were mistakenly marked bad have been re-marked good. Webroot will run the automated agent command approach. But as I said it will take time to reach all endpoints. If you have critical business apps that need immediate attention, then using a local approach will be best. To the extent you can, ensure your endpoints are online so commands can be received,” wrote Mike Malloy, Webroot’s executive vice president of products and strategy.
This isn’t the first time that Windows computers have been at the receiving end of serious flaws. Last year, the popular ‘zero day vulnerability‘ allowed hackers to hack into nearly any Windows PC they chose, and it was something that traditional antivirus software could not detect. Microsoft eventually released a patch, but the vulnerability was fully exploited by cyber-criminals. The vulnerability was reportedly put up for sale on the Dark Web for £62,000.
In August, the NHS also raised an alarm about vulnerabilities in many hospital computers which continued to run Windows XP. According to NHS, the operating system was first released in 2001 and had not received any security upgrades since April 2015. Out of 42 NHS Trusts, 21 were unsure if they would migrate to newer operating systems.
“Whilst many authorities now only use a small number of devices that run Windows XP, the transition to a newer operating system needs to happen as a matter of urgency. With the health sector accounting for the most data security breaches across all public-sector departments, it is critical that up-to-date and secure software is in place to safeguard patient data against cyber attackers,” said John Cook, director of sales for the UK and Ireland at Citrix.