McAfee Joins Sophos, Avira, Avast-The Latest Windows Update Breaks Them all:
The most recent Windows patch, released April 9, seems to have done something (still to be determined) that's causing problems with anti-malware software. Over the last few days, Microsoft has been adding more and more antivirus scanners to its list of known issues. As of publication time, client-side antivirus software from Sophos, Avira, ArcaBit, Avast, and most recently McAfee are all showing problems with the patch.
Affected machines seem to be fine until an attempt is made to log in, at which point the system grinds to a halt. It's not immediately clear if systems are freezing altogether or just going extraordinarily slowly. Some users have reported that they can log in, but the process takes ten or more hours. Logging in to Windows 7, 8.1, Server 2008 R2, Server 2012, and Server 2012 R2 are all affected.
Booting into safe mode is unaffected, and the current advice is to use this method to disable the antivirus applications and allow the machines to boot normally. Sophos additionally reports that adding the antivirus software's own directory to the list of excluded locations also serves as a fix, which is a little strange.
Anti-virus programs keeping Windows from booting — are they trying to tell us something?
(Score: 3, Funny) by Anonymous Coward on Saturday April 20 2019, @10:48PM (1 child)
Just found my excuse for not meeting a project deadline next week. Thanks Microsoft!
(Score: 5, Funny) by EvilSS on Sunday April 21 2019, @01:11AM
(Score: 5, Insightful) by JoeMerchant on Saturday April 20 2019, @10:56PM
and in the darkness, bind them. Windows Defender: strong argument #74 why I prefer Linux on my desktop.
🌻🌻 [google.com]
(Score: 1, Insightful) by Anonymous Coward on Saturday April 20 2019, @11:16PM (6 children)
When I set up my Win7 machines (most recent Windows that I have), I ran Windows update and brought them up to that date. Then turned off updates and haven't turned them back on. I do keep AVG avti-virus and Malwarebytes up to date.
I figure it's a case of the devil you know vs. the one you don't know. Microsoft is the one I don't know.
(Score: 2) by RS3 on Saturday April 20 2019, @11:23PM (1 child)
Win 7 is the highest I run regularly. I keep them updated and have not seen this problem, so it's probably Win 10 only. I have one Win 10 machine but haven't booted it in weeks.
(Score: 2) by JoeMerchant on Saturday April 20 2019, @11:27PM
I booted my Windows 10 machine this morning for the first time in a week and it's spent the next five minutes restarting and doing its updates.
🌻🌻 [google.com]
(Score: 2) by driverless on Sunday April 21 2019, @03:30AM (3 children)
Same for my Windows 8 laptop (it came preinstalled, I had no choice). Hasn't been updated in over a year, but mostly because whatever's in the update starting from about a year ago causes a bluescreen/reboot loop, so I couldn't update even if I wanted to.
Well, unless I want to see "Your PC ran into a problem and needs to restart" appearing and disappearing every few minutes like some sort of demented Redmond screen saver.
(Score: 0) by Anonymous Coward on Sunday April 21 2019, @10:37PM (2 children)
I had a similar problem on my old Acer (or was it Asus?). The way I fixed it was by resetting the update system following directions I found on Microsoft's website. That allowed it to skip downloading the update that was queued an do the fixed one instead. I'd highly recommend doing so, as I wouldn't want to be running an unpatched version of Windows.
(Score: 2) by driverless on Monday April 22 2019, @02:28AM (1 child)
Yeah, that's kinda the nuclear option, I've had to resort to that once on a Win7 machine and it was touch and go whether it was going to come back or not afterwards. Since this is a work machine that I can't afford to lose I've been a bit reluctant to take the gamble.
(Score: 0) by Anonymous Coward on Monday April 22 2019, @07:54AM
I think we are talking about different things. I just stopped a couple services, added ".bak" to a couple of folders, and then restarted the services. Of course, now there is a fix-it script or the built-in troubleshooter has added the capability now. But I get not wanting to push your luck too.
(Score: 2) by RS3 on Saturday April 20 2019, @11:17PM (3 children)
> Affected machines seem to be fine until an attempt is made to log in, at which point the system grinds to a halt.
Absolute protection. Thank you MS!
(Score: 2) by Gaaark on Saturday April 20 2019, @11:45PM
Yeah: good reason to never log into Windows! :)
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 0) by Anonymous Coward on Saturday April 20 2019, @11:51PM (1 child)
It is 2019. If you are still running Windows....
(Score: 2) by SDRefugee on Sunday April 21 2019, @04:17PM
>It is 2019. If you are still running Windows....
Having escaped from the MS ecosystem back in 2010 after a 20 year career supporting MS products as a sysadmin, I'm torn between abject pity for those who, for whatever reason, still use the malware emitted by Microsoft, and laughing my ass off at the endless stream of endless updates, that either break other software or just brick the users computer. It makes me wonder how much longer users/companies are going to tolerate this bullshit from Redmond... We shall see...
America should be proud of Edward Snowden, the hero, whether they know it or not..
(Score: 2, Insightful) by Anonymous Coward on Saturday April 20 2019, @11:28PM
Microsoft has been doing things like this for a looooong time. Remember "DOS isn't done 'til Lotus won't run"?
(Score: 4, Insightful) by Anonymous Coward on Saturday April 20 2019, @11:58PM (6 children)
AV software is notorious for using undocumented system routines and exercising poor security habits. Many of them use similar techniques as malware to get access to low level system routines.
IIRC Microsoft announced last year that they were going to cut off access to some of the routines that AV software was using even though they weren't supposed to. This should not come as a surprise to the AV vendors, but the end users are the ones paying the price.
Disclaimer: I do not use Windows, but I have installed and serviced thousands of systems over the last three decades.
(Score: 5, Insightful) by darkfeline on Sunday April 21 2019, @01:11AM (4 children)
In this case it's clearly Window's fault. The OS+AV software worked right before the update, and stopped working after the Windows update.
That's one thing I appreciate about Linus. His stance is, if something worked before and a kernel change broke it, it's a bug. Doesn't matter if the change is philosophically/aesthetically right.
Incidentally, systemd takes the opposite stance; if it's philosophically right, then your bug is wontfix.
As a user and a dev, I appreciate both sides, but if I had to pick, I'd rather my software work, rather than it be philosophically/aesthetically pleasing but not working.
Join the SDF Public Access UNIX System today!
(Score: 2, Insightful) by Anonymous Coward on Sunday April 21 2019, @01:46AM (2 children)
I disagree. If the Window update sealed off access to undocumented system routines that the AV vendors were warned not to use, then it is the AV vendors and not Microsoft who are at fault.
[shudder] I can't believe I just defended Windows.
(Score: 0) by Anonymous Coward on Sunday April 21 2019, @04:14AM
Just like in Linux. You use the internal API, and they give zero fucks about breaking it on you. The whole point of a public API is that it lets you freeze it in place while refactoring the underlying code. If you can't do something using the API your are told, then ask for a new one and make your case, otherwise don't complain when you are eaten in the land of dragons after being warned.
(Score: 2) by c0lo on Sunday April 21 2019, @10:22AM
You'd be right if Microsoft wouldn't be a AV producer/vendor itself.
As such, MS is able to use undocumented system routines they know about, getting an unfair advantage. Remember the WordPerfect brouhaha [itworld.com]?
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 3, Informative) by Anonymous Coward on Sunday April 21 2019, @04:11AM
I've seen too many bugs that they've marked as WONTFIX purely because LP thought he was right when he wasn't. For example, they've broken decades of standards since the devs were unaware of them, and then doubled down when provided with citations. They've also broken things because they've simply changed their minds. And good luck if the way you use your machine even partially differs from they way they or their overlords in red hats use their machines or think you should use yours.
(Score: 2) by c0lo on Sunday April 21 2019, @10:09AM
What do you what them to use, harsh language [youtube.com]?
The malware they need to stop use the same undocumented system routines and code [pentest.blog] injection [osletek.com]
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 4, Insightful) by Azuma Hazuki on Sunday April 21 2019, @12:30AM (3 children)
Keep your Windows on a short, tight, virtualized leash. It's not mature enough to run on the bare metal yet. Given the various CPU-level errata, virtualization isn't foolproof, but it gives you far more control (and, you know, a working OS...) when things go all wahoonie-shaped.
I am "that girl" your mother warned you about...
(Score: 5, Interesting) by vux984 on Sunday April 21 2019, @12:56AM (2 children)
The primary reason i run windows is to play games. Virtualizing windows to play games doesn't work all that great. It's getting better... slowly, but its still more hassle than it seems to be worth.
(Score: 0) by Anonymous Coward on Sunday April 21 2019, @10:40PM (1 child)
I had all sort of problems until I set Linux to use the built in graphics for rendering and then passing through the GPU card used for gaming.
(Score: 2) by vux984 on Monday April 22 2019, @10:27AM
For me that's where the issues start. I don't want a secondary monitor to be my gaming monitor; but using 2 inputs on the first monitor and using the monitor screen to switch is also a PITA. And on my living room PC, my TV its the only screen; and that's even more annoying. Then my keyboard+mouse are 'gaming' with all the extra programmability etc; and that's a fuss to deal with, plus my wireless headset for voice while using the video card HDMI out for the rest of the audio.
I'm building up to trying it; but I really want both host and guest outputting to the same screen at the same time. I saw a demo of it working copying the framebuffer from the one card to the other a few months ago; but that was still pretty experimental. So...at the end of the day, this is going to be a lot of work... and for what? Bragging rights mostly. :p
(Score: 2) by jb on Sunday April 21 2019, @05:31AM (1 child)
How is that any different to the way any (currently "supported" release of) Windows performs most of the time?
I'm surprised that anyone noticed!
(Score: 2) by Bot on Sunday April 21 2019, @09:12AM
Basically, windows is the only operating system which can freeze for 10 hours and having users not giving up thinking it's just slower than usual, and they are right too.
Account abandoned.
(Score: 0) by Anonymous Coward on Sunday April 21 2019, @08:44AM (1 child)
When is this patch likely to hit Ubuntu Mate 18?
(Score: 2, Funny) by Anonymous Coward on Sunday April 21 2019, @07:40PM
When Poettering gets to it! Shut up and sit tight, he didn't give you permission to request anything!
(Score: 0) by Anonymous Coward on Sunday April 21 2019, @09:34PM
Eventually they will 'break' anything not purchased ( or i guess leased by that point ) from Microsoft.
Hey, its their OS, they can do what they please.
(Score: 0) by Anonymous Coward on Monday April 22 2019, @03:54AM
I'm pissed at McAfee. We opened a case with a solid repro on the Thursday after patch Tuesday and it took them over a week to publicly acknowledge it.