Story image

Malwarebytes CEO 'heartbroken' after botched program updates cause RAM spikes

01 Feb 2018

Malwarebytes has urged its customers to update their software after a botched update last Saturday caused massive memory spikes and computer crashes.

The update affects both enterprise and consumer versions of popular Malwarebytes solutions including:

Malwarebytes for Windows Premium; Malwarebytes for Windows Premium Trial; Malwarebytes Endpoint Security (MBES); and Malwarebytes Endpoint Protection (Cloud Console).

According to the team, the following products are not affected: Malwarebytes for Windows in Free Mode; Malwarebytes for Mac; Malwarebytes for Android; ADWCleaner; Malwarebytes Incident Response standalone (MBBR); and Malwarebytes Incident Response (Cloud Console) for Windows or Mac.

So what happened? On the weekend of January 27 the company released protection update v1.03798 for all Windows machines – but it came with an unexpected side effect.

Some customers started reporting internet block notifications and spikes in RAM as high as 12,930MB according to an official forum.

An official root cause analysis from Malwarebytes’ Engineering and Research team says that the root cause was a product improvement that backfired.

“A review of recent updates found that we had included in the Web Filtering Block List a detection with a syntactical error that resulted in the Web Filtering System to block a large range of IPs,” the analysis says.

“This broken detection was present in the update version v1.0.3798 thru v1.0.3802. (v2018.01.27.03 - v2018.01.27.11 for MBES customers). It was removed in v1.0.3803 (v2018.01.27.12 for MBES customers).”

The analysis explains further:

“There are detection syntax controls in place to prevent such events as the one experienced in this incident. Recently we have been improving our products so that we can show the reason for a block, i.e. the detection "category" for the web protection blocks.”

“In order to support this new feature, we added enhanced detection syntaxes to include the block category in the definitions. The unfortunate oversight was that one of the syntax controls was not implemented in the new detection syntax, which cause the malformed detection to be pushed into production.”

As soon as reports of the errors came in, the company says it turned off updates to all customers to limit the damage.

“The root cause of the issue was a malformed protection update that the client couldn't process correctly. We have pushed upwards of 20,000 of these protection updates routinely. We test every single one before it goes out. We pride ourselves on the safety and accuracy of our detection engines. To say I am heartbroken is an understatement,” comments Malwarebytes CEO Marcin Kleczynski in a forum post.

Malwarebytes says it will take a number of corrective actions including wider and stronger syntax checking of Web Filtering heuristics; faster rollback for problematic detections; and adding more machines to its testing cluster.

Malwarebytes says that any affected customers should install the latest protection update that should fix the issue.

“If the update does not resolve the issue automatically for you, please shut down web protection, check for protection updates, and restart your computer,” Kleczynski says.

 “We are working hard to not only triage your issues and get your computer or business back up and running but to also rebuild your trust. We are going to overhaul how we publish these protection updates so that this never happens again,” Kleczynski concludes.

Doctor Who fans: This one’s for you
Doctor Who: The Edge of Time is a new, VR gaming experience set to be released this September.
Are AI assistants teaching girls to be servants?
Have you ever interacted with a virtual assistant that has a female-based voice or look, and wondered whether there are implicitly harmful gender biases built into its code?
Hands-on review: Is the Apple Watch 4 worth the price?
Apple’s flagship wearable device, the Apple Watch, is generally touted as the gold standard for what wearables should be able to achieve today.
Who's watching you? 
With privacy an increasing concern amongst the public, users should be more aware than ever of what personal data companies hold.
Game review: Rage 2 (PC)
The similarities between Mad Max and Rage 2 are very apparent. The overall setting and design aesthetic are clearly inspired, if not from the Mad Max game, from the Mad Max movies.
Apple brings 8-core processors to MacBook Pro
The addition of 8th- and 9th-generation Intel Core processors will deliver 40% more performance than a 6-core Pro.
Hands-on review: Playing the long game with the The iPhone XR
The red XR is a rare case of having a phone that’s ‘too pretty to be covered’ - and it’s not hard to see why.
Hands-on review: MiniTool Power Data Recovery Software
I came across a wee gem of advice when researching the world of data recovery. As soon as you get that sinking feeling and realise you’ve lost a file, stop using your computer.