Pages

Monday, October 03, 2011

Where are my addons? Where is my browser? Where are my bookmarks?

A lesson or two on automatic upgrades, and on security threat alerts and reacting reasonably when getting an alert.

Some corporate users wait a day or half a day before installing operating system upgrades network-wide, or other updates.

Why?

Well, it is a balance. There may be an exploitable software fault patched, and waiting extends system vulnerability and has that risk. In balance, if an upgrade itself is faulty, watch out. Faulty ones are spotted fairly quickly by the user community, and a few mineshaft canaries report things and a quick-fix is issued. That has been history.

Latest, start with the FireFox browser. A nice product, but what happened to installed special features, called addons, when users upgraded to version 7.0?

There were problems. That's what happened. Mozilla quickly released a ver 7.0.1 with a fix, and apparently the user files were not corrupted, the data remained, and users could restore their favored configurations by making the 7.0 -> 7.01 upgrade.

That is a screw-up related to one's own batch of dogfood? Is there any recent instance of messing with somebody's dogfood out of a different factory/vendor?

Short answer, yes.

Microsoft in a definitions update to its Microsoft Security Essentials [the most used home workstation antivirus software, and the parallel corporate IT product where an entire corporate network with centrally managed security installation of Microsoft Forefront Endpoint Protection were equally impacted], did a Microsoft "Oopsie."

It identified Google's Chrome browser as infected with malware, specifically a password stealing Trojan that is often used by hackers wanting to steal banking passwords and then steal cash, the "Zeus" family of malware. Upon the definitions update a message was displayed that malware was detected, and users having the auto-update set for the MSSE product, seeing that message, deleted the offending item - and lost their operating version of the competitor's browser.

Some users indicated that after installing a definitions correction-update, and reinstalling the Chrome browser, that bookmarks were lost. Other users reported bookmarks were recovered intact, that the profile files were not lost. I think it depends upon how a reinstall is done, and often installation dialog boxes are not read as carefully as one in retrospect might have judged as a more prudent procedure.

BOTTOM LINE: Antivirus definitions problems have affected major product providers besides Microsoft in this latest situation, one even giving MS XP operating system users a blue-screen-of-death crippling of essential operating system files [BSOD being a boot-up not to the user configuration as proper but to a blank blue screen, w/o any helpful hand holding for panicing users. There is a way to restore "last stable version" but there's also a way to do it wrongly, probably several, so it's best to call in a professional unless you are one, or as smart and experienced as one. With some selling computer services, that sets the bar low, but mostly don't muck it up worse is a good dogma.

Story links; the Mozilla FireFox item, here. Reporting on the Microsoft situation; here, here and here. There's probably more, but that's enough to urge caution with automatic upgrade settings and/or reacting to a security software warning of something being amiss. Immediate pushing of the panic button will likely not make anything much better if there is actual malware to be removed; and it could, per the stories, make things worse. Human nature, however, is to not remain cool under fire - or the equivalent, and to trust the warning and react quickly. Human nature sometimes is wrong and can be in instances counterproductive to species survival, or individual survival in thinning the herd.