For many users, one of the most important lines of defence is their anti-virus (AV). Many casual users will often set an AV up at install and forget that it exists, letting it run in the background. Sometimes, however, the AV suites can do more harm than good. Earlier today, Malwarebytes, accidentally shipped a new protection update that caused client computers to crash en masse. Fortunately, the company was quick to issue a fix that is now pushing out to users.
The issue stemmed from a new protection update to the Web Protection Module. Due to an unknown issue, the software was unable to process the malformed update. This caused a spike in RAM usage that eventually leads to a system crash. Users reported that the service could use well over 9GB and even 16GB of memory due to the error. To resolve the issue, Malwarebytes pushed out update package version 1.0.3803 with a fix.
Due to the level of trust placed in AV vendors, this bug shocked many users. Historically though, AV does have a mixed reputation. Performance drops due to AV are not uncommon and they can serve as another avenue of attack and bugs. Both Google and Microsoft and Mozilla have come out against AV software at times on their respective platforms. This is because the AV often delves deep into the system, hooking into a lot of OS services. Simply put, AV needs high levels of access to protect users but this can be exploited by attackers. OS vendors are also building in traditional AV protections into the system as default.
For Malwarebytes users, there are couple ways to resolve the issue. One is to stop updates until the new patch replaces the old one. Another is to disable Web Protection for now. Finally, affected users will need to restart their system and update their AV to the latest patch. Malwarebytes is saying it may take up to 2 or 3 reboots to fix the issue entirely. Hopefully, an issue like this won’t happen again for a long while. The company is promising to change the way their test and deliver their updates as well. Its good to see at least that the fix was pushed to users relatively quickly as well.