Kaspersky Lab's flawed anti-malware update that went out Feb. 5 for the Kaspersky Endpoint Security product continues to cause serious disruptions in enterprise networks.
And Kaspersky, which has released ensuing patches aimed at remedying the problems caused by the first bad update, is apologizing for the ongoing problems.
"Upon receiving feedback from customers, Kaspersky Lab is working to remedy stability and performance issues associated with the recent autopatch 'b' released on February 5, 2013," Kaspersky said in a statement to Network World last night.
"Customers have reported issues that include: long log-in times; slow launch of third-party applications, unavailability of Kaspersky icon in tray and, in rare cases, Internet Explorer crashing. The problem is affecting random machines running Windows XP SP3, Windows Vista and Windows 7 operating systems with Kaspersky Endpoint Security 8 for Windows 22.214.171.1241 installed. These issues are an unacceptable inconvenience and burden to the productivity of our customers but they do not affect the security of their systems."
Kaspersky said a subsequent patch named "pf80" it released on Feb. 12 "fixed all above stated problems." But one IT consultant serving a large enterprise network, who asked not to be named, said applying this patch has also been problematic, making it sometimes difficult to establish anti-malware protection. Kaspersky also released a so-called "Patch C" for Windows 8 on Feb. 9 aimed at fixing the problems caused by the original bad anti-malware update of Feb. 5. However, the IT consultant said that hasn't straightened things out in the networks he attends to.
"Kaspersky then released Patch 80, but it too caused a new set of problems, and did not always resolve those from Patch C. So now we are at 2 weeks with no resolution," the IT consultant says. He says there are rumors there may be additional fixes to come.
The IT consultant said he feels frustrated at the lack of information from Kaspersky during this fiasco. He says Kaspersky has been saying about the patches that "'this will fix the problem,' then quickly amended it to 'do not install unless you have a serious problem, patch is not fully tested,' after new problems surface. The truth is that nothing from patch B onward was tested very thoroughly or well by Kaspersky."
Enterprise customers that have spent several thousand dollars on licensing fees are in a jam, and it's "very difficult to explain to one's superior that the product you recommended no longer works, and was broken by the vendor. As users have pointed out, the behavior of the broken product is very much like a virus," he points out.
Kaspersky last night said it wanted to "apologize for any inconvenience caused" and "actions have been taken to prevent such incidents from occurring in the future."
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email: firstname.lastname@example.org.