Incident: Kaspersky Antivirus Update Causes Windows XP Internet Connectivity Issue

Published Date: 2013-02-05

Postmortem Analysis
Timeline 1. The software failure incident with Kaspersky antivirus causing Windows XP computers to lose Internet connectivity happened on February 4th, as mentioned in Article 17227.
System 1. Kaspersky Anti-Virus for Windows Workstations 6.0.4 MP4 2. Kaspersky Endpoint Security 8 for Windows 3. Kaspersky Endpoint Security 10 for Windows 4. Kaspersky Internet Security 2012 and 2013 5. Kaspersky Pure 2.0 ([17227])
Responsible Organization 1. Kaspersky Lab [17227]
Impacted Organization 1. Windows XP users who run certain Kaspersky antivirus software experienced loss of Internet connectivity due to a buggy update [17227].
Software Causes 1. The software cause of the failure incident was a database update released by Kaspersky Lab on Monday, February 4th, at 11:52 a.m., EST, which caused the Web Anti-Virus component in certain Kaspersky products to block Internet access [17227].
Non-software Causes 1. The failure incident was caused by a database update released by Kaspersky Lab on Monday, February 4th, at 11:52 a.m., EST [17227]. 2. The problem was limited to x86 systems with specific Kaspersky Lab products installed [17227].
Impacts 1. Windows XP users running certain Kaspersky antivirus software lost their Internet connectivity after downloading a new update, leading to IT administrators receiving numerous complaints and calls to the help desk [17227]. 2. IT admins had to resort to temporary solutions like shutting down monitoring of certain ports or disabling the Web Anti-Virus component to restore Internet access for affected users [17227]. 3. The software failure incident caused frustration among users, with some criticizing Kaspersky for not responding effectively to the problem and for the inconvenience caused [17227]. 4. The incident resulted in affected customers needing to perform specific steps to resolve the issue, such as disabling the Web Anti-Virus component or rolling back the update to a previous version of the database [17227].
Preventions 1. Thorough testing and quality assurance procedures before releasing updates could have potentially prevented the software failure incident. This would involve testing the update on various systems, including Windows XP, to ensure compatibility and functionality [17227]. 2. Implementing a more robust rollback mechanism in case of unexpected issues with updates could have helped mitigate the impact of the failure. This would allow for a quicker restoration of services by reverting to a stable version [17227]. 3. Improved communication and responsiveness from Kaspersky to user complaints and feedback on the forum could have potentially led to a quicker resolution of the issue and a better user experience [17227].
Fixes 1. Disabling the Web Anti-Virus component of the protection policy for managed computers temporarily, clearing the updates repository, downloading updates, and running the group update task for managed computers [17227]. 2. Performing a database update to resolve the issue, either automatically through the Administration Kit/Security Center console or by manually disabling the Web Anti-Virus component before updating directly from Kaspersky servers [17227].
References 1. Kaspersky forum users and IT administrators who reported connectivity problems after the update [Article 17227]. 2. Kaspersky Lab's official statement to CNET regarding the issue and the fix [Article 17227]. 3. Comments and feedback from users on the Kaspersky forum regarding the impact of the software failure incident [Article 17227]. 4. Details provided by Kaspersky Lab about the cause of the issue, affected products, and the steps to resolve the problem [Article 17227].

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization (a) The software failure incident related to Kaspersky antivirus causing Windows XP computers to lose Internet connectivity is an example of a recurring issue within the same organization. Kaspersky had previously experienced a similar problem with a database update causing connectivity issues for users. The incident in question was caused by a database update released on February 4th, affecting specific Kaspersky Lab products like Kaspersky Anti-Virus for Windows Workstations, Kaspersky Endpoint Security, Kaspersky Internet Security, and others [17227]. (b) The software failure incident involving Kaspersky antivirus blocking Internet access due to a faulty update is not explicitly mentioned to have occurred at multiple organizations. The focus of the incident was on Kaspersky Lab's products and the impact on users of those specific products [17227].
Phase (Design/Operation) design (a) The software failure incident in the articles was primarily related to the design phase. The incident occurred due to a buggy update released by Kaspersky that caused Windows XP computers to lose their connection to the Internet [17227]. The error was caused by a database update that was released, affecting specific Kaspersky Lab products installed on x86 systems [17227]. Kaspersky acknowledged the problem and provided steps to address the issue, indicating that the failure was due to contributing factors introduced during the system development and update process [17227]. (b) The software failure incident did not seem to be directly related to the operation phase or misuse of the system. The focus was on the update released by Kaspersky causing connectivity issues for Windows XP computers, and the steps provided by Kaspersky to resolve the problem were more related to system development and updates rather than operational issues or misuse [17227].
Boundary (Internal/External) within_system (a) within_system: The software failure incident with Kaspersky antivirus software causing Windows XP computers to lose Internet connectivity was due to an error in a database update released by Kaspersky Lab on February 4th [17227]. The issue was limited to specific Kaspersky Lab products installed on x86 systems, and the company provided steps to resolve the problem by either disabling the Web Anti-Virus component or rolling back the update [17227]. (b) outside_system: There is no specific mention in the articles about the software failure incident being caused by contributing factors originating from outside the system.
Nature (Human/Non-human) non-human_actions, human_actions (a) The software failure incident in this case was primarily due to non-human actions. The issue stemmed from a database update released by Kaspersky Lab on February 4th, which caused the Web Anti-Virus component in certain Kaspersky products to block Internet access for Windows XP systems [17227]. (b) However, human actions were also involved in addressing the failure. IT administrators and users had to take steps such as disabling the Web Anti-Virus component, clearing and downloading updates, and following specific instructions provided by Kaspersky to resolve the issue [17227]. Additionally, there were criticisms from users regarding the handling of the incident by Kaspersky, indicating a human element in the response to the failure.
Dimension (Hardware/Software) software (a) The software failure incident reported in the articles was primarily due to contributing factors originating in software. The issue was caused by a database update released by Kaspersky Lab, which led to the Web Anti-Virus component in certain products blocking Internet access [17227]. (b) The software failure incident was not attributed to hardware-related factors but rather to a software issue caused by the faulty database update released by Kaspersky Lab [17227].
Objective (Malicious/Non-malicious) non-malicious (a) The software failure incident described in the articles was non-malicious. It was caused by a database update released by Kaspersky Lab that inadvertently blocked Internet access for Windows XP machines running certain Kaspersky antivirus software [17227]. The problem was limited to specific Kaspersky Lab products and was not intentional but rather a result of an error in the update deployment process. Kaspersky Lab acknowledged the issue, provided a workaround, and released a fix to address the problem [17227].
Intent (Poor/Accidental Decisions) poor_decisions (a) The software failure incident described in the articles was primarily due to poor decisions made by Kaspersky Lab. The incident was caused by a database update released on February 4th, which led to Windows XP computers losing their Internet connectivity. The update affected various Kaspersky Lab products, including Kaspersky Anti-Virus for Windows Workstations, Kaspersky Endpoint Security, Kaspersky Internet Security, and Kaspersky Pure 2.0 [17227]. Kaspersky Lab acknowledged the problem and provided a fix, but the initial update caused significant disruptions for users, leading to complaints from IT administrators and users. The workaround suggested by Kaspersky Lab involved disabling the Web Anti-Virus component or rolling back the update to restore Internet connectivity. However, these steps were deemed cumbersome and not satisfactory by affected users, who criticized Kaspersky for the poor handling of the situation and the delays in resolving the issue [17227].
Capability (Incompetence/Accidental) accidental (a) The software failure incident in this case was not due to development incompetence. It was caused by a database update released by Kaspersky Lab that inadvertently blocked Internet access for Windows XP computers running certain Kaspersky antivirus software [17227]. (b) The software failure incident was accidental, as it was caused by an error in the database update released by Kaspersky Lab, leading to the Web Anti-Virus component blocking Internet access for some users. The company acknowledged the issue and provided steps to resolve it, including disabling the Web Anti-Virus component or rolling back the update [17227].
Duration temporary The software failure incident reported in Article 17227 was temporary. The issue caused by the Kaspersky antivirus software update led to Windows XP computers losing their Internet connectivity. Kaspersky acknowledged the problem and provided a fix by releasing an update to address the issue. Users were advised to disable the Web Anti-Virus component temporarily until the update was applied to restore Internet connectivity. The problem was resolved within the same day by uploading a database update to public servers, and customers were instructed to perform a database update to resolve the issue [17227].
Behaviour crash, omission, timing, value, other (a) crash: The software failure incident described in the articles can be categorized as a crash. Windows XP users running certain Kaspersky antivirus software experienced a loss of Internet connectivity after downloading a new update. This loss of connectivity can be seen as a system crash where the software failed to maintain its intended function of keeping users connected to the Internet [17227]. (b) omission: The incident can also be categorized as an omission. The Kaspersky antivirus software omitted to perform its intended function of protecting the system without causing connectivity issues. Users had to disable the Web Anti-Virus component or take other temporary measures to restore Internet access, indicating an omission in the software's expected behavior [17227]. (c) timing: The timing of the software failure incident can be considered as a factor. The update causing the connectivity issue was released on Monday, February 4th, at 11:52 a.m., EST. Users faced the problem after this update, indicating a timing issue where the software performed its intended function (updating) but at an inappropriate time leading to connectivity problems [17227]. (d) value: The incident can also be attributed to a failure in value. The software performed its intended function of updating the database, but the update caused the Web Anti-Virus component to block Internet access, leading to incorrect behavior. Users had to disable the component or roll back the update to resolve the issue, indicating a failure in the value provided by the software [17227]. (e) byzantine: The software failure incident does not exhibit characteristics of a byzantine failure where the system behaves erroneously with inconsistent responses and interactions. The issue primarily revolved around the loss of Internet connectivity due to the update, and the steps provided by Kaspersky aimed to address this specific problem in a consistent manner [17227]. (f) other: The software failure incident can be further categorized as a failure related to user inconvenience and dissatisfaction. Users expressed frustration with the situation, criticizing Kaspersky for the lack of effective response and the inconvenience caused by the connectivity issue. This aspect of user dissatisfaction and inconvenience is another behavior exhibited in this software failure incident [17227].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence property The consequence of the software failure incident described in the articles is as follows: (d) property: People's material goods, money, or data was impacted due to the software failure. The software failure incident caused Windows XP computers running certain Kaspersky antivirus software to lose their connection to the Internet. This connectivity issue affected IT administrators and users, leading to disruptions in their work and potentially impacting their productivity. Additionally, there were complaints about the inconvenience caused by the faulty update, with some users expressing frustration over the need to disable certain components or follow lengthy steps to resolve the issue. This disruption in Internet connectivity can be seen as an impact on users' access to digital resources and services, which are essential for their work and daily activities. [17227]
Domain health The software failure incident reported in the articles was related to the industry of **health**. The incident affected users of Kaspersky antivirus software, including IT administrators managing computers in a hospital setting. One commenter specifically mentioned the impact on their hospital due to the issue with the antivirus software, highlighting the importance of having functional antivirus protection in a healthcare environment [17227].

Sources

Back to List