20,000 perfect patches may be under the belt, but it only takes one or two poor ones to raise the ire of users, as Malwarebytes has discovered.
The antivirus software vendor, known for providing mobile and PC-based protection, pushed out a production update on Saturday.
However, users quickly swarmed the Malwarebytes forum to complain of sudden spikes in CPU and RAM usage, sometimes severe enough to crash or freeze their systems.
Screenshots and customer complaints included sudden gigabytes of RAM usage, real-time web protection turning itself off and failing to restart, and jammed systems due to resource usage overloads.
The failed update impacted Malwarebytes for Windows Premium, Malwarebytes for Windows Premium Trial, Malwarebytes Endpoint Security (MBES), and Malwarebytes Endpoint Protection (Cloud Console).
According to Malwarebytes' analysis (.PDF), the issue was caused due to web protection blocks. The company has been working to improve this area of web protection and added "enhanced detection syntaxes" to include block categories in product definitions.
However, an "oversight" caused a failure. Syntax controls were not implemented in the new detection syntax, deforming detection procedures and spiking resource usage.
"The root cause of the issue was a malformed protection update that the client couldn't process correctly," Malwarebytes administrator Marcin Kleczynski said. "We have pushed upwards of 20,000 of these protection updates routinely."
"We test every single one before it goes out," Kleczynski added. "We pride ourselves on the safety and accuracy of our detection engines. To say I am heartbroken is an understatement."
Customers have reported that the fix is no longer destroying their CPU and memory usage and appears stable.
Users impacted by the update must install the latest fix and may have to restart their systems a number of times to resolve the issue.
Previous and related coverage
It has taken some time, but the website is finally offering enhanced security for Reddit accounts.
The dangerous bug allows attackers to remotely execute code through the popular app framework.
The most common Trojan found on today's networks is also, unfortunately, one that script kiddies delight in.