dslreports logo
 story category
Kaspersky AV Breaking CHKDSK?
Security forum regulars lament 'iSwift' technology

For several weeks, users in our security forum have been discussing a problem with Kaspersky Anti-Virus they say the company refuses to properly address. At fault is the company's iSwift technology, which speeds up virus scans by tagging (NTFS-identifiers) certain files and tracking whether they've been changed (and thus need to be rescanned).

According to forum users, the technology all but breaks CHKDSK functionality, and the changes are permanent even if you uninstall the software. Kaspersky blames Microsoft for the problem, but our forum regulars insist the problem is Kaspersky's.
view:
topics flat nest 
cali310
join:2000-07-01
Laveen, AZ

cali310

Member

Idiocy...

If CHKDSK works before installing Kaspersky and doesn't after installing how can they blame MS??

FFH5
Premium Member
join:2002-03-03
Tavistock NJ

FFH5

Premium Member

Re: Idiocy...

said by cali310:

If CHKDSK works before installing Kaspersky and doesn't after installing how can they blame MS??
They blame Microsoft because the operating system let them break the directory structure. That is the same philosophy hackers use. MS should have prevented my exploit from happening - so that is their fault and not mine for creating the exploit.

adisor19
join:2004-10-11

adisor19

Member

Re: Idiocy...

said by FFH5:

said by cali310:

If CHKDSK works before installing Kaspersky and doesn't after installing how can they blame MS??
They blame Microsoft because the operating system let them break the directory structure. That is the same philosophy hackers use. MS should have prevented my exploit from happening - so that is their fault and not mine for creating the exploit.
no no NO. This is a feature of NTFS that has never been used heavily up untill now and it turns out that chkdsk chokes when encountering the tags because it was never properly tested !! This IS totally MS's fault for not properly testing their chkdsk program with all the features that NTFS file system supports.

Adi

Woody79_00
I run Linux am I still a PC?
Premium Member
join:2004-07-08
united state

1 recommendation

Woody79_00

Premium Member

Re: Idiocy...

How can you possibly blame Micrsoft for this! that is absurd

Kaspersky failed to implement the API correctly. just because an API/Program works doesn't mean there isn't a "Logic" error in the way the program was made, thus the code runs without error but really messes something up.

Trend Micro, Norton, and other companies have been using this same technique for awhile now(What Kaspersky calls ISwift) and none of those users have had any issues with CHKDSK or any other app

Kaspersky ISwift is has some serious Logic flaws in its code, and it is messing up the NTFS Idetifiers which in turn is not Mtaching up with the MFT(Master File Table) this is what is really causing the issue

if the Identifiers(Which ISwift changes) do not match what the Identifies should be in the MFT it causes a serious problem with CHDSK they must match....Kaspersky failed to update the MFT with the proper Values when it modifies the identifentifiers on the said files, so the original data in the MFT doesn't match the files ISwift changed.

this is "ALL KASPERSKY'S FAULT" Not Microsoft's.

Like i said Trend Micro's "Turbo Scan" has been using this for a bit now, so has Norton, and other products, and there have been no issues because these products update the MFT properly to reflect the changes to the identifiers that they made, Kaspersky failed to do this and has fragged peoples systems because of it

Persnoanlly if i was a businesses owner dealing with this, I would have every reason to file suit against them...there is definitly reasonable grounds to sue, loss of data, ect, you could most definitly sue them on this for sure, but it wouldn't be worth it unless you were a businesses....a EULA does not protect a software maker from damage "due to negligence" which is exactly what this is. There have been countless cases where a EULA said "We can not be held liable for any damages" yet a lawsuit was brought and the plantiff won, so don't buy to much into EULA'S its up to a judge if the cases deserves merit,

I sued a cellphone compnay once, even though the contract said "i cna't sue and must agree to arbitration
" a Judge threw out that clause stating i had "sufficent grounds to sue" due to harrassment, failure on the wireless company to provide adequate service" among other things

but this is definitly Kaspersky's fault

there right up there with norton, i would never install a piece of garbage software like this on my Machine, i thought Norton was bad, even McAfee (which i used for years) never fragged my computer...i don't even think Norton has ever fragged a PC this bad before...

how pathetic

Kaspersky gets a thumbs down from me for not manning up and admitting their mess up and doing the best they can to fix the problem.

Cabal
Premium Member
join:2007-01-21

Cabal to FFH5

Premium Member

to FFH5
said by FFH5:
said by cali310:

If CHKDSK works before installing Kaspersky and doesn't after installing how can they blame MS??
They blame Microsoft because the operating system let them break the directory structure. That is the same philosophy hackers use. MS should have prevented my exploit from happening - so that is their fault and not mine for creating the exploit.
Insecure programming is the fault of the person who finds it? Really?

KrK
Heavy Artillery For The Little Guy
Premium Member
join:2000-01-17
Tulsa, OK
Netgear WNDR3700v2
Zoom 5341J

KrK to FFH5

Premium Member

to FFH5
said by FFH5:

They blame Microsoft because the operating system let them break the directory structure. That is the same philosophy hackers use. MS should have prevented my exploit from happening - so that is their fault and not mine for creating the exploit.
Actually--- that's not so much the case in this particular issue.

As I understand the issue, Kaspersky hasn't done anything that is proprietary or non-standard. From what I've read, their method uses a documented feature of the NTFS filesystem--- ie one that's supposed to work fine. However it turns out that NTFS backwards compatibility with CHKDSK wasn't properly tested by MS. Since this feature hasn't been widely used before (if it all) the issue hadn't come up.

So, basically, they're both right. Yes, the problem has arisen out of a feature in the NTFS that isn't backwards compatible with CHKDSK. MS's fault there...

... But since Kaspersky is using it, and breaking customers applications, Kaspersky is also at fault in the eyes of the user. I'm betting Kaspersky will have to change their programs before MS does....
Skippy25
join:2000-09-13
Hazelwood, MO

Skippy25 to cali310

Member

to cali310
Microsoft's blame is that if it is a problem with chkdsk then it should be fixed to work as it should.

Kaspersky's blame is that they surely knew there was a problem and yet released it without resolving this with MS first. If they didn't know of the problem then every person in their QA department should be terminated.

snolsen
join:2004-01-10
Bedford, NH

snolsen

Member

Re: Idiocy...

The everyone in MS' QA department should be fired then?
lawrence171
join:2001-12-24
Canada

1 recommendation

lawrence171

Member

Re: Idiocy...

said by snolsen:

The everyone in MS' QA department should be fired then?
Wouldn't be the first time. Windows ME anyone?

RayW
Premium Member
join:2001-09-01
Layton, UT

1 recommendation

RayW

Premium Member

Before too much mud is slung -

They are talking about tagging files with a checksum using tagging NTFS-identifiers. Now we all know that Microsoft has a bad habit of giving and taking away 'hidden'/'undocumented' (note the tick marks) features, so just exactly was/is this NTFS-identifiers used for? Has the purpose of this NTFS-identifiers changed over the years (again, Microsoft has done that in the past and then blamed others for misuse of that changed feature).

Once the history and use of the NTFS-identifiers has been laid out, what does CHKDSK now do that using this feature(s) in another application breaks it? Has CHKDSK changed over the years to make the use of NTFS-identifiers by other applications problematic?

If you can, please post links to relevant (NOT Wikipedia!) sites that will help folks like me who are not as smart as others here know what you are talking about.

This subject is one that has a very high polarization potential, so maybe if people stop and think before posting, we might learn a bit about what is going on.
ossito16
join:2004-07-31
Whiting, IN

ossito16

Member

software security

In my opinion, Kaspersky went all corporate on us and like most companies they seemed less concerned about the actual function of product. I think they became more concerned about people using their software for free. As they have come up with a very hard product to pirate. There are other AV makers doing the same i.e. AVG, Avast, etc. Could you imagine if Winzip (or Winrar for power users) would have pulled the same crap and actually did not allow there product to be used at all after the trial period. We would all still be using the old school PKZIP, command line style. I actually know people who purchased KASP AV and still had problems with serial number and updating. I switched to Comodo AV and their other products because it is free. They make there money by selling Server/Application Security programs to big companies, all the while generating some name recognition with the free software.
I remember when most people used Easy-CD Creator for burning because it came installed on your PC or with CDROM, but the PC power users used Nero. Now look Nero comes with your CDROM's, cha-ching for Nero corp. They still know what got them to the top as there software is not totally crippling after trial period ends and is easy to crack.

DrugSkill
join:2005-11-14
Saint-Jean-Sur-Richelieu, QC

DrugSkill

Member

7z

There is a software which in my opinion is better than WinRAR and WinZip and which is totally free, 7z. No need for Pkzip...
SpookyET
join:2001-04-30
Lawrenceville, GA

SpookyET

Member

Bollocks

When you uninstall Kasperksy 6.0, it ask whether or not it should keep the tags on files in case you uinstall. If you refuse, it removes the NTFS-identifiers. It takes a while, but it does it. That said, it's probably still the best signature based antivirus.

I, for one, am a NOD32 fan. I installed Kasperksy 7 on Vista and it slowed my system to a crawl. It was probably Proactive Defence. But, still. I am looking forward to Eset Smart Security.
SunnyFL8
Premium Member
join:2001-02-08

SunnyFL8

Premium Member

Worksf or me

I have XP PRO (NTFS) and also have Kaspersky AV and CHKDSK doesn't have any problems. It works fine.

OldschoolDSL
Premium Member
join:2006-02-23
Indian Orchard, MA

OldschoolDSL

Premium Member

Re: Worksf or me

said by SunnyFL8:

I have XP PRO (NTFS) and also have Kaspersky AV and CHKDSK doesn't have any problems. It works fine.
SAME Here

DrugSkill
join:2005-11-14
Saint-Jean-Sur-Richelieu, QC

DrugSkill

Member

NOD32

I'm a NOD32 fan too, I have it installed on my Windows Xp machine and my Windows Vista machine too.

ctceo
Premium Member
join:2001-04-26
South Bend, IN

3 edits

ctceo

Premium Member

Heres a thought

MS more than likely knew of a possible problem with the NTFS file system, but likely wasn't going share that information with other companies unless they absolutely had to, Their Fault for not making sure it worked properly in the first place.

Kaspersky either knew or found out accidentally about this flaw, and choose to utilize it in their iSwift technology anyway, regardless of the repercussions, So Kaspersky is now Partially at fault as well. For not telling their customers the potential incompatibility with chkdsk, or failing to do so in an efficient and effective manner.

Hmmm. Sounds to me like we have Two companies whose heads are too big to admit fault, when the actual blame lies with BOTH companies, for failing to work together to resolve this issue be fore it became one.

chanur
Premium Member
join:2001-02-26
Colorado Springs, CO

2 edits

chanur

Premium Member

Not "all but breaks"

Slows down.

Tremendously.

In some cases, but not all.

But not beyond the realm of usability, unless you run CHKDSK every time you boot.

Really, all things considered, not a big deal.

rob_in_chatt
Premium Member
join:2004-09-17
Chattanooga, TN

rob_in_chatt

Premium Member

AVs

AVG on an XP and Vista machine, Norton Corporate on another Vista and XP machine as well. all 4 run perfect with no problems.

evilghost
Premium Member
join:2003-11-22
Springville, AL

evilghost

Premium Member

Re: AVs

Rob, while you're plugging products that have no reason to really be in this thead I guess I'll add my two cents.

Ubuntu Linux, no AV, no need, no problems, no empty wallet.

rob_in_chatt
Premium Member
join:2004-09-17
Chattanooga, TN

rob_in_chatt

Premium Member

mine isnt either, i wasnt plugging anything. just stating what i use. you think id pay for any of this? lmao nope.