We have discovered that the Linux Security 7.00 that we released just three weeks and a few days ago, contains a very serious bug that can have severe consequences for customer systems. The short version is: if you have installed Linux Security 7.00 and you are using the Client Edition keycode, please uninstall immediately to prevent further damage to your system. Below I have included the official recall notification sent to our maintenance notification mailing list and partners.
How could this happen? There really is no excuse to let this kind of things pass our testing. We have often boldly and proudly talked about our extensive testing and validation processes - and yet we failed to catch this bug. There were a number of things that went wrong, each of which should have caught this mistake. We do code reviews, automatic tests, manual validation, etcetera, and still at each of those steps human error made this possible. While researching this issue, most of our mistakes became very apparent to us, and steps have already been taken to prevent this and similar things from happening in the future, but we will still need to carefully examine this situation to figure out every possible way to fix our tools, processes and mindsets.
Here is the recall notification:
RELEASE RECALL A serious issue has been discovered in the newly released F-Secure Linux Security 7.00. The flaw only affects installations using the Client Edition keycode. When triggered, the bug will cause serious data loss and possibly render the system unusable by removing the entire /var directory hierarchy. In other cases, random sub-directories of /var can be silently deleted from the system. Installations using the Server Edition keycode or running in evaluation mode are not affected. To recover, the user must restore the /var directory from a backup. F-Secure is urging all users of F-Secure Linux Security 7.00 Client Edition to not make new installations and immediately uninstall it from all systems to prevent further damage. To check if your system is affected, run: grep “Device or resource busy” /var/opt/f-secure/fssp/dbupdate.log If the command returns one or more rows, there is a high probability that parts of your /var directory structure has been deleted and must be restored from a backup. F-Secure will release F-Secure Linux Security 7.01 within a few days, that will fix this issue. A new notification will be posted when this new version is available.