Main Area and Open Discussion > General Software Discussion
Here we go again with false positive antivirus actions bricking computers
mouser:
Honestly when are these antivirus companies going to learn that this behavior is unacceptable? You can't go around deleting people's core system files because your 1 day old untested new virus signatures "think" they found something suspicious. Give me a break! How many times do we have to keep having this discussion?
McAfee pushed out a virus definition update, 5958, at 14:00 PDT that causes false positive identification of the critical Windows system file svchost.exe. Machines running Windows XP Service Pack 3 using the 5958 definitions will delete the file, causing many key Windows services to fail to start. The Windows file is being mistakenly detected as W32/wecorl.a. Failure to start svchost.exe causes Windows to automatically reboot, hindering repair efforts.
--- End quote ---
http://arstechnica.com/business/news/2010/04/broken-mcafee-dat-update-cripples-windows-workstations.ars
JavaJones:
Holy crap, that's a nasty one. I think also at fault here is the default behavior being delete, and lack of any white list or safeguards. I mean come on, one would think that with an easily identifiable core system file it would first attempt to *clean*, and then failing that, it would warn the user and *leave the file intact*. Better to have a core system file infected but intact so that other tools could attempt cleanup than delete the file and possibly thwart attempts at repair.
- Oshyan
rjbull:
They get away with it because "security" and "health and safety" are all-purpose justifications for anything.
wraith808:
And this is the reason that a lot of people don't trust AV software- because the cure can be worse than the disease. I'm more than a little bit upset with AVG that it deletes my NSIS files whenever they are found.
IainB:
@JavaJones: Yes. When I migrated from Avast! to WSE (MS Windows Security Essentials) I followed the advice of someone on the DC forum and changed the default settings to "Quarantine" action, rather than let the thing delete according to its previous default rules.
I therefore concur with your comment:
"...I think also at fault here is the default behavior being delete, and lack of any white list or safeguards..."
--- End quote ---
Navigation
[0] Message Index
[#] Next page
Go to full version