ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

Here we go again with false positive antivirus actions bricking computers

(1/6) > >>

mouser:
Honestly when are these antivirus companies going to learn that this behavior is unacceptable?  You can't go around deleting people's core system files because your 1 day old untested new virus signatures "think" they found something suspicious.  Give me a break! How many times do we have to keep having this discussion?

McAfee pushed out a virus definition update, 5958, at 14:00 PDT that causes false positive identification of the critical Windows system file svchost.exe. Machines running Windows XP Service Pack 3 using the 5958 definitions will delete the file, causing many key Windows services to fail to start. The Windows file is being mistakenly detected as W32/wecorl.a. Failure to start svchost.exe causes Windows to automatically reboot, hindering repair efforts.


--- End quote ---


http://arstechnica.com/business/news/2010/04/broken-mcafee-dat-update-cripples-windows-workstations.ars




JavaJones:
Holy crap, that's a nasty one. I think also at fault here is the default behavior being delete, and lack of any white list or safeguards. I mean come on, one would think that with an easily identifiable core system file it would first attempt to *clean*, and then failing that, it would warn the user and *leave the file intact*. Better to have a core system file infected but intact so that other tools could attempt cleanup than delete the file and possibly thwart attempts at repair.

- Oshyan

rjbull:
They get away with it because "security" and "health and safety" are all-purpose justifications for anything.

wraith808:
And this is the reason that a lot of people don't trust AV software- because the cure can be worse than the disease.  I'm more than a little bit upset with AVG that it deletes my NSIS files whenever they are found.

IainB:
@JavaJones: Yes. When I migrated from Avast! to WSE (MS Windows Security Essentials) I followed the advice of someone on the DC forum and changed the default settings to "Quarantine" action, rather than let the thing delete according to its previous default rules.

I therefore concur with your comment:
"...I think also at fault here is the default behavior being delete, and lack of any white list or safeguards..."
--- End quote ---

Navigation

[0] Message Index

[#] Next page

Go to full version