We've had so many problems with
false positives by irresponsible antivirus vendors that i feel bad picking on Eset, which by my account is actually one of the most responsible antivirus companies in terms of avoiding false positives. I'm hoping that the attention they get from this embarassing incident will cause them to even more seriously watch out for such mistakes.
Antivirus companies MUST stop this reckless and irresponsible behavior of simply wiping out files that match some hastily added new heuristic file signature. It scares novice users to death and damages the reputation of software authors.
The solution that antivirus companies need to adopt is simple: Treat your users like human beings. Be honest about what was found when a file is discovered that matches an antivirus signature. Give the user some estimate of the confidence of the alarm, when the signature was added, and give them some choices about what to do instead of just wiping out system files, etc. It's not rocket science, it's your damn job.
ESET, the developer of the NOD32, made the subject of a new anti-virus false positive incident that affected operating system files. Due to a quality control error, an update to the heuristics module improperly tagged at least two legit Windows files as being infected with Win32/Kryptik.JX.
According to the company, the flawed v1091 update was released to users on Sunday, March 8th, at 9:52PM PDT. The ESET products that had the misfortune to "benefit" from this upgrade, quarantined vital Windows components such as the dllhost.exe, the Microsoft DCOM DLL Host Process responsible with the proper operation of DLL-based applications, or the msdtc.exe, the Distributed Transaction Coordinator used by the Microsoft Personal Web Server and Microsoft SQL Server.
Fortunately, the glitch was noticed and addressed very quickly by ESET and did not have time to affect a lot of users. "The update downloads were stopped within ten minutes of the update release, and the update was reverted to its previous version. Due to this immediate response, less than 5% of our users were affected," the company said.
We previously reported about a UK company selling flower arrangements online, whose image was damaged by a false positive on one of its newsletters by the products of Symantec-owned e-mail security company MessageLabs.
When such incidents involve systems files, they are also potentially dangerous. In November 2008, AVG Anti-virus deleted user32.dll and left computers unable to boot into the operating systems, because it confused it with a banking trojan. A month earlier, McAfee incorrectly tagged the Windows Vista console IME as a password-stealing trojan. Trend Micro also had its share of buggy updates, as in September last year a similar mistake left the computers of its customers unbootable or unstable after three Windows components had been wrongfully removed.
from http://tech.cybernetnews.com/
Recent Posts
