StatCounter

Thursday 6 August 2009

Anti-virus software false positives

AV software houses are regularly criticised for their software not picking up all viruses so it was interest that I learnt that two had the opposite problem. AVG and CA have been had problems with detecting legitimate software as viruses recently. AVG detected iTunes a virus (some would say that it exhibits some of the same symptoms), here is AVG's response:
"Unfortunately, a recent virus database update resulted in iTunes being detected as a Trojan by AVG security products. We can confirm that it was a false alarm. AVG immediately released a new virus database update (definition file 270.13.29/2260) that corrected this issue. If you are having problems, please update your AVG and check your iTunes again."
Meanwhile a CA update reported certain Windows system files as viruses, here's their response:
"On July 8, 2009 at 11:00am EST, a CA DAT file release contained improperly formed malware detections that errantly detected clean files from Microsoft Windows Service Pack 3 and from the commercial Cygwin application. Affected files were detected as "Win32\Amalum" variants with extensions such as ZZNRA, ZZOFK, ZZNPB, and ZZNRA.

All files falsely detected as malware by these errant signatures were quarantined and renamed with the following text added to the file name "*.AVB". This prevented the affected files from running as the ".exe" file. It's important to note that the affected files remain fully intact, only the file extensions were modified.

On July 9, 2009 at 3:30am EST the file was corrected and released."


And now off to fight a client's virus infection...

No comments: