Slashdot Mirror
Microsoft Security Products Flag Google Chrome As a Virus
New submitter maeltor writes "Reports poured in this morning that Microsoft's security products, namely Microsoft Security Essentials and Forefront Client Security, were flagging Google Chrome as a virus (PWS:Win32/Zbot) and removing the browser if users chose to clean and reboot their machines. Users reported that the only way to mitigate the problem was to set MSE and Forefront to 'always allow' Zbot, which is generally considered to be a bad idea."
A Google employee in the above support thread notes that Microsoft has now pushed another update to resolve the issue. "On September 30th, 2011, an incorrect detection for PWS:Win32/Zbot was identified. On September 30th, 2011, Microsoft released an update that addresses the issue. Signature versions 1.113.672.0 and higher include this update."
Microsoft Security Products Flag Google Chrome As a Virus
For once, Microsoft get's it right!
If you want news from today, you have to come back tomorrow.
People use Microsoft Security Essentials?
"Oh, Woops! How did that happen?! So sorry about that Google. Totally a mistake. Totally. Our bad, really."
Meanwhile some clueless user just switched back to IE.
This has never happened in all of computing history.
It looks like they responded within 2 hours - not bad!
Google support ticket with issue and resolution at the top: http://www.google.com/support/forum/p/Chrome/thread?tid=42d6ba02d7eed070&hl=en
I wonder what Chrome did that smelled like Win32/Zbot.
Chrome is a virus. You see, it has caused the marketing people at Mozilla to go crazy with the numbering scheme of FF and as a result, borked up my once good to use user interface into a complete mess of new design, misplaced buttons, screwy single menus and a whole host of unusable extensions. Chrome is a virus... that has killed Firefox.
As a McAfee employee, I can personally attest to the veracity of your claim.
Obviously was on purpose because Micro$oft is evil and Google does no evil.
I've found MSE to be terrible at false positives, flagging more than one perfectly valid file on my computer as some sort of malware.
Worse is that if I tell MSE to let me decide what to do with it, then go look up whether someone else had this problem and/or research the virus or whatever, MSE will *automatically* decide after a short time that it needs to delete it and will do so.
It was at this point when I removed MSE in disgust and promised never to touch that filth ever again.
Every single anti-virus vendor has had false-positives in the past, but because an unrelated division of microsoft competes with an unrelated division of google, we must assume all 100,000 microsoft employees are plugged into the borg..
Even if the problem wasn't so completely lacking in newsworthiness, it was already fixed before the article got posted, so why even bother posting it?
...known as Adobe Flash.
make imaginary.friends COUNT=100 VISIBLE=false
Right. Let's face it, Microsoft would have done this on purpose if they had thought of it and thought they could get away with it, but chances are, this was an honest mistake. Test by: the regular (but hopefully infrequent) false positives you get from any antivirus product. Also test by: the speed at which M$ corrected it. Probably nothing to see here.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
After all the times AV products have flagged Windows system files!
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
Security product analyzes and detects a botnet. Wants to remove botnet. People are surprised.
Not the first time MSFT has flagged competing products as viruses.
Once is happenstance, twice is coincidence, three times is enemy action.
And one more reason not to trust Microsoft's "security."
No its because they were arguing yesterday on Twitter.
But that only means it responds better to the tests.
Don't know if it is that good at capturing new, unknown threats like very products do.
It's not as bad as McAfee's "Oh hey, that important system file, you're not using it right? *delete*"
One of my friends was at work for nearly 2 weeks straight after that fiasco.
What do I know, I'm just an idiot, right?
As a McAfee employee, how did you manage to post this without your products flagging and quarantining half of your system?
The real reason Microsoft is flagging Chrome as a virus. Since Chrome appears to be a legitimate threat to IE (unlike FF), if enough users believe that Chrome *IS* a virus, perhaps IE will reign undisputed King Of The Browsers.
You think I actually use our products?!
I really hope that the next big virus ends up being Windows itself. Microsoft only needs security essentials because they still don't know how to do secure design and secure programming. If Linux can be virus free and Unix can be virus free then really what is Microsoft's excuse, a 2nd rate OS with 10th rate performance.
Patches to IE9 break g-mail's formatting.
"That's the way to do it" - Punch
It *should* have flagged it as spyware.
Are you joking?
You think in 2011 microsoft can't possible have come up with a whitelist, or a way to remove a legitimately installed program other than uninstalling it, like deleting the executable (standard antivirus response)?
not sure if sarcasm or not.
It is almost like they knew about it and had a fix ready.
I was just going to say that.
Wasted a good portion of the morning hunting down a non-existent threat.
and/or apologies if redundant/flamey.
If a product have been detected as a virus, it's often because of keyboard/mouse hook. ;)
Google want to know EVERYTHING
I can't call that English
Quiz for ya, Mr. Serious:
What's a five-letter word that begins with an 'H' and ends with an 'R', has a 'U' in the middle, and relates to the use of satire or comical remarks to spark a laugh or amusement in others?
I think the comment you replied to had some of it in it.
Isn't it about time for your product to remove a critical system component such as LSASS or WinLogon?
...that my primary OS at home and work is Linux. I guess I'd better check when I go into the office on Monday whether Chrome has been removed from my Windows VM; but given that the Windows VM is primarily used to access the corporate Intranet (most of which absolutely requires IE anyhow, don't get me started...), losing Chrome from there isn't the end of the world. I do 99% of my web access from the Linux host system!
> You think in 2011 microsoft can't possible have come up with a whitelist, or a way to remove a legitimately installed program other than uninstalling it, like deleting the executable (standard antivirus response)?
It's certainly technically possible, but why would Microsoft care about whitelisting Google apps? What does that buy them? Especially for an app Microsoft is giving away for free?
Moreover, even if they had not intended to bugger Chrome, it's not like Microsoft hasn't made phenomenally stupid mistakes in the past. This could have been yet another.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
The righteous indignation is strong with this one. The way I figure it, upon confronting humor, you have three options: (a) laughing because you think it's funny; (b) not laughing because it's not funny to you; and, (42) taking it seriously, getting offended, lecturing the jokester and proving yourself humorless.
I applaud your choice, good sir! 42 is always the right answer.
As a Symantec employee, you're a liar!!!! Viruses are everywhere, block ALL the things!!!!!
Microsoft puts most updates out once a week. Most users that actually update their software and run A/V tests do it at least once a week, so it only needs to be "wrong" for that one week.
What's a five-letter word that begins with an 'H' and ends with an 'R', has a 'U' in the middle, and relates to the use of satire or comical remarks to spark a laugh or amusement in others?
"HURRR", as in "HURRR DURRRRRRR"?
I write bullshit
+1 the above comment.
What's the trigger? Are they detecting the code that calls out to the 'net and updates it without prompting the user? That's the one thing that sticks out like a sore thumb about Chrome as potentially giving it a virulent profile.
Wait! You're both right! It's spyware AND a virus! Two taste treats in one!
No, wait.. It's a floor-wax AND a dessert topping!
Welcome to my nightmare
For justice, we must go to Don Corleone
They're pissed they poured lives into a last place PC and Server OS that's proving it's true self on mobile phones what with ANDROID being shown to be a security nightmare. Thank goodness penguins can at least keep some measure of dignity in their security by obscurity/lack of usership illusions at least on the PC's and Servers overall usership front (Windows is #1 most used overall and after all, there). Given the example of ANDROID, if Linux ever took first place in usership/marketshare, even though it hasn't and it's GIVEN AWAY FOR FREE (should be winning on that alone, but note that it's not, defying reason actually), we'd have a security nightmare on our hands in PC and Serverdom, just like is being seen on ANDROID!
I seem to remember a case not that long ago where a popular AV product would accidentally flag+nuke an (uninfected) core windows file, rendering systems unbootable.
I'm willing to chalk this one up to stupid - but not deliberate - mistake.
There is absolutely nothing in the OP to suggest any sort of humor. It received four insightful mods, and not a single funny mod, so it's pretty clear that most people who read it agree with me.
Trying to claim that you were "only joking!" after someone disagrees with you is one of the most tiresome debate tactics imaginable.
again, you are skipping the other part: why, ever, could be labeled an accident, that removing a particular malware = uninstalling a legitimate program? no malware in the world would ever follow proper windows uninstall processes.
What's a five-letter word that begins with an 'H' and ends with an 'R', has a 'U' in the middle
egrep -i '^H.U.R$' /usr/share/dict/*
surnames:Hauer
What do I win?
Disguise it as an FBI key logger
For justice, we must go to Don Corleone
It was fixed in two hours... and released...
to eliminate competition in the browser space.
Seems like everytime they do a virus cleanup around here chrome mysteriously disappears ... now i guess we know why ...
Its called payback for the FUD and Embrace, Extend, Extinguish, bullshit they spew.
Payback's a bitch.
If someone is passing you on the right, you are an asshole for driving in the wrong lane.
Lately Firefox strongly recommended a Flash update - and the very same Flash update installed Google Chrome on my computer, without asking for permissions.
So, yes, it's scrap.
new design - You're complaining about new design in a new version of Firefox? Generally, new design is to be expected in new software releases. If you insist on updating, man up about it.
misplaced buttons - I love the Tabs on top approach, it makes a line for the title bar unnecessary which saves about 20 pixels of vertical space. (Vertical space is at a premium on a 16:9 monitor.)
screwy single menus - Tap the Alt key and you can temporarily show/hide the old menus. For a long time, I didn't know this and the removal of the old menus bothered me to no end. Now, no problem! Still, it would have been nice Firefox had told me during the first week that I could do this.
a whole host of unusable extensions - There's a nice extension called "Add-On Compatibility Reporter". It lets you lets you try to use your old add-ons in a newer version of Firefox, and report incompatibilities if they don't work. They usually still work!
MSE updates itself automatically. You see MSE definition updates in Windows Update, but they're marked "Optional" and you don't actually have to download them... you'll get them anyway.
Breakfast served all day!
Considering Google adds its updater as both a service and as scheduled tasks and will reinstall these to keeps the undocumented service always running, always connecting to the internet, I would say spyware.
If you've ever produced software that has made it a good ways out into the world you realize that false-positives are a constant irritation by _all_ of the major antivirus players. It happens.
Subtlety is something that seems to be lost on folks here. This wasn't an error, or a deliberate attempt at sabotage, it was Microsoft sending a message. It doesn't matter that the issue was fixed in 2 hours. It only matters that the damage was done, and a few uninformed non-techy people have removed the program.
The message is pretty clear:
We're not happy with your encroachment on our turf. If you continue to push into us, you'll be in for a fight. You may be winning this battle, but we can make it very, very uncomfortable for your program to work. We own this space, and don't you fucking forget it.
In the 90s it was with third party TCP/IP stacks. Treated commercial products like viruses and just removed them. Once an abuser of monopoly power, always an abuser of monopoly power.
Yeah, in the old days it was always "format.com" that was triggering virus programs (if they were switched to "heuristic" mode only of course). But that was probably to give you an idea what you had to do to successfully program a 3,5" disk drive to work (almost no firmware there, hope you like programming timing in assembly). Not it is probably something like the special process handling that is the trigger.
I almost went and reported a DOS virus myself once. Came out that it was a common but unbelievably weird program that compressed .exe applications. Virus/trojan detection is hard. IMHO it should certainly only be the last defence against virusses. Most users and businesses still think it is the only and best way, which is just dumb.
Why are we discarding 20 years of users learning where the menus go and what they do, because some nerds thought Chrome looked sexy? Fie. Fie, I say.
Who's to say what is legitimate? My mother has several "helper" apps installed on her PC right now that are known malware. I told her about it, showed her articles, but she *likes* her cute little animated cursor or talking pig or whatever it is. What do you do?
Parenthetically, Microsoft isn't just doing this to Google -- other products are also or have been mangled by the tool. I don't see any compelling evidence that M$ acted maliciously. Except of course for the standard maliciousness of choosing to test against their own products, and, you know, not anyone else's.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
... the SELinux subsystem of my Fedora 14 installation recently flagged Chrome as well, because the executable apparently tried to modify itself. I solved the problem by deinstalling Chrome. Must've come with the latest Chrome update.
FUNNY!!! Of course Mickey Mouse... ooops! Sorry... Of course microsoft programmed Windows8 to think that Chrome - and anything Linux - is a virus on the system because the bully still wants its market dominance, and it's threatened by Linux. We should all switch over to Linux and kill the Microsoft platform, since all your programs will work on it.
Must be using a McAfee Enterprise product. I'm not sure those even do anything, because they never actually report anything. Although they do frequently report in their log files that they allowed stuff to happen that would have been blocked by policy (without ever indicating why said policy did not apply).
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
I know of a six letter word which refers to those things, but the U isn't in the middle.
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".