Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft's Antivirus Briefly Flags Google.com As Malicious

Posted by Soulskill on from the quarantine-all-the-googles dept.

tsu doh nimh writes "Computers running Microsoft's antivirus and security software may be flagging google.com — the world's most-visited Web site — as malicious, apparently due to a faulty Valentine's Day security update shipped by Microsoft. For several hours on Tuesday, PC users browsing with Internet Explorer on a machine equipped with Microsoft Security Essentials or Forefront saw warnings that Google.com was serving up a 'severe' threat – Exploit:JS/Blacole.BW — basically that google.com was supposedly infected with a Blackhole exploit kit. The warning prompted users to 'delete' the threat, although accepting the default action appeared to cause no ill result. The episode is more embarrassing than harmful, given that Microsoft is expected to ship antivirus technology with the next version of Windows."

32 of 123 comments (clear)

  1. And here I thought Windows was the real virus... by Anonymous Coward · · Score: 4, Funny

    Isn't the real virus actually windows?

  2. They may know... by Anonymous Coward · · Score: 3, Funny

    ...something the world does not know !

  3. Aww! by Cyphase · · Score: 5, Funny

    Dear Google,

              Happy Valentine's Day!

                        Your valentine,
                                  Microsoft

    --
    by Cyphase ( 907627 )
  4. Well, Google did that already to MS.. by Giloo · · Score: 5, Funny

    Google already flagged MS France as malicious 2 years ago: http://gilouweb.com/bordel/google_truth.png (Ce site risque d'endommager votre ordinateur meaning: this website might harm your computer) So I guess it's only revenge ;)

    1. Re:Well, Google did that already to MS.. by Bogtha · · Score: 5, Funny

      this website might harm your computer

      To be fair, it does host Microsoft software ;)

      --
      Bogtha Bogtha Bogtha
  5. Everything's dangerous! by Anonymous Coward · · Score: 2, Insightful

    Since anti-malware programs largely work by looking for known patterns and fingerprints, and the databases of these patterns and fingerprints keep growing steadily, when will we have reached the point where basically every software ever written will fit one of the patterns? :)

    1. Re:Everything's dangerous! by wmac1 · · Score: 2

      The feature space which these software look into is astronomically huge. Pattern classifiers just need to look into small areas of the feature space.

      It is similar to saying, with trillions of existing stars, will we reach a time where space is filled with stars?

  6. Needs sanity checks. by Dwedit · · Score: 2

    Does this mean that all antivirus makers must start doing sanity checks before releasing definition updates to the public? For example, there was once a definition update for an antivirus program that deleted some critical system file in Windows. Running a scan against a set of known clean Windows files and other popular programs should always be done before a release. Same idea for popular websites.

    1. Re:Needs sanity checks. by Sancho · · Score: 3, Insightful

      You act like this has only happened once.

      Antivirus has detected system files as viruses since the DOS days.

  7. To be fair by Reed+Solomon · · Score: 5, Funny

    in Microsoft's eyes, they are the most malicious threat in existence right now.

  8. Re:And here I thought Windows was the real virus.. by Anonymous Coward · · Score: 2, Funny

    Same as Windows don't know how to spot a threat!

  9. Did not see the behavior on a Win8 VM by AndGodSed · · Score: 3, Informative

    Incidentally I was doing a google search from a Win8 VM and did not see this behavior. I _did_ get a notification to update my spyware/malware definitions for Windows Defender as well, so maybe my definitions did not yet include this snafu.

    Of course I have updated post Vday, so cannot confirm this behavior now, even with an older snapshot.

    --

    Seven Days with Ubuntu Unity

    1. Re:Did not see the behavior on a Win8 VM by TheGoodNamesWereGone · · Score: 2

      I booted up Win7-64 yesterday so it could run Patch Tuesday and got the Blacole.BW false positive, so I can confirm this.

  10. Re:And here I thought Windows was the real virus.. by mr_gorkajuice · · Score: 5, Informative

    It might have been kinda funny some 5+ years ago when someone first told it. Maybe if I came across it less than once per week, I'd eventually find it kind of amusing again.

  11. AV is not really mature yet by gweihir · · Score: 4, Insightful

    I like MS bashing just as much as the next slashdot-poster, but I think here the blame is minimal. AV software based on signatures has a very high probability of doing things like that and testing all common possibilities is very hard or impossible, while at the same time new signatures need to be pushed fast in order for them to be effective.

    That also shows that AV software is, at best, a temporary measure. IMO the future is better OS security (and here MS is to blame), better application security (which is a budgetary and an education/knowledge problem).

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:AV is not really mature yet by nzac · · Score: 3, Insightful

      AV software based on signatures has a very high probability of doing things like that and testing all common possibilities is very hard or impossible

      No basic automated testing of say the top 500 websites and 100 applications to see if they get a false positive is too hard or time consuming. Say they managed to block some local news site that uses some site that uses shitty java-script with adds is a mistake.

      That also shows that AV software is, at best, a temporary measure. IMO the future is better OS security (and here MS is to blame), better application security

      No this incident is does not prove anything like this, just that software needs decent quality testing.

    2. Re:AV is not really mature yet by rtb61 · · Score: 2

      All this really point too, is corporations are really lax when penalties are not applied for damaging mistakes. It seems whoops tee hee, it's just a boo boo is always enough. I bet the whole system would tighten up if they were charged for the costs generated by each and everyone of their mistakes, just like the real brick and mortar world. Ever since it went digital (supposedly to reduce errors) errors are treated like a lame joke and laughed off.

      Warranties, we ain't got no warranties, we don need no warranties, I don't have to show you any stinkin warranties http://www.youtube.com/watch?v=nsdZKCh6RsU (it's all in the EULA, now why does that Mexican remind me of a typical proprietary software company).

      --
      Chaos - everything, everywhere, everywhen
    3. Re:AV is not really mature yet by JasterBobaMereel · · Score: 2

      If you trust Microsoft with AV software given their track record then you are asking for trouble ...

      AV and security is all about trust, and I for one don't trust MS with security, and looking at all the add-ons to MS products to enhance security nor do many many people

      MS should be trying to make AV software obsolete, not trying to write their own ..

      --
      Puteulanus fenestra mortis
  12. Oh my god by SmallFurryCreature · · Score: 4, Funny

    I just had an image of Steve Ballmer and Bill Gates going down on Larry Page and Sergey Brin (which by the way, google had to guess at being the right answer for being the founder of google) in a nerd love fest...

    My eyes! What has been seen cannot be unseen.

    ...

    ...

    ...

    Oh who am I kidding. Fap fap fap fap fap

    --

    MMO Quests are like orgasms:

    You may solo them, I prefer them in a group.

  13. Re:You can tell it was a mistake by Anonymous Coward · · Score: 2, Funny

    Slashdot: Where Anonymous Cowards strut around being smug and hip by blaming the users of Apple products of being smug and hip

  14. There is nothing incompetence cannot achieve! by coder111 · · Score: 5, Funny

    Let's just wait until they block microsoft.com due to some related screwup.

    Exploit:JS/Idiots.ASS detected

  15. I think by maroberts · · Score: 3, Funny

    Microsoft simply confused Valentines Day with April Fools Day

    --

    Donte Alistair Anderson Roberts - hi son!
    Karma: Chameleon

  16. Icing on the cake by high_rolla · · Score: 3, Funny

    Would have been absolute gold if the message that came up was something along the lines of:

    "We're sorry but Google.com has been identified as a threat to Microsoft *cough* *cough*, I mean your computer. We suggest you fix this by going to Bing.com. Would you like us to make Bing your homepage and redirect all future request for Google to Bing instead?"
    [Yes] [OK]

    --
    Ryans Tutorials - A collection of technology tutorials.
  17. Delete the threat by inpher · · Score: 5, Funny

    So, did anyone manage to delete the threat? Google.com is still running.

    Meh, I guess nobody really reads the warning dialogues anymore.

  18. These things can happen by MrManny · · Score: 3, Interesting

    To be honest, I don't think this is really *that* big of a deal. This can happen. Worse has happened, not only at Microsoft but by other AV products as well. I recall Avast crying out loud over Steam less than a month ago, moving its service into containment. And if I recall correctly, Avast even flagged notepad.exe as a virus once. I specifically mention Avast, because a.) I use it, and b.) it actually scored rather well last time I bothered to look it up in comparative studies.

    As long as there are probabilities involved, false positives and false negatives are bound to happen. When it comes to AV, I don't mind if it errs on the side of caution as long as it doesn't happen too often.

    Mod me down or call me fanboy as much as you want, but I really don't consider this too problematic, regardless of Microsoft being the "aggressor" here.

  19. Re:first! by flyneye · · Score: 2

    But when you got it you forgot to mention the irony of their already having shipped useless firewall bloatware which takes up space and no one uses. Microsoft; all your harddrive are belong to us.

    --
    *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
  20. Re:first! by WrongSizeGlass · · Score: 4, Funny

    And stranger than that, you are not bonch and your post isn't a criticism of Google claiming that they deserve it and Microsoft is right to label them as malicious. What are the odds!

    Perhaps Microsoft was right about the Google homepage on the 14th:
    - MS Security Essentials is written by programmers/nerds.
    - On the 14th, Google had an animated "Valentine's Day" logo.
    - The animated logo was an animated female. Innocent and harmless, but female none the less.
    - As usual, nerds (or in this case MS Security Essentials, the product of nerds) had no idea how to react to a female.
    - When MS Security Essentials determined that the animated female was holding a valentine it panicked.
    - MS Security Essentials protected Windows from Google's trojan horse valentine (metaphorically, of course).

  21. Re:And here I thought Windows was the real virus.. by oakgrove · · Score: 4, Funny

    I think poking fun at Microsoft Google Apple and the whole lot is for the most part almost always funny. Ever considered removing the giant stick from your ass?

    --
    The soylentnews experiment has been a dismal failure.
  22. Interesting beacuse yesterday ... by amcdiarmid · · Score: 2

    I was checking the Site to Zone Assignment feature of group policy. I found this posting ( http://www.grouppolicy.biz/2010/03/how-to-use-group-policy-to-configure-internet-explorer-security-zone-sites/ ) where the example was to put google.com (and everything in it) to be the "restricted sites zone."

    1. Re:Interesting beacuse yesterday ... by Locutus · · Score: 2

      most anyone who bases their profession on only Microsoft software will tote this kind of line. Microsoft targets companies and lets their fans know who are the enemy so you see tutorials like this where the enemy is trashed while Microsoft's software is advanced. Self preservation by those following Microsoft and basing their livelihood on them. Microsoft loves this and designs their partner and developer programs to promote these things.

      It is also why these kinds of "bugs" tend to be looked at as intentional by those who've been in the field a while. There's usually nothing to prove it's illegal and only years and years later does illegal activity show up in court docs but usually too late for a case to be filed. IMO

      LoB

      --
      "Anyone who stands out in the middle of a road looks like roadkill to me." --Linus
  23. Re:And here I thought Windows was the real virus.. by poetmatt · · Score: 4, Insightful

    It's no different than when they "accidentally" (note the word) flagged chrome as a virus before.

    Expect these accidents to become more frequent as microsoft panics about google competition.

    Apparently this has to happen more than 50 times before people accept that it's not just some magic "mistake".

    see http://chrome.blogspot.com/2011/09/problems-with-microsoft-security.html

  24. Re:first! by hairyfeet · · Score: 3, Interesting

    What bloatware would that be? The firewall in Vista/7 that has pretty damned comprehensive rules based filtering while being easy to use, THAT bloatware? or are you still bitching about a certain 12 year old OS that is going for a record on years of support even though they've passed any legal obligation they had to keep updating the thing, could it be that? Give me a damned break! What's next, you gonna complain that XP which is already 3 generations behind (XP X64, Vista, 7) runs as admin too? Move on dude. Man the world is gonna be full of butthurt nerds when 2014 gets here and XP doesn't get another extension so they will actually have to try to find things in the modern version to bitch about. But don't worry Ballmer is gonna shoot Windows in the face because he wants to be Apple so fucking bad he sleeps with an iPad under his pillow.

    As for TFA frankly if that is the WORST thing an AV does color me happy. We've seen dllhost marked as a bug thus disabling the system, we've seen core boot files flagged as bugs thus bricking the system unless you had a second machine to Google how to fix the first, frankly MSE has been so far pretty harmless. That said even though I use it on my netbook and gamer machines I do NOT use it on the machine I actually do any real surfing on because frankly in my tests it doesn't really DO anything. What I mean by that is while it has a pretty decent scanner for downloaded files that is pretty much it, you load up a webpage with malicious code MSE isn't gonna say a word or try to block that site whereas both Comodo Internet Security and Avast Free stop the page from loading. I will give them credit for being just about the lowest resource using on any AV but the flipside is it simply isn't doing much. So while I recommend it for geeks that actually practice safe computing or for machines like my gamer PC and netbook where the only surfing they are doing is checking webmail or going to well vetted sites like this for regular users I simply can't give it out.

    Maybe its because it was never really intended to be an AV, it was originally Giant Antispy before being purchased by MSFT, maybe the guys at MSFT got tired of AVs slowing down the system so focused on speed above all, who knows, but for a clean computer in my own tests which involved taking an offlease and hitting every topsite and crapsite I could find then using a disc filled with offline scanners to check the system I found MSE on XP scored horribly, MSE on Vista/7 did better simply because OS protections like low rights mode did most of the work, but in no version of Windows did it stop as much as Comodo IS or Avast Free. Oh and since you seem to hate the firewall so much Comodo IS is not only free for home AND business use but also has its own quite excellent firewall built in, which for those that just want one or the other its as simple as unchecking a box during install. For business users or those that want more finer grained controls I'd go with Comodo IS, for those that want a drop and go solution Avast Free is what you want. MSE? Meh only use it if resources are the highest concern, like say on an underclocked netbook (for those that haven't tried Brazos Tweaker it does rock and added an extra hour on my E350's battery) or a gamer system where you simply aren't doing any risky behavior.

    --
    ACs don't waste your time replying, your posts are never seen by me.