Slashdot Mirror
Sophos Anti-Virus Update Identifies Sophos Code As Malware
An anonymous reader writes "Yesterday afternoon anti-virus company Sophos Inc. released a normal anti-virus definition update that managed to detect parts of their own software as malicious code and disabled / deleted sections of their Endpoint security suite, including its ability to auto-update and thus repair itself. For many hours on the 19th, Sophos technical call centers were so busy customers were unable to even get through to wait on hold for assistance. Today thousands of enterprise customers remain crippled and unable to update their security software."
Sophos points out that not everyone will be affected: "Please note this issue only affects Windows computers."
how many of Sophos customers are not on the Windows platform? that makes me laugh.
Remember kids, if you're not paying for the service, YOU ARE THE PRODUCT THAT IS BEING SOLD.
In other news, I have a Windows XP keygen that is absolutely not malware, which gets flagged as malware by every virus scanner I've tried except ClamAV. That makes me LOL.
This is a classic case of not thoroughly testing code and making sure you have enough variations of test machines to ensure as little pain to clients as possible.
If I were a customer, I would be shopping for a better company.
Life takes interesting turns, but the most interest is when you're off the beaten path.
... the chicken ate the egg, after all...
Onda Technology Institute
The most CDs since AOL ended its carpet bombing campaign will make them a shit ton of money.
HA HA
False positive. Microsoft pays off anti-virus developers so they could flag keygens, cracks, etc. as viruses.
malware from whom's perspective. Adobe absolutely things keygens are malware.
It makes me LOL that people still have keygens for Windows XP.
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
That's a relief.
So, how much testing do they perform on their own product. I suppose they do not even know how their own "dogfood" tastes.
"test by eyeballing the code" has its drawbacks.
In a perfect world, the QA manager would be updating his resume.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
I once had Malwarebytes identify ATAPI.SYS as malware and remove it. That update also lasted a few hours but left lots of angry customers with expensive bricks to repair.
Strangely enough, two days ago the Sophos install I have on Mac OS also started flagging itself as a threat and disabling itself...
Blasted it off as quickly as I could. No harm done that I can find.
That's why I don't install AV software on my PC. I'm less likely to screw up than AV vendors are. Seriously. My own PCs have NEVER been infected by a virus. And yes I know how to check, and I know how to upload suspicious stuff to VirusTotal, and I know how to run browsers with different user accounts from my main account. Whereas the AV vendors make this sort of screw up every few years. So it's no point for me to slow down my computer with AV software. The sort of malware that would infect me would probably not be detected by their stuff anyway.
BUT I do install AV software on other people's PCs. Since they do screw up more often. Despite that my sister somehow still managed to get her PC infected, and the AV software (Avira) just wouldn't detect or clean it...
I don't put AV software on production servers either unless PHBs etc require it. In my experience if you do things right, AV software is more likely to cause you problems than a virus.
An honest scan report from a major anti-virus vendor. Was it flagged as spyware/advertising trojan?
Learning HOW to think is more important than learning WHAT to think.
Obviously, once this change had gone in, Sophos was correct to identify itself as malicious.
I am officially gone from
Considering all the people I know that still want to stay with XP no matter what, it doesn't surprise me at all.
Understanding the scope of the problem is the first step on the path to true panic.
Let's see this isn't a virus, it's kinda like software leukemia or a software autoimmune disease.
The detection rate for Sophos's malware engine inched closer to 100%.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
A definite Own Goal. This gaffe is one that will be repeated for years to come, if not decades.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Been with Sophos for 3 years and this is the first issue we've had. Prior with Symantec we were constantly having it mess with critical systems, delete itself, etc.
To Sophos' credit it was only 3 hours before they'd posted fixes on their google plus. Strangely not yet integrated with the formal KB.
What worked was variant on:
1. Delete agen-xuv.ide from C:\Program Files\Sophos\Sophos Anti-Virus\ [C:\Program Files (x86)\Sophos\Sophos Anti-Virus\]
2. Restart the 'Sophos Anti-Virus Service'
3. Update SUM via the Sophos Enterprise Console
It was more funny than anything, explaining to my clients what happened. To their credit, Sophos released a patch within, I think, about 30 minutes. All in all, it wasn't that big of a deal to fix the 80 or so computers I manage since you just disable autoupdate and remove all of the false positives out of quarantine. Worst case scenario is you remotely uninstall a bunch of clients and redeploy through the Control Center.
As memory serves McAfee did this about 8-10 years ago with an update. It's a sign of poor release management and a failure to follow best practices. If they fail to follow best practices for something like this that is high visibility and customer facing, imagine what they look inside the company.
Time to start bringing your business elsewhere.
Every year, we need to go down the list of software makers who have managed to totally Bork their users. The Meltdown awards. Just to distinguish between the companies that handle it well and the companies that are incompetent.
What would Richard Feynman do, if he were here right now? He'd do some math and he'd follow through!
Same thing happened to McAfee and Symantec in years past... it happens I guess :p
I'm at work actually, and use XP, you insensitive crow !
Ceci n'est pas une Signature !
These autoimmune diseases ain't a whole lot of fun. I'd prescribe some computosteroids and avoiding sunlight. Just stay in the basement.
Ezekiel 23:20
"It's a trap!"
Perfect attack vector for a real infection - as part of the AV suite. Talk about stealthy.
"But this one goes to 11!"
The problem ONLY affects the VERY O/S that it needs to protect the most??? ;^) How many MILLIONS of different malware instances are out the in the wild??? I'll stick to Linux! ;^)
Measure twice, cut once!
AND
Test, Test, then TEST!!!
And that goes to show precisely why you should always use free AV instead of commercial AV.
Considering all the people I know that still want to stay with XP no matter what, it doesn't surprise me at all.
I was like that until I realized that Windows 7 is a very good OS. And, as a gamer, I also prefer DirectX 10 over 9.
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
Wanna cause problems? Add code from the various AV vendors...
What will those people do when Microsoft ends support in less than 2 years.
Avira had a similar problem last year.
You might as well lock yourself in a jail cell and throw away the keys.
"With patience a ruler may be persuaded, and a soft tongue will break a bone."
Well to be fair it is a bit of dodgy code.
First for calling itself out. And then again for NOTcalling Windows out.
So it goes...
McAfee:
http://tech.slashdot.org/article.pl?sid=10/04/21/1735211
Symantec/Norton:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9019958
ODDLY ENOUGH?
SOPHOS (vs. Google Analytics)
http://www.google.com/search?hl=en&source=hp&q=%22Sophos%22+and+%22Google+Analytics%22&btnG=Google+Search&gbv=1
APK
P.S.=> And I can & DID point out a LOT MORE, & it's happened to myself in wares I wrote, and those of VERY NOTABLE FOLKS in this industry (Nir Sofer of Nirsoft, as well as Dr. Mark Russinovich of Microsoft -> http://tech.slashdot.org/comments.pl?sid=3132237&cid=41401485 which some dork downmodded & ran... )
... apk
What will those people [Windows XP lovers] do when Microsoft ends support in less than 2 years.
Be smugly satisfied that they eeked every ounce of use from their software while simultaneously feeling dirty for having to buy Windows 9.
Most keygens don't contain malware, but they contain wrappers that are downloaders for malware. Perhaps your virus scanners are picking up the fact that they're wrapped?
I've seen plenty of wrapped keygens that work completely normally - the wrapper starts first and silently downloads the malware in the background while the original keygen works normally. (They detect the downloader). The download is necessary in order to download the latest stuff that won't be detected.
And modern malware these days don't require admin priviledges - they'll take it if they can get it, but if it'll trigger a UAC or admin dialog, they'll disable that part of the functionality. Turns out that for being part of a botnet, you don't need admin (opening ports and incoming/outgoing connections are user available, as are writing files and starting up from the user's profile).
Have the malware be split into a ping and pong runtimes that monitor each other and they'd be very difficult to kill.
For keygens, I run them in an isolated VM instance and roll back the disk files after I'm done using them. You can never be too sure.
I've a sudden desire to downmod your response... if only I had access.... which, now, I never will since I would abuse my power for evil purposes..
Am I a bad person for laughing at this? Probably.
On a more serious note: this is the worst nightmare for anyone who has to manage a mobile/remote workforce (or in this case, a large remote customer-base). The idea that some code could break the ability to for a system that depends on communication to communicate is why there is such a thing as a development environment in many corporations where MS updates, AV updates, etc. are tested NOT on the production network. Of course, many corporations have had to cut back, and due to budgetary restrictions many companyies have effectively outsourced their testing to the vendors releasing the updates, depending on the vendor to test and not release some ridiculous update that (for instance) pushes out a firewall rule that stops the system from communicating, or as in this case, an update that nukes the AV software itself, and the ability for the AV software to repair itself by auto-updating. I do NOT envy any IT managers who are at a corporation using Sophos who let their users auto-update and don't do as I previously mentioned (i.e. test the updates/definitions). Ouch.
And now back to laughing.
Meh.
Most corporations don't want to have software about that is basically used to break the law. Detecting keygens as malware is an excellent idea.
It makes me LOL that people still have keygens for Windows XP.
It makes me LOL that people use LOL on Slashdot.
As one of the techs trying to correct this, here's what I got to work:
1. Open the endpoint controls
2. Disable the on-access scanning
3. Clear the false detections
4. Manually launch ALMon.exe
5. Update and then re-enable the on-access scanning
Just think about it. The average Windows AV program runs with sufficient privilege to wreck your system by altering or removing arbitrary files. And it gets fed multiple updates per day created by teams of workers working in a hugely stressful situation: When a new virus appears, you've got to get those signatures out NOW.
I'm amazed people don't see this risks in this.
If this wasn't their own product, my experience with AV companies suggests that you'd be SOL trying to get them to remove the flag. Once an AV product falsely flags your software, you will quickly find that most AV companies dispute process is horrendous, and you generally do better to simply let your affected users complain to them about it. Worse, they often share definitions so unless a false positive is contained quickly it can spread among vendors. It turns out for legal reasons virtually no AV company will advise you why your product is being flagged or suggest how to remedy the situation, and some AV vendors can categorize perfectly legitimate software as "potentially unwanted" on a whim, showing notices to end users that look almost indistinguishable from their virus notifications.
AV as an industry is so terribly unregulated that after years of dealing with their false-positive BS, even though Sophos has a better reputation than many, I can only feel like they got what they deserved when things like this happen.
its NOW offical today is the day of stupid , POST your stupid.....
Got bit by this yesterday on the xp laptop provided by the PHB. It quarantined a couple of things I don't use or care about. Still, not at all cool of Sophos.
Why in gods name do you attribute this only to Microsoft? It's standard practice because the source of these aren't trustworthy and they're moderately easy to detect. I doubt Microsoft gives two shits if you download a keygen for a video game, yet they will pretty much all be detected by such AV software, generally even free software not theoretically bound by corporate purse strings.
Thanks Captain Obvious!
Be happy that they dont have endure Patch Tuesday any longer.
"For keygens, I run them in an isolated VM instance and roll back the disk files after I'm done using them. You can never be too sure."
Or you could, I dunno, not use keygens?
(I'm sure I'll hear a rejoinder about old software that you've lost the key for, but we all know what people are really using them for).
OP here. I run it in WINE just to be safe and it works. Same sort of deal.
Plus, I don't have any ethical objection to this.. I've had more legit copies of Win XP than I currently use. Optical disks and keys just get lost/destroyed over time and this is the easiest workaround.
Indeed. Most people also prefer a pie in the face over a punch in the jaw.
We are currently considering switching AV vendors from Kaspersky (our license renewal is coming soon). So the boss contacted Sophos and they sent a guy yesterday to install a demo and got hit with this bug.
Needless to say the guy was pretty embarrassed.
I like ESET nod32 myself, but it seems that the administrative console is not as good as Kaspersky (K's allows to deploy software, turn off machines, send messages to users and lots of other non-AV stuff we actually need)
Open Source Java Web Forum with LDAP authentication
It really appears they were just flagging anything that had Update in the path anywhere. One of our customers reported this to us. Three of our applications have Update in the file name, so they were flagged, as was their own updater. When I was looking up information about this, I found on the forums that in addition to their own software, they also quarantined, Adobe, Google, and a couple other apps that had update in the name. It isn't even based on JUST the filename. Anywhere in the path caused it to happen.
Like others said, how this could've even made it out of the lab is beyond me.
That got modded down quick. Must have scared the trolls.
Try avast!? There is a free registration after 30 days which is annoying but it is free forever for basic protection. I stopped using MSE for that reason. Also unless my knowledge is outdated ClamAV is not really an anti virus package!
Just a scanner with no protection from naughty javascripts or from buffer overflows in flash files. Noscript works most of the time but I have encountered infected ads before that Avast halted.
http://saveie6.com/
Android rootkits, too, have been flagged (on windows) for a long time because "it's malware from a software/hardware manufacturer's point of view".
"You might as well get your son a ticket to hell as give him a five string banjo." -unknown minister
Windows xp was awesome. I told myself I'd never say goodbye.
Now I use 7 and I am very happy with it. :) Superb work by the way Redmond, I salute you.
Now, Sophos on the other hand, cost me a lot of time today. Thanks very much for the testing fail. Won't take many incidents like that to lose you customers. I'll give you this one though...
fag , the shit code u write is malware
get over the butthurt , fag
it virus.
Anything from the internet is untrustworthy unless signed. Should those be marked as malware attacks and blocked too?
Someone stole my Office CD so I had to download a copy of the net and use a fakeKMS. It is perfectly legit as in Trojan and root-kit free but only Avast will not flag it as malware. It is very annoying.
I smell a rat here and would not be surprised if MS had a role in it. As a result I no longer use Microsoft Security Essentials. Ms security team is quite good and just as big as Symantec's. I am sure they share information with each other and if MS flags one keygen they share it by contract. Yes, MS has a vested interest to cut down on piracy as they sell software.
http://saveie6.com/
Well, there are guys like me: I have a tower running kubuntu, a notebook running W7, and an old Dell someone gave me that I repaired, including XP install disks. I want to use that box to sample LPs and cassettes and burn them to CD. EAC won't run on Linux or on any machine without an optical drive, and Audacity simply lacks the features I need. My only choices are XP on the old junker or buy a brand new computer, or build one from new parts and buy W7.
Nope, XP has to stay until they port EAC to Linux or the computer fairy buys me a new computer. You expect grandma, who's had her computer for ten years and only uses it for surfing and email, to spend a couple hundred bucks just to keep your spam box empty? Even the price of W7 is way too much, even if that old computer could run W7. As long as there are XP computers still useable, Microsoft should support it. It's their buggy code and bad design, after all.
Free Martian Whores!
I can't imagine a more horrible day at work than the one they're having.
It makes me LOL that people still have keygens for Windows XP.
XP is great to run in a VM for testing IT stuff or IE 6 or 7 if you are a web developer. It uses just 384 megs of ram which means I can run several instances with it and a virtualized server as well to test scripts or do training/learning.
As a main OS? Yeah, that would suck. I would need 16 gbs of Ram MIN on my desktop to virtualize 4 servers and 2 clients with Server 2012, Exchange 2013, IIS 8, and Windows 7 clients. I will probably upgrade soon as XP is going to be depreciated next year.
http://saveie6.com/
You're welcome to disprove ANY of the facts I list about it below OR what I wrote here on "false positives" happening NOT ONLY TO MYSELF, but other notables in the industry, here -> http://tech.slashdot.org/comments.pl?sid=3132237&cid=41401485 :
Here we go!
IF you don't want to be tracked, & to get your speed/bandwidth back you paid for (as well as electricity, CPU cycles, RAM, & other forms of I/O as well), better "layered-security"/"defense-in-depth", reliability (vs. DNS poisoning redirection OR being "downed"), & even anonymity (to an extent vs. DNS request logs) + being able to "blow by" what you may feel are unjust blocks (in DNSBL's) & more...
---
APK Hosts File Engine 5.0++ 32-bit & 64-bit:
http://start64.com/index.php?option=com_content&view=article&id=5851:apk-hosts-file-engine-64bit-version&catid=26:64bit-security-software&Itemid=74
---
Custom hosts files gain me the following benefits (A short summary of where custom hosts files can be extremely useful):
---
1.) Blocking out malware/malscripted sites
2.) Blocking out Known sites-servers/hosts-domains that are known to serve up malware
3.) Blocking out Bogus DNS servers malware makers use
4.) Blocking out Botnet C&C servers
5.) Blocking out Bogus adbanners that are full of malicious script content
6.) Getting you back speed/bandwidth you paid for by blocking out adbanners + hardcoding in your favorite sites (faster than remote DNS server resolution)
7.) Added reliability (vs. downed or misdirect/poisoned DNS servers).
8.) Added "anonymity" (to an extent, vs. DNS request logs)
9.) The ability to bypass DNSBL's (DNS block lists you may not agree with).
10.) Blocking out TRACKERS
11.) More screen "real estate" (since no more adbanners appear onscreen eating up CPU, Memory, & other forms of I/O too - bonus!)
12.) Truly UNIVERSAL PROTECTION (since any OS, even on smartphones, usually has a BSD drived IP stack).
13.) Faster & MORE EFFICIENT operation vs. browser plugins (which "layer on" ontop of Ring 3/RPL 3/usermode browsers - whereas the hosts file operates @ the Ring 0/RPL 0/Kernelmode of operation (far faster) as a filter for the IP stack itself...)
14.) Custom hosts files work on ANY & ALL webbound apps (browser plugins do not).
15.) Custom hosts files offer a better, faster, more efficient way, & safer way to surf the web & are COMPLETELY controlled by the end-user of them.
---
* There you go... & above all else IF you choose to try it for the enumerated list of benefits I extolled above?
Enjoy the program!
APK
P.S.=> Of course, THIS is NOT going to "go well" with 3 types of people out there online, profiting by advertising & nefarious exploits + more @ YOUR expense as the consumer:
---
A.) Malware makers & the like (botnet masters, etc./et al)
B.) ADVERTISERS - the TRULY offended ones, as it is their "lifeblood" in psychological attack galore, tracking, & more, etc.!
C.) Possibly webmasters (who profit by ad banners, but fail to realize that those SAME adbanners suck away the users' bandwidth/speed, electricity, CPU cycles, RAM, & other forms of I/O they PAY FOR, plus, adbanners DO get infested with malicious code, & if anyone wants many "examples thereof" from the past near-decade now? Ask!)
---
Lastly/Again:
DEAREST AC TROLL COWARD:
When you can manage to DISPROVE MY CLAIMS about this app, in the above list of facts as to what custom hosts files can benefit users of them in?
THAT is the day the clock strikes 13 (clock with hands that is & NOT military time) & on the "12th of never"...
... apk
BitDefender once did the awesome feat of quarantining every. single. file. They even rolled out the update to all x64 Vista and 7 machines (possibly XP, too).
Thanks goodness for backups.
Still running from disproving THESE facts I see, Ash-Fox -> http://linux.slashdot.org/comments.pl?sid=3110069&cid=41346029
?
* Absolutely... lol!
APK
P.S.=> I have to say, it MUST be a truly PITIFUL EXISTENCE on YOUR PART, doing nothing more than off-topic trolling, & running, "Ash-Fox", lol...
... apk I see, Ash-Fox -
Pirated XP is still pretty common in much of the developing world.
The 1 problem with /.'s "so-called 'moderation system'" is this:
---
It is currently ALMOST IMPOSSIBLE to confront a bogus downmodding detractor so they abuse the "so-called 'moderation system'" here in applying UNJUSTIFIABLE DOWNMODERATIONS
As they have to MY posts that contained facts in them here:
http://tech.slashdot.org/comments.pl?sid=3132237&cid=41401485
http://tech.slashdot.org/comments.pl?sid=3132237&cid=41401751
http://tech.slashdot.org/comments.pl?sid=3132237&cid=41402209
http://tech.slashdot.org/comments.pl?sid=3132237&cid=41402379
---
* DO US ALL A FAVOR, DICE (look @ it this way - it'll make for a LOT MORE VIEWS, since most folks would be willing to confront a bogus detractor that "hit & run downmods" provided their post was indeed, verifiable fact, as mine were):
CHANGE IT, dice!!! Nobody LIKES coming to a shithole where trolls run rampant and "game" (cheat is more like it) the moderation system... period!
(Just so folks like myself that have IDIOTS like "DaWhilly" & his brand-new 7 digit "registered 'luser'" account, no doubt just an alternate ONE OF MANY HE HAS, for trolling purposes only!)).
---
PUT IT THIS WAY - via another FACT that took me some WORK to prove, & yes, if anyone wants it, I have proof of it I can produce in seconds in reply:
I've seen it before, & I literally CAUGHT several people doing so on /.!
(1 has run away, in tomhudson = Barbara, not Barbie, not seen since May this year, when I confronted & CAUGHT that person using MULTIPLE ACCOUNTS for trolling others here on /. & he/she has NOT BEEN SEEN SINCE...).
---
It is the 1 thing about slashdot that NEEDS change, and only you folks @ dice.com have that ability @ this point.
(DO consider it... this place NEEDS that for a "cleanup"!)
APK
P.S.=> Now, I truly DO understand, that all the bisphenol-A in drink containers have loaded these trolling "not men" to the point of turning into WOMEN rather than MEN by faking estrogen in their systems, lol...
So, to that?
Well - We can't DO anything about THAT, but... YOU FOLKS CAN on the "moderation" system here, per my suggestions above - Thank-You!
... apk
Sophos is mandatory on all our desktops and laptops - its running constantly to check all writes and it starts a full scan on all drives at 12:00 every day, taking up over 50% of cpu and ram to do this, only giving up after I've killed all it's processes 15 times over - I hate it!
Today I got to watch this piece of shit software try to ram its head up its own arse - I gleefully spammed the 'quarantine' and 'delete' buttons turn-about every time they appeared - giggled as it tried to destroy the adobe reader and flash updater agents (the 2nd most annoying over sophos itself).
Honestly, couldn't have been a better day unless it had actually succeeded in swallowing its own bloated, decaying self :)
That's fine, but I doubt that much of the developing world is posting on Slashdot about their key generators.
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
Yea, because they're the ones writing them.
they got cool music attached to them too, so RIAA wants them out.
world was created 5 seconds before this post as it is.
Sophos in Greek means "wise".
Proverbs 21:19
one time a AV detected some pentesting/repair tools I had saved on my external hard drive and killed them all because they were supposed "hacking tools".
---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
Yeah i mean how hard is it to find a real corporate key on the internet anyway. :-P
---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
continue to use XP with no updates, hell tones of people never installed the service packs and update while it was current. why should that change just because something they never used is now unsupported, besides they now have their ishiney to fondle
---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
Yes, this was bad. The virus signature in question appears to match any software that does auto-updates (possibly trying to spot phone-home malware?) so it's flagged dozens of software packages and according to what policy you've set, quarantined or deleted the files. This includes the auto-update part of the sophos client. The flood of emails from the sophos enterprise manager package as machines were switched on this morning quickly alerted us that this wasn't good, and just looking at names of the files it was flagging was enough to see that this was a false positive. Cleanup continues.
We've been very happy with sophos enterprise, and I'm staggered that this signature made it out the door - they should have numerous controls in place to ensure this can never happen and I await an explanation for how they failed.
I'm not too impressed by some of the advice given in their cleanup procedure - they advise setting the policy to not scan certain sophos directories - guess where viruses may try to hide in future.
This is an embarassing fubar which will have had a high impact on thousands of enterprises. It'll be interesting to see if Sophos come clean about the circumstances and can be convincing enough about how it's never going to happen again.
an easy way around it is to go to a the dump and over to the electronic drop point and look at the back of all the old computer and write down the install keys grab a OEM disk and your off with more pseudo-ligit keys than you could ever want for what ever versions of windows you want.
while your at it grab any ram and hard drives, and bluray drives/whatever other components you are in need of or are worth salvaging and seeing if they work. check the hard drives to see if they are still in working order, then run a file shredder on everything and overwrite the whole drive then format it. after a couple dump runs like this you have more components then you could ever use.
---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
linux and mac can still pass / host windows virus
Or, other remedial reading lessons you need vs. this:
http://linux.slashdot.org/comments.pl?sid=3110069&cid=41346029 troll!
(You're MORE THAN WELCOME to disprove what you ran from troll above, a WEEK AGO, vs. myself!)
---
Additionally?
Disprove the facts I stated on what we are discussing here now in regards to "false positives" running rampant outta the antivirus/antispyware industry @ large:
http://tech.slashdot.org/comments.pl?sid=3132237&cid=41401485
(Especially since I KNOW that Mr. Nir Sofer and doubtless Dr. Mark Russinovich also will substantiate what I said... & I even INVITED others to check on that much!)
---
AND, Lastly:
AGAIN here now also - disprove my points here from today now (regarding points I made on the app in question I wrote & benefits custom hosts files give users of them):
http://it.slashdot.org/comments.pl?sid=3132237&cid=41402759
---
* FACE IT: You KNOW you can't, I know you can't & by now? EVERYONE READING KNOWS YOU CAN'T DISPROVE ANY OF THE FACTS IN THE LINKS ABOVE...
APK
P.S.=> Keep proving my points for me, by NOT disproving points I made... thanks, because "3 strikes & YER OUT", troll...!
... apk
Such items have been flagged by security software for eons before Microsoft Security Essentials was even an idea in someones head at Redmond. Even if these things are flagged, it's easy enough to bypass unless your security policies are set to forcibly remove them without letting you intervene in any way and you lack the privileges to change this.
The point I'm making is security software flags keygens/cracks/etc by the fact that they're generally very "underground" and far more subjected to less than reputable "additions" than other software. It's a proven attack vector which are widely used, and therefore is more serious of a risk than other downloads. Any security software worth its salt should definitely flag these items. It is their job to find security risks and prevent them. You're trying to add an ulterior agenda to smart security practice.
They're very easy to avoid so it should be a minor nuisance at best.
I'm sure the real reason they are getting rid of XP is they fired all the devs that created it.
The reason that happens is likely due to the heuristics used to detect threats by the security tools outside the scope of the virus definitions. Those are the front line functions that are designed to (hopefully) catch bad code before the company even needs to send out a definition for it. When they detect a program is capable of doing certain things, they will get flagged with generic terms like that.
Lots of programs with things like auto-update functionality get similarly flagged, etc.
maybe it shouldn't try to kill random things that it has no clue what they are though just flag it instead.
---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
we are suffering from this where i work. the only computers that were affected were the ones that were on and got yesterday afternoon's update. sophos released another update afterwards that did not suffer from this problem. therefore, a computer that did not get an update until this morning is OK.
An antivirus software that actually works!
That's generally what they do. If you're in a situation where it's forcefully removing them without giving you a chance to intervene then your policies are set weird. I've used several suites over the years, and all but one one merely brought up a message about such files and asked for my input.
And then many others think Adobe products are malware
I do have a utm in front of my home network..however most malware can be stopped with some simple behavior modification. I haven't run anti-crud in nearly a decade. Zero infections.
sophose went auto-immune
It's amazing how far the "life" analogy goes in anti-malware world
I do not believe in karma. "Funny"=-6. Do good and forbid evil. Yours, Oft-Offtopic Flamebaiting Troll.
At first it was funny to watch Sophos eat itself. However it was searching for any software that could perform an update, FlashUpdate, JavaUpdate, GoogleUpdate, etc. However it stopped being funny when the auto-scan feature started looking inside ZIP backup files. And what did it do when it found these "virus" laden ZIPs? It deleted them!!! Thankfully we maintain snapshots of LUNs on the SAN.
It also cleaned (deleted) the auto-updater for video software, a few development IDEs, QuickTime and others. Who knows what won't work a few months from now. A hole has been cut through many file systems.
Development staff were also slowed down. The auto-build of our own software couldn't create the output - an Update Package. After solving that, attempts to publish it also had problems - everyone who tried to "get" the package quickly found it quarantined.
It may be a few months before we figure out exactly what has been lost. I have a very long list of quarantined or DELETED files (that's the IT policy, if it can't be cleaned... or quarantined... delete it).
Sophos licenses many "home versions" of their products to various ISPs such as Shaw in Canada which have rebadged the product as "Shaw Secure". /the moar you know..
As I enter the second week of trying to sort out the mess created by Sophos, I must admit I had a chuckle after reading the message posted on their web site by CEO Kris Hagerman on 21st Sept;
http://www.sophos.com/en-us/press-office/message-from-the-sophos-ceo.aspx
He hasn't bothered to update it since then, but a more depressing mishmash of corporatespeak I have rarely come across in my 35 years in the IT biz. he commends his "family" for the hard work they have put in, in some cases even postponing their vacations! and also explaing that they were "eager" to talk to us! but doesn't mention the numerous hours that people like me, independent software consultants, have had to put in FOC to resolve the problem with my customers. Then I read his bio on the Sophos web site;
http://www.sophos.com/en-us/about-us/management-team/kris-hagerman.aspx
and note he studied Russian and of course it makes sense - he's studied soviet era propaganda, the kind that applauds the patriotic workers of Tractor Factory nr 7 for producing 5 million tractors in the year and exceeding their quota by 400%.
And get this! In the UK you have to call a paid for number (0844) to speak to their grumpy and unapologetic support staff. I spent 1 hour 45 minutes waiting this evening to get through listening the same soft jazz track cycle over and over again and had to pay for the privilege. And on Sundayafternoon (I had to work throughout my weekend) I was told by one of his family not to swear when I mentioned I objected to paying for a call to resolve "Sophos's fucking mess" Swearing isn't big or clever but does have a time and place at that was it.
Sad to see one of the few world class UK based IT companies hit the rocks and start a terminal spiral, expect a purchase by MacAfee some time soon - I still haven't forgiven THEM for taking over Dr Solomon's and getting rid of the little Grenadier Guard in my system tray.