Slashdot Mirror
Sophos Anti-Virus Update Identifies Sophos Code As Malware
An anonymous reader writes "Yesterday afternoon anti-virus company Sophos Inc. released a normal anti-virus definition update that managed to detect parts of their own software as malicious code and disabled / deleted sections of their Endpoint security suite, including its ability to auto-update and thus repair itself. For many hours on the 19th, Sophos technical call centers were so busy customers were unable to even get through to wait on hold for assistance. Today thousands of enterprise customers remain crippled and unable to update their security software."
Sophos points out that not everyone will be affected: "Please note this issue only affects Windows computers."
Obviously, once this change had gone in, Sophos was correct to identify itself as malicious.
I am officially gone from
The detection rate for Sophos's malware engine inched closer to 100%.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
It's not software lupus. It's never software lupus.
Welcome to the Panopticon. Used to be a prison, now it's your home.
That's like saying you don't use condoms because you know how to pull out.
"test by eyeballing the code" has its drawbacks.
Exactly. Sometimes code that looks useless is really pretty important. The article follow up said they removed this test from an iteration loop, since there weren't comments about what it did. Apparently the original programmers thought it obvious...
if ( asimov_3rd_violation())
{
continue;
}
else
{
remove_file(filename);
}
At first I thought you meant "proof of concept" anti-virus for Linux. :-P
My cousin used to say the same sort of thing about his know-it-all supervisor at work that was always riding him to wear safetly glasses. After he got back from disability, the guy got him a couple of tickets to Avatar in 3d, just to be an asshole.
I'm just glad I didn't have a mouthful of coffee when I read:
or I would still be cleaning coffee off of monitors, laptop, papers, etc.
I have a couple of old Windows XP installations I can still get to when some idiot creates a web site that only works right in IE (e.g., I live in Colorado and the state has a site for doing your state income tax that doesn't work when accessed with Firefox). Ditto for software like most income tax programs. I don't otherwise use Windows. Even my work laptop is running Linux (Fedora 16).
Cheers,
Dave
They that can give up essential liberty to obtain a little temporary safety deserve neither safety nor liberty.
Ben
What's impressive is that this got out of Sophos' testing lab and into production. I guess they must not test signatures in house at all. Congratulations, Sophos customers, you've been promoted to alpha testers.
Actually, it's an incredible show of honesty on the part of Sophos. Perhaps Symantec and McAfee will follow suit and flag their own software as malicious as well.
Any insufficiently advanced magic is indistinguishable from technology.
What's impressive is that this got out of Sophos' testing lab and into production.
What's really impressive is that is that it also orchestrated a DDOS attack on the Sophos tech support helpline...