Updating niggles

Troublesome month for security vendors

Last month proved to be troublesome for security vendors Sophos, Microsoft and Kaspersky, as niggles with updates caused problems for their customers.

Sophos customers suffered an onslaught of false positives thanks to a fault in the update file which was released to add detection of the OSX-Inqtana-B worm for Mac OS X. The fault resulted in Sophos Anti-Virus generating false alerts on a number of files in Microsoft Office 2004 and Adobe Acrobat Reader. A revised update was released shortly after developers spotted the problem, alongside an apology to customers.

Meanwhile, many of the users of Microsoft's Antigen email security product were left without fully functional email systems for several hours after they received a faulty update to the Kaspersky scanning engine. The Antigen product - which Microsoft inherited when it acquired email security firm Sybari last year - uses a number of different scanning engines including Kaspersky's to provide anti-virus protection. A Microsoft spokesperson explained: 'As soon as we were aware that our customers were experiencing email problems due to the Kaspersky update, we escalated through the appropriate channels across Kaspersky and Microsoft and were able to define, test and provide a resolution.'

Indeed, Microsoft did not have an easy month at all with its security products - just days before the problems with Antigen, an update to Windows AntiSpyware beta 1 caused it to misidentify Symantec security tools as password-stealing malicious software. On detection of certain registry keys set by the Symantec products, Windows AntiSpyware generated an alert and prompted the user to delete the keys. Users who went ahead and deleted the keys would have found that Symantec AntiVirus and Symantec Client Security software stopped functioning correctly.

Fortunately for the two companies, only a small number of customers are thought to have been affected by this error, due to the fact that the misidentification applied only to Symantec's enterprise products.

01 March 2006

Tags:

del.icio.us

digg this

News


	February issue of VB published The February issue of Virus Bulletin is now available for subscribers to download. 1 February 2012 Hacktivists hijack DNS of popular websites Security at registrars may be weak link. 26 January 2012 New RFC describes best practices for running DNS-based lists DNSBL users advised to avoid those lists that charge for delisting. 24 January 2012 Vulnerability turns McAfee's anti-malware solution into open relay Flaw allows for spam to be sent through customers' PCs. 19 January 2012 AV-Test releases latest results Business and consumer products achieve high pass rate. 18 January 2012 Subscribe \| View All virusbtn: Collaboration among malware authors has made Citadel trojan mature quickly http://t.co/4p2JFbmU 4 hours ago virusbtn: Waledac/Kelihos botnet now used to send out Russian political spam http://t.co/jnAsQCGT 5 hours ago Follow us

News Archive


	2011 2010 2009 2008 2008 2007 2006 2005 2004 2003 2002 Subscribe \| View All

News


	See also Calendar of Events Polls

Quick Links

Poll

The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Leave a comment
View 11 comments

Malware Prevalence

Autorun
Encrypted/Obfuscated
Heuristic/generic
Sality
Zbot

View this month's full report

Virus Bulletin currently has 224,223 registered users.

Fighting malware and spam

Updating niggles