Late last week, anti-virus vendor McAfee acknowledged that its anti-virus software had mistakenly flagged hundreds of legitimate third-party programs as malware, prompting some customers to delete or quarantine these programs.
The error lay in McAfee's daily virus definition file called DAT, causing genuine files to be identified as W95/CTX - a virus first discovered in 2004.
Affected McAfee software included all editions of its on-demand scanning products such as VirusScan - both consumer and enterprise versions of it.
The files that were dubbed malicious were Microsoft's Excel spreadsheet, Adobe's Flash, Google's Toolbar installer, parts of Sun Microsystems' Java Runtime Environment and several Adaptec drivers.
McAfee posted a list of over 330 affected files, however the SANS Institute's Internet Storm Center found even this list incomplete.
Basis how VirusScan was configured by users, the legitimate files were either deleted or quarantined to a special folder. In both cases, applications were rendered inoperative.
Although McAfee pushed out a corrected DAT post discovering the problem, a large part of the damage had already been done.
Also downloading and installing the corrected DAT helped restore only quarantined files, not the deleted files.
McAfee even posted recommendations on its Web site, asking users to go to a backup or to use Windows XP's System Restore feature to roll back their machines to a point before the flawed DAT.
All said and done, analysts say that batches of so-called "false postives" like the latest McAfee round are quite common among anti-virus vendors.
No comments:
Post a Comment