by a Thinker, Sailor, Blogger, Irreverent Guy from Madras

Sophos Anti-Virus detects and deletes itself as malware


Some people, including some of my friends, hold that most virus (of the digital type) are actually made by the anti-virus companies themselves.  Now, we know that is not (probably) true, but the day-before, a very trusted and reputed anti-virus & security company Sophos just proved that the theory is technically valid.

On 19th Sophos came out with a security advise [http://www.sophos.com/en-us/support/knowledgebase/118311.aspx] that Sophos detects some files as a virus - Shh/Updater-B, which they clarified is a ‘false positive’.  Now false positives by themselves are nothing new.  They are the bane of security software and reputed organisations which evaluate various security solutions.

The false positives are also used by scamsters in the form of scareware - a security software which claims to have detected thousands of infections in your (clean) PC and tries to entice you into buying that security tool.
But none of them can beat what Sophos has done - on Windows PCs.  Sophos in all their brilliance had coded an update which detects its own updater as a virus and quarantines (or deletes) itself.

That must rank up there alongside the ‘Heck of Job, Brownie’ comment by the then President Bush!

What is even worse is the flagging of Shh/Updater-B false positives isn’t limited to Sophos own code.  In their blog they acknowledge that Sophos might have flagged and quarantined (if not removed/deleted) third-party codes (which means software).

This is almost as bad as what Avast 4.8 did back in December 2009, though at that time, Avast didn’t attempt a ‘suicide’ - that is its own files were left intact.  So they could quickly push out an update which solved the problem.

With Sophos, it is the updater itself which has been falsely tagged as Shh/Updater-B.  If the program itself is kaput, how does it heal itself automatically? 
:-D

A real, right royal mess.
shh-updater-b

(image courtesy Sophos.com)

PS:  As one of my (above referred) friends pointed out - seeing this problem affects only Windows PCs running Sophos, and not the Macs or Androids - is there any wonder there are more viruses for Windows PC than for Linux?.


No comments:

Post a Comment

Support - Donate

Your Blog is

Donate thro ECWID

Contact Form