Sophos antivirus glitch causes false positive chaos

Sophos antivirus glitch causes false positive chaos

Software mis-identified itself as malware

Article comments

Security firm Sophos has been had to issue an embarrassing apology after the company’s antivirus program suddenly started classifying every and any software update – including the company’s own – as ‘Shh/Updater-B’ malware.

The issue became apparent on Wednesday morning when the firm’s support forums were deluged with reports from customers that the software was generating large numbers of false positives for legitimate programs including Java, Adobe Reader, Microsoft and Google.

“I've just started seeing this reported from all of my workstations; scads of emails.  The Sophos tech support number is giving a ‘fast busy’ signal, as everyone calls to ask wtf?,” wrote one annoyed admin.

“We had roughly 40% "infection" rate here in about a ten minute span of time... a few hundred machines...,” added another.

The company’s support forum reports eventually ran to several dozen pages of comments on the same theme: large numbers of malware reports with no easy way to stop them coming.

False positives hit all antivirus programs from time to time but in this case it appears that because the program was also quarantining its own remote update many users were unable to rectify the problem.

Only customers connected to the company’s Live Protection cloud system were able to bypass the bind once the updates had been classified as ‘clean’ within the database.

Sophos eventually stopped the problem with update avab-jd.ide, released on the evening of 19 September.

“We would like to apologize for all of the disruption caused to our many customers and partners worldwide. We recognize the issue is very serious, and are doing everything we can to resolve it,” the company said in advance of the fix.

“Sophos would like to reassure users that these are false positives and are not a malware outbreak, and apologises for any inconvenience.”

Sophos is far from the only company to have been left red faced by a false positive scare.

Almost a year ago Microsoft Security Essentials came in for stick after taking issue with a legitimate update to Google’s Chrome.  In 2010, McAfee faced compensation calls after wrongly identifying a Windows system update as a virus.



  • Infosec Technologies If you are concerned about this issue please contact Infosec Technologies for advice We can help you to stay protected with an award winning layered approach which works alongside any AV vendor a simple 20 second deployment Call 44 01256 379970 or email salesinfosectechnologiescom
Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
* *