Sophos Anti-Virus Mistakenly Identifies Self as Malware
...and chaos ensues.
Sophos has acknowledged that a recent anti-virus update caused the company's security software to identify itself as malware.
"Businesses using Sophos' security products have been inundated with false positives, no doubt causing havoc," writes Computer Business Review's Steve Evans. "Specifically it was reporting Shh/Updater-B as malware, when it is in fact Sophos' updater. The product was then deleting the files it considered dangerous, placing users at greater risk of infections."
"One comment on the Internet Storm Centre (ISC) website said that the issue also affected other 'updater services' including Adobe Flash, Oracle Java, Fujitsu AutoUpdater and Dell AutoUpdate Utilities," writes SC Magazine's Dan Raywood. "'All of the auto-updaters mentioned above were deleted off hundreds of PCs. Now none of these applications will auto-update moving forward,' the comment said."
"A senior security consultant, with knowledge of the situation, who declined to be named, told ZDNet that some businesses in the U.K. were particularly affected, including major supermarkets and banking groups," writes ZDNet's Zack Whittaker. "The source said that in some cases, areas at point-of-sale -- where shoppers check out their goods for purchase -- were down for lengthy periods throughout the day, leaving shoppers unable to purchase goods through shopping tills and self-checkout areas. "
"For many, troubles continue because many endpoints and corporate networks hit by the false positive have been left with systems that can no longer update themselves properly because the required functionality has been consigned to quarantine," notes The Register's John Leyden.
"We would like to apologize for all of the disruption caused to our many customers and partners worldwide," the company stated. "We recognize the issue is very serious, and are doing everything we can to resolve it. We are launching a full investigation to analyze how this happened, to ensure that it never happens again, and will provide further information on the analysis in due course."