• Total Posts: 28063
  • Total Topics: 8058
  • Online Today: 1027
  • Online Ever: 51419
  • (01. January 2010., 09:27:49)

Author Topic: Sophos mistake, false positives detection of: Java, Google... (Shh/Updater-B)  (Read 855 times)

0 Members and 1 Guest are viewing this topic.


  • SCF Administrator
  • *****
  • Posts: 7152
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • - Samker's Computer Forum

Security firm Sophos has had to issue an embarrassing apology after the company's antivirus program suddenly started classifying every and any software update - including the company's own - as 'Shh/Updater-B' malware:

The issue became apparent on Wednesday morning when the firm's support forums were deluged with reports from customers that the software was generating large numbers of false positives for legitimate programs including Java, Adobe Reader, Microsoft and Google.

"I've just started seeing this reported from all of my workstations; scads of emails. The Sophos tech support number is giving a 'fast busy' signal, as everyone calls to ask wtf?," wrote one annoyed admin.

"We had roughly 40% "infection" rate here in about a ten minute span of time... a few hundred machines...," added another.

The company's support forum reports eventually ran to several dozen pages of comments on the same theme: large numbers of malware reports with no easy way to stop them coming.

False positives hit all antivirus programs from time to time but in this case it appears that because the program was also quarantining its own remote update many users were unable to rectify the problem.

Only customers connected to the company's Live Protection cloud system were able to bypass the bind once the updates had been classified as 'clean' within the database.

Sophos eventually stopped the problem with update avab-jd.ide, released on the evening of 19 September.

"We would like to apologize for all of the disruption caused to our many customers and partners worldwide. We recognize the issue is very serious, and are doing everything we can to resolve it," the company said in advance of the fix.

"Sophos would like to reassure users that these are false positives and are not a malware outbreak, and apologises for any inconvenience."

Sophos is far from the only company to have been left red faced by a false positive scare.

Almost a year ago Microsoft Security Essentials came in for stick after taking issue with a legitimate update to Google's Chrome. In 2010, McAfee faced compensation calls after wrongly identifying a Windows system update as a virus.


Samker's Computer Forum -


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising