Sophos antivirus glitch causes false positive chaos

Security firm Sophos has had to issue an embarrassing apology after the company's antivirus program suddenly started classifying every and any software update - including the company's own - as 'Shh/Updater-B' malware.

The issue became apparent on Wednesday morning when the firm's support forums were deluged with reports from customers that the software was generating large numbers of false positives for legitimate programs including Java, Adobe Reader, Microsoft and Google.

"I've just started seeing this reported from all of my workstations; scads of emails. The Sophos tech support number is giving a 'fast busy' signal, as everyone calls to ask wtf?," wrote one annoyed admin.

"We had roughly 40% "infection" rate here in about a ten minute span of time... a few hundred machines...," added another.

The company's support forum reports eventually ran to several dozen pages of comments on the same theme: large numbers of malware reports with no easy way to stop them coming.

False positives hit all antivirus programs from time to time but in this case it appears that because the program was also quarantining its own remote update many users were unable to rectify the problem.

Only customers connected to the company's Live Protection cloud system were able to bypass the bind once the updates had been classified as 'clean' within the database.

Sophos eventually stopped the problem with update avab-jd.ide, released on the evening of 19 September.

"We would like to apologize for all of the disruption caused to our many customers and partners worldwide. We recognize the issue is very serious, and are doing everything we can to resolve it," the company said in advance of the fix.

"Sophos would like to reassure users that these are false positives and are not a malware outbreak, and apologises for any inconvenience."

Sophos is far from the only company to have been left red faced by a false positive scare.

Almost a year ago Microsoft Security Essentials came in for stick after taking issue with a legitimate update to Google's Chrome. In 2010, McAfee faced compensation calls after wrongly identifying a Windows system update as a virus.

Subscribe to the Security Watch Newsletter

Comments