Security Bullet In
Communiques from the security front, sir
Wednesday 10 September 2008, 5:28 PM
Trend Micro gives false positive details
The false positive identification of Windows systems files by Trend Micro Internet Security began at 4.30pm BST on 4 September with signature 5.521.50. The false positive affected Trend Micro users in Germany and Norway.
When Trend Micro tried to correct the issue, this inadvertently casued more damage, according to Rik Ferguson, Trend Micro's senior security adviser in the UK.
At 2.00am BST on 5 September Trend Micro sent out signature 5.525.50 to try to correct the original issue. The new signature affected even more users, in France, Turkey, the UK and Poland. Signature 5.527.50, sent out at 12.15, then corrected the issue -- for users whose systems still worked. The problem with quarantining systems files is that this is liable to make systems not work.
Trend Micro technical support has advice for users whose systems have fallen down, said Ferguson.
Feguson told me that the problem had been caused by more generic anti-virus signatures.
"It's one of the ways anti-virus vendors are looking at the huge rise in the number of variants of individual pattern files," said Ferguson.
PreviousComments on this post
Arg! This really irks me. False positives are a very dangerous game. Think, you've put together some small utility program, and one of the virus programs calls it a virus. People talk about it being a trojan on the internet. Word spreads. You're doomed. It's not far fetched at all. All it takes is one underfunder software developer to be sloppy, and they can tarnish somebody and or something. I've been told by people in the past that one of my sites downloads contained a trojan. Guess what? Yes, a false positive. How can I undo threads and posts with people talking about the so called trojan? I couldn't. Anyways, I needed to vent on this. Also, as was recommended to me, check your file in question on this site. Virus Malware file checker I hope that link works okay.
