Software

Sophos false positive causes chaos

Brett Myroff, CEO of Netxactics, says 35% of Sophos users in SA were affected by the error.
Brett Myroff, CEO of Netxactics, says 35% of Sophos users in SA were affected by the error.

Sophos, the anti-virus and network security company, scored an own goal this week when it released a signature update which detected - and disabled - its own software update tool.

Users on Sophos's support forums described enterprise networks thrown into chaos, with thousands of machines reporting infection and needing manual intervention to address.

Brett Myroff, CEO of Netxactics, SA's Sophos partner, estimates that 35% of Sophos users in SA were affected by the glitch. "There are various restore methods. Our support department is assisting customers 24/7."

Although the company rushed out a fix, many users were unable to install it because the updater had been quarantined, and Sophos's central management tool is unable to remove items from quarantine on client systems. While Sophos scrambled to resolve the issue, users on the forum swapped code and ideas for cleaning up the mess.

False positives are a common problem in signature-based anti-virus, and when critical files are mistakenly targeted, the results can be catastrophic. In 2010, for example, McAfee's AV identified svchost.exe, the core Windows networking binary, as a virus, shutting down Windows XP computers en masse.

Read time 1min 10sec
Jon Tullett
Editor: News analysis

Jon Tullett is ITWeb news analysis editor.

Have your say
a few seconds ago
Be the first to comment