An Australian software developer has been left fuming after the latest virus definition update from McAfee caused his package to be wrongly identified as a Trojan horse programme.

The false positive meant that ISPWizard [1], an internet setup program wizard, was labelled as the BackDoor-AKZ Trojan [2] by users running the latest update of McAfee's AV software. As a result, ISPWizard is being unceremoniously ripped from users' systems. This means that many people are unable to connect to their ISPs [3] because the software that they need has been automatically deleted by McAfee.

McAfee's cock-up dates from 1 September when it released an antivirus DAT (signature file) update. It has yet to rectify its mistake.

ISPWizard Developer Mark Griffiths slammed McAfee's tardy response: "This is causing major problems for my business, the businesses of my customers [ISPs] and also their customers as well. Despite this problem being quickly reported to McAfee and it being stressed to them that this is a major problem which is causing damage to many businesses, they have been very slow to react," he said.

"Although they have now responded and admitted that this is a problem with their software, they have still not released a new update to their DAT files to fix the problem and say that it may take until Thursday [9 September] before it is actually released. In the meantime, the software continues to misidentify my software as being infected by a Trojan. End users that are being affected are either contacting the ISP for assistance and blaming them for distributing a Trojan - greatly increasing the support burden and costs for the ISP, or they are simply switching to another ISP," he added.

Other AV vendors (for example [4], Sophos) detect the BackDoor-AKZ Trojan without interfering with the operation of ISPWizard. "I'm not aware of any other anti-virus program that is misidentifying my software at the moment," said Griffiths.

So why is McAfee AV misdiagnosing a benign program as malignant? We don't know. Our repeated calls and emails to McAfee over the last two days failed to generate a response from the company

In copies of email correspondence between Griffiths and Avert Labs, McAfee's AV research division, a suggestion was made that the misdiagnosis could have arisen because components of ISPWizard were created with the same package as components of the backdoor Trojan program. But this remains only a theory. McAfee has offered Griffiths a temporary DAT file that end users would need to manually install on their systems as a workaround. Griffiths is unimpressed with the offer: he is frustrated that McAfee has not released an emergency automatic update. ®

Related stories

Email deletion bug baffles McAfee [5]
Murder on the Outlook Express [6]
McAfee virus update damages NT 4.0 files [7]
McAfee virus update freezes PCs [8]
Email deletion bug bites Norton Internet Security [9]
Symantec undeletes mail deletion bug [10]

Links

1. http://www.ispwizard.com
2. http://vil.nai.com/vil/content/v_99966.htm
3. http://www.ispwizard.com/phpBB2/viewtopic.php?t=51
4. http://www.sophos.com/virusinfo/analyses/trojbdoorakz.html
5. http://www.theregister.co.uk/2001/10/26/email_deletion_bug_baffles_mcafee/
6. http://www.theregister.co.uk/content/55/22427.html
7. http://www.theregister.co.uk/content/archive/15649.html
8. http://www.theregister.co.uk/content/archive/14437.html
9. http://www.theregister.co.uk/2002/11/04/email_deletion_bug_bites_norton/
10. http://www.theregister.co.uk/2002/11/21/symantec_undeletes_mail_deletion_bug/