MS anti-spyware labels Symantec as Trojan

False alarm

By John Leyden • Get more from this author

Posted in Spyware, 14th February 2006 13:06 GMT

Free whitepaper – Certify your software integrity with Thawte code signing certificates

An update to Microsoft anti-spyware incorrectly labeled two versions of Symantec's anti-virus software as Trojan horse malware last week. Users of Windows AntiSpyware beta 1 were mistakenly warned that Symantec AntiVirus Corporate Edition and Symantec Client Security packages were a password stealing Trojan called Bancos-A.

PC users were prompted to remove registry keys, advice that if followed would have disabled Symantec's software, the Washington Post reports. The snafu happened because of a problem with a Windows AntiSpyware beta 1 issued on Thursday. Microsoft has issued new signature files that avoid the same mistake.

Symantec is working with affected customers, the number of which is expected to be small, because the mislabeling error only happens when a combination of enterprise software and consumer test software are used together. Users of Symantec's consumer security products were not affected by the issue, which was in any case limited to Windows AntiSpyware beta 1 and not its later Windows Defender beta 2 product.

It's not the first time the trial version of Microsoft's anti-spyware software has provoked complaints about false alerts. Soon after the release of the product in January 2005, Romanian anti-virus firm BitDefender cried foul after Microsoft's package wrongly detected a BitDefender ScanOnline object as a piece of spyware called "Brilliant Digital".

Problems with false alerts are far from confined to Microsoft's security software and crop up from time to time even with established security products (examples here and here). ®

Free whitepaper – Avoiding 7 common mistakes of IT security compliance