CA issues false warning on JavaScript apps
Pete Tong on New Year's eve
Customer Success Testimonial: Recovery is Everything
Updated This story was updated with a statement from CA on 2 January
A mis-firing anti-virus update from CA issued on Monday wrongly identified legitimate JavaScript files as a virus.
The eTrust signature update wrongly identified JSQuery (a JavaScript AJAX library) and Mootools (a JavaScript web 2.0 library) as being contaminated with the Snz-A JasaScript malware. Users running CA eTrust (also known as Vet Anti-Virus) who applied the dodgy update were liable to find themselves confronted by false alarms that their systems were infected when visiting legitimate websites, causing unnecessary alarm in the process.
The dodgy update is DAT 5417 released at 02:22 ET (07:22 GMT) on December 31. A fix was released some nine hours later.
"[The update] wrongly identified two JavaScript items as viruses. An updated signature file (DAT 5419) that corrected the false positive condition was created and released on 12/31/07 at 11:36 ET," CA said in a statement.
Faulty anti-virus signature updates are not uncommon across the industry. The timing of the glitch on New Year's Eve was unfortunate nonetheless the time taken for CA to pull the dodgy update and issue a replacement might be criticised as slow.
Users hit by the slip-up have posted their gripes and compared experiences in various online blogs and forums (example here).
®
COMMENTS
good read
nice one The 'Reg-ular'
I find it very odd that a lot of CA stuff cost very little after you get your rebate back (if you're lucky enough) in the USA.
They have there own site www.carebatecenter.com
Just checked frys no rebates running at the moment but Nortons and KASPERSKY are rebated to just paying sales tax . WTF
False positives will be big in 2008
I predict we'll be reading false positive stories in the non-IT press before long.
AVG baulked at one of my VS files the other week.
I'm thinking that the size of a typical virus "signature" string was set at a reasonable level some years ago, based on the number of viruses and the number of distinct files in the world We may have reached the point where this is too small and the antivirus firms would be advised to change their applications.
Blocking Packers
for javascript there is very little reason to use such tools, if it saves 1k on the file size that is literally nothing, it loads no faster - and if it saves 100k, perhaps your javascript could be optimized a little better?
however for executables there are several packers, and I personally use them for every program I release - reducing a 500k file down to 50k doesn't help for small time downloads, but for several million downloads it can make the difference between 1 web server handling it easily or having to get 2-3 servers to host it
however when it comes to AVs detecting packers as malware, i can only assume it is through laziness, they see some malware and see 5 variations, all have the same header on the file, so they add that to the detection rule without bothering to check that the header is from a widely used packer (or widely used installer.. had the same AV first report a program of mine as a virus for using a common packer, then a little later it started reporting the commonly used installer as a virus!)
IT infrastructure monitoring strategies
What you need to know about cloud backup
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Customer Success Testimonial: Recovery is Everything
