Original URL: http://www.theregister.co.uk/2011/10/26/avira_auto_immune_false_positive/
Avira anti-virus labels itself as spyware
Auto-immune confusion
Posted in Security, 26th October 2011 16:29 GMT
Watch Now : Virtual Machine Movement with Hyper-V
Avira anti-virus detected components of its own application as potentially malign on Wednesday following a dodgy signature update.
Avira detected its own AESCRIPT.DLL library file as the previously obscure "TR/Spy.463227 [1]" strain of malware.
The dodgy AntiVir virus definition file was quickly pulled and replaced with a new version – 7.11.16.146 – that resolves the problem, as explained in an official post on Avira's support forum here [2].
Avira's own stats [3] suggest 4,000 to 5,000 rogue detections, suggesting that the problem was caught before it affected the vast majority of the user base of the freebie security scanner software, which has a user base of million. This is just as well because users hit by the false detection would have been left with hobbled systems.
False positives involving anti-virus software are all too common. Normally these involve application files or, more damagingly, Windows components. Avira's auto-immune false detection is worse still, but not unprecedented. CA had similar problems [4] two years ago, for example. ®