Articles about False Positives

scareware

Office Depot halts PC Health Checks amid bogus infection claims

Office Depot has suspended PC Health Check – its malware-scanning service – after it was accused of lying about infections to push antivirus software. Former Office Depot technician Shane Barnett told Seattle TV station KIRO 7 that the PC Health Check service would lie to customers that their otherwise-clean PCs were infected …
Iain Thomson, 22 Nov 2016
CryptoDrop

Datto launches backup and disaster recovery technology to combat ransomware

Datto’s SIRIS 3 data protection platform includes what it claims is the industry’s first ramsomware detection capability. Ransomware is the noxious malware that captures your files and walls them off from access by encrypting them. The perpetrator demands payment – possibly by anonymous Bitcoin – to release the encryption key …
Chris Mellor, 27 Oct 2016
Robot drives a car. Conceptual illustration from Shutterstock

Upstart bags $2.5m to help put the brakes on self-driving car hackers

Israeli car security startup Karamba Security has banked $2.5m in fresh investment, which it plans to use to extend its technology to autonomous vehicles. The tech will be geared towards protecting engine control units (ECUs) in robot cars from hackers and malware infections. Miscreants typically infiltrate a vehicle by first …
John Leyden, 30 Sep 2016

Sophos Windows users face black screens after false positive snafu

Users of Sophos’s security software were confronted with a black screen on starting up their Windows PC over the weekend as the resulted of a borked antivirus update. The botched update meant that the Windows 7 version of winlogon.exe was incorrectly labelled as potentially malicious, resulting in chaos and confusion all …
John Leyden, 05 Sep 2016

Forget security training, it's never going to solve Layer 8 (aka people)

Black Hat Research by German academics has shown there's very little that can be done to prevent people spreading malware by clicking on dodgy links in messages, particularly where Facebook is involved. In a presentation at Black Hat 2016 in Las Vegas today, Zinaida Benenson, leader of the Human Factors in Security and Privacy Group at …
Iain Thomson, 03 Aug 2016

fMRI bugs could upend years of research

A whole pile of “this is how your brain looks like” fMRI-based science has been potentially invalidated because someone finally got around to checking the data. The problem is simple: to get from a high-resolution magnetic resonance imaging scan of the brain to a scientific conclusion, the brain is divided into tiny “voxels”. …

Meet the grin reaper: Password manager now snaps login SELFIES

Forget master passwords, literally. Password manager LogmeOnce has come up with a new-ish way to log into websites – selfies. The cloud-based biz told El Reg today it has added a new PhotoLogin option which takes a photo of you and uses it to unlock the services you're trying to access. It works by getting you to take a …
Kieren McCarthy, 28 Jun 2016
Hitomi

Jaxa's litany of errors spun Hitomi to pieces

Japan's space agency Jaxa has detailed the litany of errors that ended with the failure of its Hitomi (Astro-H) spacecraft. The agency has published a 90-page discussion of what caused the break-up. Their conclusions are pretty damning for the agency, centring around a lack of protocols to manage a major change in the craft's …
2001: A Space Odyssey

Lie back and think of cybersecurity: IBM lets students loose on Watson

IBM is teaming up with eight North American universities to further tune its cognitive system to tackle cybersecurity problems. Watson for Cyber Security, a platform already in pre-beta, will be further trained in “learning the nuances of security research findings and discovering patterns and evidence of hidden cyber attacks …
John Leyden, 12 May 2016
Furnace by https://www.flickr.com/photos/changeable_fate/ cc 2l0 attribution generic https://creativecommons.org/licenses/by/2.0/

Hackers tear shreds off Verizon's data breach report top 10 bug list

Information security boffins have pilloried Verizon's latest data breach report, suggesting its list of top security vulnerabilities do not represent reality. The 2016 Data Breach Investigations report [PDF] is Verizon's ninth in the series drawing on a wider pool of data including some 100,000 security incidents and 2260 data …
Darren Pauli, 12 May 2016

Music's value gap? Follow the money trail back to Google

Analysis If you want to understand the economics of the music industry, imagine that you make wellies: Prestige Boots. They’re excellent wellies, well reviewed and loved by customers. You deserve to crack the big time, so you arrange a meeting with Hypothetical Hypermarkets. In his swanky office, the Hypermarket buyer tells you how …
Andrew Orlowski, 14 Apr 2016
Lady looking at phone with the world map in the background connecting with the phone

ESET blocks news sites

Antivirus updates from security firm ESET blocked access to El Reg today. Other news websites such as the BBC were also affected by Thursday's update. The snafu caused a certain amount of consternation (here and here) before it was resolved with a rollback to previous virus definition files. ESET told The Reg: "Today, ESET …
John Leyden, 07 Apr 2016

Auto vulnerability scanners turn up mostly false positives

Nullcon Automated vulnerability scanners turn up mostly false positives, but even the wild goose chase that results can be cheaper for businesses than manual processes, according to NCC Group security engineer Clint Gibler. At the Nullcon security conference in Goa, India, Gibler said he pointed an unnamed automated scanner at 100 of …
Darren Pauli, 14 Mar 2016

Microsoft gets into the advanced intrusion sniffer game – but only for Windows 10

RSA 2016 Microsoft will be rolling out a new form of security system for enterprises later this year aimed at stopping attacks as soon as they happen. Dubbed Windows Defender Advanced Threat Protection, the system will monitor a company's computer systems looking for signs that an attack is occurring. If someone starts trying to break …
Iain Thomson, 02 Mar 2016

Borked ESET antivirus update says entire web is too risky to browse

Surfers who rely on ESET anti-virus are having a hard time surfing the web following a misfiring anti-virus update, pushed out on Monday morning. The update is stopping people who apply it from browsing most of the internet, including ESET’s own site. Sites such as Amazon, MSN and more are falsely being labelled as …
John Leyden, 29 Feb 2016

Winning Underhand C Contest code silently tricks nuke inspectors

The winner of an annual competition to write the best innocent-looking but actually malicious C code has been announced – and it involves hoodwinking nuclear weapons inspectors. Hypothetically, of course. On Wednesday, the Underhand C Contest named Linus Åkesson the champion of its 2015 fixture. His prize: $1,000 (£685). …
Chris Williams, 04 Feb 2016
spy_eye_648

IBM buys fraud sniffing biz for real-time protection

IBM has assimilated a German payment fraud prevention business, IRIS Analytics, a provider of a real-time fraud analytics engine using machine learning algorithms, for undisclosed terms. "By integrating IRIS Analytics with IBM's counter fraud technology, we will help organisations more accurately detect fraud at scale and …
Shouting match

How hard can it be to kick terrorists off the web? Tech bosses, US govt bods thrash it out

Senior US government executives and Silicon Valley's tech captains are sitting down together in San Jose, California, on Friday to try and sort out a way to combat terrorism online. The meeting, will include Attorney General Loretta Lynch, FBI Director James Comey, National Intelligence Director James Clapper and National …
Iain Thomson, 08 Jan 2016
Onions

Tor launches invite-only exploit bug bounty

Tor will this year investigate an exploit bug bounty paying researchers cash for flaws, lead developer Mike Perry says. The HackerOne invite-only scheme is expected to be opened to the public after Tor finds its feet handling disclosures. Bug bounties are a booming initiative under which tens of thousands of dollars are being …
Darren Pauli, 05 Jan 2016

Yahoo! crypto! queen! turns! security! code! into! evil! tracker!

Yahoo! crypto ace Yan Zhu has found twin attacks that allow websites to learn the web histories of visitors users by targeting HTTP Strict Transport Security (HSTS). The timing attack, which works regardless of cookie clearing, was demonstrated on Firefox and Chrome last Sunday at the Toorcon security conference. The attack …
Darren Pauli, 28 Oct 2015

Qualcomm proposes brain implants for IP cameras

If you take the vision stuff at face value, the latest company to announce its vision of hell on Earth is Qualcomm, which some of the more breathless of the tech press reckons wants to create the “conscious” camera. Well, it's a little shy of consciousness, thank heavens. What the chip-shipper has announced is an IP camera …

FBI, US g-men tried to snatch DNA results from blood-testing biz. What a time to be alive

+Comment Not content with snooping on your emails, whereabouts and telephone calls, it appears the Feds now want your DNA results. DNA testing company 23andMe says it has received four requests from law enforcement agencies for "user data" in the past quarter, all of them from the United States. Those stats came in the first " …
Kieren McCarthy, 21 Oct 2015
man_from_uncle_648

Viral virus bunfight: Dr Web tested rivals like Kaspersky Lab

Russian anti-malware firm Dr.Web tested rivals to see if they blindly accepted malware reports shared through cross-industry intelligence systems like Kaspersky Lab, according to investigative reporter Brian Krebs. However, Dr.Web stopped short of using services such as VirusTotal to trip up rivals, the focus of fiercely …
John Leyden, 02 Sep 2015

Boffins laugh at Play Store bonehead security with instant app checker

An armada of university researchers have devised a novel method of detecting malicious applications on Android app, and by way of demonstration have dug up 127,429 shady software offerings, including some bearing exploits for a whopping 20 zero days. The scheme dubbed MassVet is the brainchild of eight researchers: Kai Chen; …
Darren Pauli, 31 Aug 2015
Eugene Kaspersky in Sydney

Kaspersky: Freemasons coded fake malware in the Bermuda Triangle

Eugene Kaspersky has taken to his blog to make another stinging rebuttal of a Reuters report that alleged the company that bears his name deliberately sabotaged rival antivirus packages. “The Reuters story is based on information provided by anonymous former KL employees. And the accusations are complete nonsense, pure and …
Simon Sharwood, 17 Aug 2015
Toilet

'We've got the sanitation problem solved', says world's richest poop drinker

QuoTW This week, the headlines were dominated by Lenovo's bad behaviour, Google's dot-xyz obsession and a story from Silicon Valley, where even the trailer parks have $40m drama. These were some of the best quotes: The team behind the film Dallas Buyer's Club wants to go pirate hunting down under, but local authorities aren't so …
Team Register, 16 Aug 2015
Eugene Kaspersky in Sydney

I've seen Kaspersky slap his staff with a walrus penis – and even I doubt the false-positive claims

Comment Eugene Kaspersky is a complex character and capable of many things, but Friday's allegations that he ordered staff to deliberately sabotage rival antivirus packages smells fishy. On the one hand, the problem of AV products flagging up false positives is well known. Signature-file detection of software nasties is dated, and of …
Iain Thomson, 15 Aug 2015

Kaspersky Lab denies tricking AV rivals into nuking harmless files

Kaspersky Lab deliberately fed bogus malware to its rivals to sabotage their antivirus products, two anonymous former employees allege. Kaspersky says the accusations are false. Reuters reported today that two ex-Kaspersky engineers claim they were tasked with tricking competing antivirus into classifying benign executables …
John Leyden, 14 Aug 2015
virus_1_648

Want to download free AV software? Don't have a Muslim name

Exclusive Software export controls are being applied to blacklisted people as well as countries: and these controls apply to routine security packages such as freebie antivirus scanning software, as well as more sensitive technologies, El Reg has concluded. We've come to this way of thinking after investigating why Reg reader Hasan Ali …
John Leyden, 07 Aug 2015

GOOGLE GMAIL ATE MY LINUX: Gobbled email enrages Torvalds

Linux kernel supremo Linus Torvalds has published a scathing open letter to Google's Gmail team after discovering that the service had incorrectly marked hundreds of his incoming email threads as spam – including ones containing kernel patches. "Something you did recently has been an unmitigated disaster," Torvalds wrote in …
Neil McAllister, 17 Jul 2015

It's 2015 and Microsoft has figured out anything can break Windows

Microsoft head software engineer Lee Holmes says Windows 10 applications will now be able to plug into installed anti-virus platforms to better combat malicious scripts. Holmes says the Windows 10 Antimalware Scan Interface (AMSI) will allow apps and services to use anti-virus to find badness operating in memory. He says most …
Darren Pauli, 12 Jun 2015

F*cking DLL! Avast false positive trashes Windows code libraries

A misfiring signature update from anti-virus developer Avast triggered all sorts of problems on Wednesday. Avast acted promptly by withdrawing the definition update but not before numerous users had fallen foul of the problem. The withdrawn update incorrectly labelled various libraries (dlls) on Windows PCs as potentially …
John Leyden, 07 May 2015
Netflix FIDO logo

Netflix looses FIDO hack attack dog as open source

Netflix has released source code for its automated incident response tool to help organisations cut through the noise of security alerts. Project lead and security boffin Rob Fry together with Brooks Evans, and Jason Chan announced the unleashing of the Fully Integrated Defense Operation (FIDO) saying it has chewed the time to …
Darren Pauli, 05 May 2015
Cheat by https://www.flickr.com/photos/sohelparvezhaque/ CC 2.0 attribution https://creativecommons.org/licenses/by/2.0/

CHEATER! Test labs out AV vendor for using rival's engine

Chinese anti-virus vendor Qihoo 360 has been caught cheating on benchmarking tests by submitting versions running A-V engines from rival Bitdefender. The company has been reprimanded by established testing outfits Virus Bulletin, Av-Comparatives, and AV-Test which withdrew its 2015 certifications. In a joint statement [PDF] the …
Darren Pauli, 01 May 2015
Percentage of mobile malware on Android

Fandroids, take your phone's antivirus and burn it – Android bod

RSA 2015 Google takes a lot of stick from Apple and others over malware on the Android platform, but the company thinks the OS is now so secure that users don't need antivirus software. Speaking at the RSA Conference in San Francisco this week, Adrian Ludwig, lead engineer for Android security, explained that Google is now scanning for …
Iain Thomson, 24 Apr 2015
Borked computer keyboard

Review: McAfee Endpoint Protection for SMB

Anti-virus – sorry, endpoint security - programs suck. I loathe them and they have been the bane of my professional existence for the better part of 20 years. Despite the crushing, crushing sadness that they cause, the call came down to review Intel Security’s latest endpoint security product, McAfee Endpoint Protection Advanced …
Trevor Pott, 23 Mar 2015
bug on keyboard

Panda antivirus labels itself as malware, then borks EVERYTHING

Panda users had a bad hair day on Wednesday, after the Spanish security software firm released an update that classified components of its own technology as malign. As a result, enterprise PCs running the antivirus software tied themselves in something of a knot, leaving some systems either unstable or unable to access the …
John Leyden, 11 Mar 2015

Redmond boffins build coffins for exploit kits

Microsoft boffins have crafted what they say is the world's first platform specifically designed to kill exploit kits. The tool goes by the name "Kizzle" and is a fast signature compiler that targeted the common practise of code-reuse by malware authors, and could generate identifying signatures weeks ahead of current anti- …
Darren Pauli, 24 Feb 2015
Close-up of the flu virus (artist's impression) - Shutterstock

Google unleashes tame botnet to hunt XSS in cloudy code

Google has unleashed its own application security scanner, potentially rescuing admins from 'fiddly' existing offerings. The scanner will check code running in App Engine for cross-site scripting (XSS) and mixed content vulnerabilities. Choc Factory engineering head Rob Mann says its scanner uses its Compute Engine to forge a …
Darren Pauli, 20 Feb 2015

EVIL US web giants shield TERRORISTS? Evil SPIES in net freedom CRUSH PLOT?

Analysis Evil US Internet companies are shielding terrorists plotting our destruction! Woo! Evil Tory bastards are using the Woolwich Report as an excuse for a further crackdown on the Internet, muslims and ultra-left Guardian columnists.* Woo! Or, perhaps, neither of the above? All the shouting is based on the parliamentary …
John Lettice, 28 Nov 2014
hand with thumb up

Disturbance in the force lets phones detect gestures with Wi-Fi

How would you like a phone that gives you gesture recognition - without needing to buy a new phone? That's the tantalising prospect offered by a project at the University of Washington (UoW), which uses the existing Wi-Fi capabilities of consumer-grade devices (laptops were used for the research paper) to work out peoples' …
Tor

Attack reveals 81 percent of Tor users but admins call for calm

The Tor project has urged calm after new research found 81 percent of users could be identified using Cisco's NetFlow tool. A research effort led by professor Sambuddah Chakravarty from the Indraprastha Institute of Information Technology in Delhi found that well-resourced attackers such as a nation-state could effectively …
Darren Pauli, 17 Nov 2014

Yes, Samaritans, the law DOES apply to you. Even if you mean well

Downrange Earlier this week suicide prevention and counselling charity the Samaritans launched an app that scans Twitter timelines and alerts users whenever anyone appears to be depressed. Yet the backlash against this creepy automated scanning is astonishing – and the Samaritans appear to be ducking their legal obligations. As we …
Gareth Corfield, 02 Nov 2014

EFF: Cops' spyware for parents is insecure – and a fat waste of money

Spyware distributed by US police to parents so they can check their precious little snowflakes aren't getting up to no good online is worse than useless, according to a new report by the Electronic Frontier Foundation (EFF). The Windows and OS X software, dubbed ComputerCOP, has been purchased by 245 or so police departments …
Iain Thomson, 03 Oct 2014
BBC logo 2012

Heavy VPN users are probably pirates, says BBC

BBC Worldwide, the commercial arm of the BBC that markets its products around the world, has told Australia's government that heavy users of “IP obfuscation tools” are so suspicious that internet service providers (ISPs) should consider them as likely content pirates. The organisation states that case in a submission (PDF) to …
Simon Sharwood, 09 Sep 2014
apple mac malware vxer

Mac security packages range from peachy to rancid – antivirus tests

Updated Independent tests of Mac antivirus products have discovered that the effectiveness of these security packages runs from a risible 20 per cent to an unimpeachable 100 per cent. German security lab AV-TEST.org put 18 free and paid-for Mac OS X security products and services to the test, discovering widely differing performances …
John Leyden, 04 Sep 2014
Spam

Security rEsrchRs find nu way 2 spot TXT spam

Symantec boffins reckon it's no longer enough to shield e-mail users from malicious email and that spam and phishing over SMS are now worthy of some decent defences. They've even penned a study to back up the proposition, suggesting that SMS spam could be 97 per cent detectable with a false positive rate as low as 0.02 per cent …
Mozilla Firefox Fox sitting down

Lazy sysadmins rooted in looming Mozilla cert wipeout

Mozilla is about to revoke some weak X.509 PKI certs, and has warned sysadmins that it will affect the Firefox browser and they'll need to assess their infrastructure. The four affected root certificates from Entrust and ValiCert are marked for removal because they contained weak keys. A further seven from CyberTrust, Thawte …
Darren Pauli, 20 Aug 2014

Check your Clungene, Irish women warned

Ireland's Health Products Regulatory Authority (HPRA) has advised any woman who's trying to get pregnant to check her Clungene, if indeed she's using the Chinese pregnancy test kit to confirm she's up the duff. In some cases, the product has been providing false positives, so just when you think your Clungene is telling you …
Lester Haines, 07 Aug 2014
Professor Eryk Dutkiewicz, Macquarie University

All those new '5G standards'? Here's the science they rely on

The 5G arms race has commenced, but beneath the duelling “my 5G is faster than your 5G” demos, there's serious work going on – and whatever the future of 5G, that work will change the future of mobility one way or the other. With that in mind, The Register spoke to Professor Eryk Dutkiewicz of Macquarie University. In May, …