Articles about False Positives

F*cking DLL! Avast false positive trashes Windows code libraries

A misfiring signature update from anti-virus developer Avast triggered all sorts of problems on Wednesday. Avast acted promptly by withdrawing the definition update but not before numerous users had fallen foul of the problem. The withdrawn update incorrectly labelled various libraries (dlls) on Windows PCs as potentially malign …
John Leyden, 07 May 2015
The zone where Australian planes are searching for MH370 debris

MH370 'pings' dismissed as false positives

Updated A US Navy official has gone on the record as saying that the “pings” first thought to have come from missing Malaysian Airlines flight MH370 probably weren't from the aircraft's black box – and has almost immediately been spurned by his bosses. Back in April, Australian prime minister Tony Abbott held a press conference in which …
Artist's impression of an exoplanet orbiting a star in the cluster Messier 67

Exoplanets' chemicals may give false-positives for life, boffins say

Astronomers and exobiologists looking for spectral signatures as indicators of life might be chasing a chimera. That's the gloomy conclusion of a study published at PNAS, which says inferring the existence of biospheres on exoplanets “might be beyond our reach in the foreseeable future”. Since all we know about exoplanets is …

GOOGLE GMAIL ATE MY LINUX: Gobbled email enrages Torvalds

Linux kernel supremo Linus Torvalds has published a scathing open letter to Google's Gmail team after discovering that the service had incorrectly marked hundreds of his incoming email threads as spam – including ones containing kernel patches. "Something you did recently has been an unmitigated disaster," Torvalds wrote in …
Neil McAllister, 17 Jul 2015
The Register breaking news

Avast false alarm hits Steam's weekend gamers

Freebie anti-virus scanner Avast falsely identified an executable associated with the popular Steam gaming platform as a Trojan on Sunday. The snafu, which persisted for around 90 minutes, meant that SteamService.exe was wrongly identified as a Trojan (specifically Trojan-gen) and sent to quarantine. Judging by posts on Steam …
John Leyden, 06 Feb 2012
Percentage of mobile malware on Android

Fandroids, take your phone's antivirus and burn it – Android bod

RSA 2015 Google takes a lot of stick from Apple and others over malware on the Android platform, but the company thinks the OS is now so secure that users don't need antivirus software. Speaking at the RSA Conference in San Francisco this week, Adrian Ludwig, lead engineer for Android security, explained that Google is now scanning for …
Iain Thomson, 24 Apr 2015

It's 2015 and Microsoft has figured out anything can break Windows

Microsoft head software engineer Lee Holmes says Windows 10 applications will now be able to plug into installed anti-virus platforms to better combat malicious scripts. Holmes says the Windows 10 Antimalware Scan Interface (AMSI) will allow apps and services to use anti-virus to find badness operating in memory. He says most …
Darren Pauli, 12 Jun 2015
Spam

Security rEsrchRs find nu way 2 spot TXT spam

Symantec boffins reckon it's no longer enough to shield e-mail users from malicious email and that spam and phishing over SMS are now worthy of some decent defences. They've even penned a study to back up the proposition, suggesting that SMS spam could be 97 per cent detectable with a false positive rate as low as 0.02 per cent …
Cheat by https://www.flickr.com/photos/sohelparvezhaque/ CC 2.0 attribution https://creativecommons.org/licenses/by/2.0/

CHEATER! Test labs out AV vendor for using rival's engine

Chinese anti-virus vendor Qihoo 360 has been caught cheating on benchmarking tests by submitting versions running A-V engines from rival Bitdefender. The company has been reprimanded by established testing outfits Virus Bulletin, Av-Comparatives, and AV-Test which withdrew its 2015 certifications. In a joint statement [PDF] the …
Darren Pauli, 01 May 2015
Close-up of the flu virus (artist's impression) - Shutterstock

Google unleashes tame botnet to hunt XSS in cloudy code

Google has unleashed its own application security scanner, potentially rescuing admins from 'fiddly' existing offerings. The scanner will check code running in App Engine for cross-site scripting (XSS) and mixed content vulnerabilities. Choc Factory engineering head Rob Mann says its scanner uses its Compute Engine to forge a …
Darren Pauli, 20 Feb 2015
Netflix FIDO logo

Netflix looses FIDO hack attack dog as open source

Netflix has released source code for its automated incident response tool to help organisations cut through the noise of security alerts. Project lead and security boffin Rob Fry together with Brooks Evans, and Jason Chan announced the unleashing of the Fully Integrated Defense Operation (FIDO) saying it has chewed the time to …
Darren Pauli, 05 May 2015

Check your Clungene, Irish women warned

Ireland's Health Products Regulatory Authority (HPRA) has advised any woman who's trying to get pregnant to check her Clungene, if indeed she's using the Chinese pregnancy test kit to confirm she's up the duff. In some cases, the product has been providing false positives, so just when you think your Clungene is telling you …
Lester Haines, 07 Aug 2014
The Register breaking news

Sophos says sorry over Google Analytics false alarm

Updated Sophos has apologised after its security screening technology went awry and began falsely warning users when they visited websites running Google Analytics. The false positive - which identified web content served up from google-analytics.com as malicious code (specifically HTMLGen-A) - kicked in at around 05:15 GMT and …
John Leyden, 10 Jun 2011

IEEE expands malware initiatives

Standards body the IEEE has launched two new anti-malware initiatives designed to help software and security vendors spot malware that's been inserted into other software, and improve the performance of malware detection by cutting down on false positives. The organisation's Anti-Malware Support Service (AMSS) is designed to …
Tor

Attack reveals 81 percent of Tor users but admins call for calm

The Tor project has urged calm after new research found 81 percent of users could be identified using Cisco's NetFlow tool. A research effort led by professor Sambuddah Chakravarty from the Indraprastha Institute of Information Technology in Delhi found that well-resourced attackers such as a nation-state could effectively …
Darren Pauli, 17 Nov 2014
bug on keyboard

Panda antivirus labels itself as malware, then borks EVERYTHING

Panda users had a bad hair day on Wednesday, after the Spanish security software firm released an update that classified components of its own technology as malign. As a result, enterprise PCs running the antivirus software tied themselves in something of a knot, leaving some systems either unstable or unable to access the …
John Leyden, 11 Mar 2015

False positives run amok in Vista anti-virus tests

The first independent tests of anti-malware products on 64-bit Windows Vista revealed a rash of false positives. Of the 20 products submitted for testing to independent security certification body Virus Bulletin, six generated false positives when scanning a set of known clean files. As a result, the product failed to earn …
John Leyden, 03 Aug 2007

Redmond boffins build coffins for exploit kits

Microsoft boffins have crafted what they say is the world's first platform specifically designed to kill exploit kits. The tool goes by the name "Kizzle" and is a fast signature compiler that targeted the common practise of code-reuse by malware authors, and could generate identifying signatures weeks ahead of current anti-virus …
Darren Pauli, 24 Feb 2015
hand with thumb up

Disturbance in the force lets phones detect gestures with Wi-Fi

How would you like a phone that gives you gesture recognition - without needing to buy a new phone? That's the tantalising prospect offered by a project at the University of Washington (UoW), which uses the existing Wi-Fi capabilities of consumer-grade devices (laptops were used for the research paper) to work out peoples' …
The Register breaking news

Security firms plot revamp to minimise false alarms

Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process. Last week, misfiring updates from Symantec falsely categorised Spotify and Adobe Flash as malicious in two separate incidents. The week before a ropey update from Kaspersky Lab falsely flogged Google AdWords as …
John Leyden, 02 Feb 2010
The Register breaking news

Avira owns up to BitDefender Trojan false alarm

Updated German security firm Avira has admitted it falsely warned that a beta version of an upcoming security package from its Romanian rival was contaminated with a Trojan. Few users outside the testing community would be running Avira and BitDefender 2011 beta 4 at the same time, so the incident is notable only as providing an …
John Leyden, 10 Aug 2010

FireEye enters crowded IPS market

Late last week, FireEye took something of a plunge, throwing its hat into the ring of the crowded intrusion prevention system (IPS) market, with a beta of software that adds IPS capability to its virtualised MVX environment. With the IPS to be made available as a license add-on for the company's NX network threat prevention …
Mozilla Firefox Fox sitting down

Lazy sysadmins rooted in looming Mozilla cert wipeout

Mozilla is about to revoke some weak X.509 PKI certs, and has warned sysadmins that it will affect the Firefox browser and they'll need to assess their infrastructure. The four affected root certificates from Entrust and ValiCert are marked for removal because they contained weak keys. A further seven from CyberTrust, Thawte …
Darren Pauli, 20 Aug 2014
apple mac malware vxer

Mac security packages range from peachy to rancid – antivirus tests

Updated Independent tests of Mac antivirus products have discovered that the effectiveness of these security packages runs from a risible 20 per cent to an unimpeachable 100 per cent. German security lab AV-TEST.org put 18 free and paid-for Mac OS X security products and services to the test, discovering widely differing performances in …
John Leyden, 04 Sep 2014
Borked computer keyboard

Review: McAfee Endpoint Protection for SMB

Anti-virus – sorry, endpoint security - programs suck. I loathe them and they have been the bane of my professional existence for the better part of 20 years. Despite the crushing, crushing sadness that they cause, the call came down to review Intel Security’s latest endpoint security product, McAfee Endpoint Protection Advanced …
Trevor Pott, 23 Mar 2015
The Register breaking news

Symantec fires off false alarm on WoW update

Updated World of Warcraft denizens are complaining that an anti-virus update published by Symantec over the weekend falsely labelled a component of the game as potentially malign. Instead of throwing spells or wielding axes, fans of the role-playing game who choose Symantec for their security protection complain that the firms is …
John Leyden, 17 May 2010
Our happy travellers surrounded by armed police at LAX

New BOMB detect-o-tech 'could give sniffer dogs competition': TRUE

Researchers working on a new type of bomb detector technology have made the rather underwhelming boast that their kit "could soon give bomb-sniffing dogs some serious competition". “Bomb-sniffing dogs are expensive to train, and they can become tired,” said study co-lead author Ren-Min Ma, one of the boffins who came up with the …
Lewis Page, 21 Jul 2014

Zoom out for a view of malware, say boffins

One of the reasons malware gets past corporate defences is that a single HTTP request can look perfectly innocent. However, according to research to be presented at a security conference next week, those requests reveal themselves if the defender takes a “big picture” view. According to research to be presented at the Internet …
windows 7 image

Redmond is patching Windows 8 but NOT Windows 7, say security bods

Microsoft has left Windows 7 exposed by only applying patches to its newest operating systems. Researchers found the gaps after they scanned 900 Windows libraries and uncovered a variety of security functions that were updated in Windows 8 but not in 7. They said the shortcoming could lead to the discovery of zero day …
Darren Pauli, 06 Jun 2014
The Register breaking news

HSBC Trojan warning tracked down as false alarm

Updated A false alert left users of Kaspersky's internet security software fearing there was malware on HSBC's website last weekend. Users of Kaspersky Internet Security logging onto HSBC's Personal Internet Banking site were incorrectly informed that a malicious file containing the HTLM-Agent-CE Trojan had been loaded onto their …
John Leyden, 17 Aug 2009
Artist's conception showing the inner four planets of the Gliese 581 system. GJ 581g, potentially habitable, is in the foreground. Credit: Lynette Cook/NSF

ANGRY ALIENS hit by BEBO SPAMGASM probably don't exist

The world is breathing a collective sigh of relief today as interstellar war with aliens from the well-known prospective "Goldilocks" worlds orbiting the star Gliese 581 has been averted – because the planets don't actually exist. Youtube video of the planets orbiting Gliese 581 In the heady early days of the search for planets …

OpenSSL Heartbleed bug sniff tools are 'BUGGY' – what becomes of the broken hearted?

Software that claims to detect the presence of OpenSSL's Heartbleed bug in servers, PCs and other gear may falsely report a system to be safe when users are actually in danger, according to a security consultancy. This finding is disputed by developers publishing tools that test for the vulnerability. The teams behind Nessus, …
John Leyden, 17 Apr 2014
BBC logo 2012

Heavy VPN users are probably pirates, says BBC

BBC Worldwide, the commercial arm of the BBC that markets its products around the world, has told Australia's government that heavy users of “IP obfuscation tools” are so suspicious that internet service providers (ISPs) should consider them as likely content pirates. The organisation states that case in a submission (PDF) to …
Simon Sharwood, 09 Sep 2014
snowden insider theft security

350 DBAs stare blankly when reminded super-users can pinch data

Enterprises are ripe picking grounds for would-be Ed Snowdens, according to a survey conducted by the Ponemon Institute for Raytheon that found hundreds of organisations did not have policies to limit the amount of sensitive data staff can access. The survey of 700 techies found Snowdens-in-waiting were typically database …
Darren Pauli, 21 May 2014
bug on keyboard

Infosec bods try Big Data in search for better anti-virus mousetrap

Infosec house Panda Security is looking to Big Data and application monitoring as a means to achieve better malware detection. The launch of Panda Advanced Protection Service (PAPS) is a response to the widely known shortcomings of signature-based anti-virus detection as well as a means for Panda to sell extra services. The …
John Leyden, 20 Jun 2014
channel

Review site furious over McAfee SiteAdvisor 'false alert'

A UK business had to fight for two weeks to clear its name after falsely being accused of harbouring malware by McAfee's SiteAdvisor service. SiteAdvisor issued a red alert against software review site tech-pro.net at the start of July. It wrongly claimed the site contained a dangerous download. SiteAdvisor uses a mixture of …
John Leyden, 17 Jul 2008
The Register breaking news

Kaspersky defends false detection experiment

Kaspersky Lab has defended its handling of a controversial experiment criticised by some as a marketing exercise of questionable technical value. The Russian anti-virus firm created 20 innocent executable files, adding fake malware detections for ten of the sample, before uploading the files to online online malware scanning …
John Leyden, 10 Feb 2010
The Register breaking news

Eset false alarm puts system files on remand

Slovakian anti-virus firm Eset has confirmed that a misfiring virus definition update wrongly labelled Windows system files as infected with malware. As a result of the dodgy definition key files were identified as a virus and shuffled off into quarantine. Eset said it spotted the problem within minutes and released a new update …
John Leyden, 10 Mar 2009

EFF: Cops' spyware for parents is insecure – and a fat waste of money

Spyware distributed by US police to parents so they can check their precious little snowflakes aren't getting up to no good online is worse than useless, according to a new report by the Electronic Frontier Foundation (EFF). The Windows and OS X software, dubbed ComputerCOP, has been purchased by 245 or so police departments in …
Iain Thomson, 03 Oct 2014
The Tardis in a field

Time travellers outsmart the NSA

If there are time travellers around, they're being careful not to leave their fingerprints on the Internet. That's the conclusion in a paper published at Arxiv, put together by Michigan Technical University physics professor Robert Nemiroff and PhD candidate Teresa Wilson. They searched the Internet for “prescient” signatures – …
Bounty hunters

How much is a security bug report worth to Facebook? About $2,100

Facebook wasn't the first to offer security researchers bounties for reporting vulnerabilities – but the social network reports it paid out $1.5m in 2013 for bug reports, and says it is increasing the amount of cash on offer in the coming year. According to the advertising giant, it received 14,763 reports of suspected flaws …
Iain Thomson, 03 Apr 2014

Dodgy Kaspersky update borks THOUSANDS of NHS computers

A misfiring antivirus update from Kaspersky Lab "effectively levelled several networks" last months including systems at Britain's NHS, The Register has learned. A Kaspersky update released on 25 October falsely classified a Windows system file, specifically tcpip.sys, as malign and quarantined it. The procedure left Windows PCs …
John Leyden, 07 Nov 2013
The Register breaking news

New research cuts Kepler's exoplanet count by one third

A new study has shown that the number of exoplanets – planets outside of our solar system – discovered by NASA's Kepler may be inflated by over a third. The Kepler team's "Table of confirmed planets" (their emphasis) in that spacecraft's slice of the sky now stands at 105. According to the criteria used by NASA's Exoplanet …
Rik Myslewski, 07 Dec 2012
DNA

Bad genes? US watchdog halts 23andMe's handy home DNA test kits

Vanity DNA testing company 23andMe has hit a major roadblock, having been told by the US Food and Drug Administration (FDA) that it must stop selling its personal genome testing kits. Backed by Google and run by Anne Wojcicki, the estranged wife of Google cofounder Sergey Brin, 23andMe has marketed its Saliva Testing Kit and …
Neil McAllister, 25 Nov 2013
The Register breaking news

Malwarebytes declares Windows 'malicious', nukes 1,000s of PCs

A dodgy software update for virus-killer Malwarebytes disabled thousands of PCs before a fix was issued this week. Malwarebytes' database version v2013.04.15.12 erroneously flagged core Windows system files as malicious, resulting in unstable - and in some cases unbootable - machines. Windows system files were wrongly identified …
John Leyden, 19 Apr 2013
Skype iPad

Redmond researchers profile Skype scammers

A group of Microsoft researchers has used supervised machine learning to try and improve detection of fraudulent user accounts. With Skype as their test platform, the group says it was able to achieve 68 per cent successful detection of fake accounts within four months of activity, while keeping false positives down to 5 per …

NASA to programmers: Save the Earth and fatten your wallet

NASA is teaming up with the asteroid-mining wannabes at Planetary Resources to offer $35,000 in prizes in a contest to develop algorithms to detect Near-Earth Objects (NEOs) – asteroids – with the goal of spotting those that might threaten the Earth. Actually, saving our planet from destruction is but one goal of the Asteroid …
Rik Myslewski, 11 Mar 2014
Microsoft Security Essentials

Microsoft Security Essentials loses AV-TEST certification

Microsoft Security Essentials, Redmond’s free antivirus tool for home users and business with up to ten PCs, can detect just 64 per cent of zero-day threats when running under Windows 7. That low detection rate has cost it the AV-TEST Institute’s seal of approval, a certification it hands out to products that meet 11 of 18 …
Simon Sharwood, 30 Nov 2012
Homer Simpson reading on PC

How I poured a client's emails straight into the spam bin – with one Friday evening change

Sysadmin blog By misunderstanding how a single word was being used, I caused a boo-boo that counts as "really stepped in it this time". After a lot of research and testing, I thought that months of "the spam filter is crap, make all the spam go away" warring with "the spam filter is too restrictive because $client can't send me his JavaScript …
Trevor Pott, 04 Jun 2014

Yes, Samaritans, the law DOES apply to you. Even if you mean well

Downrange Earlier this week suicide prevention and counselling charity the Samaritans launched an app that scans Twitter timelines and alerts users whenever anyone appears to be depressed. Yet the backlash against this creepy automated scanning is astonishing – and the Samaritans appear to be ducking their legal obligations. As we …
Gareth Corfield, 02 Nov 2014