Articles about False Positives

F*cking DLL! Avast false positive trashes Windows code libraries

A misfiring signature update from anti-virus developer Avast triggered all sorts of problems on Wednesday. Avast acted promptly by withdrawing the definition update but not before numerous users had fallen foul of the problem. The withdrawn update incorrectly labelled various libraries (dlls) on Windows PCs as potentially malign …
John Leyden, 07 May 2015
The zone where Australian planes are searching for MH370 debris

MH370 'pings' dismissed as false positives

Updated A US Navy official has gone on the record as saying that the “pings” first thought to have come from missing Malaysian Airlines flight MH370 probably weren't from the aircraft's black box – and has almost immediately been spurned by his bosses. Back in April, Australian prime minister Tony Abbott held a press conference in which …
Artist's impression of an exoplanet orbiting a star in the cluster Messier 67

Exoplanets' chemicals may give false-positives for life, boffins say

Astronomers and exobiologists looking for spectral signatures as indicators of life might be chasing a chimera. That's the gloomy conclusion of a study published at PNAS, which says inferring the existence of biospheres on exoplanets “might be beyond our reach in the foreseeable future”. Since all we know about exoplanets is …
Eugene Kaspersky in Sydney

I've seen Kaspersky slap his staff with a walrus penis – and even I doubt the false-positive claims

Comment Eugene Kaspersky is a complex character and capable of many things, but Friday's allegations that he ordered staff to deliberately sabotage rival antivirus packages smells fishy. On the one hand, the problem of AV products flagging up false positives is well known. Signature-file detection of software nasties is dated, and of …
Iain Thomson, 15 Aug 2015
Eugene Kaspersky in Sydney

Kaspersky: Freemasons coded fake malware in the Bermuda Triangle

Eugene Kaspersky has taken to his blog to make another stinging rebuttal of a Reuters report that alleged the company that bears his name deliberately sabotaged rival antivirus packages. “The Reuters story is based on information provided by anonymous former KL employees. And the accusations are complete nonsense, pure and …
Simon Sharwood, 17 Aug 2015

GOOGLE GMAIL ATE MY LINUX: Gobbled email enrages Torvalds

Linux kernel supremo Linus Torvalds has published a scathing open letter to Google's Gmail team after discovering that the service had incorrectly marked hundreds of his incoming email threads as spam – including ones containing kernel patches. "Something you did recently has been an unmitigated disaster," Torvalds wrote in …
Neil McAllister, 17 Jul 2015

Kaspersky Lab denies tricking AV rivals into nuking harmless files

Kaspersky Lab deliberately fed bogus malware to its rivals to sabotage their antivirus products, two anonymous former employees allege. Kaspersky says the accusations are false. Reuters reported today that two ex-Kaspersky engineers claim they were tasked with tricking competing antivirus into classifying benign executables …
John Leyden, 14 Aug 2015
The Register breaking news

Avast false alarm hits Steam's weekend gamers

Freebie anti-virus scanner Avast falsely identified an executable associated with the popular Steam gaming platform as a Trojan on Sunday. The snafu, which persisted for around 90 minutes, meant that SteamService.exe was wrongly identified as a Trojan (specifically Trojan-gen) and sent to quarantine. Judging by posts on Steam …
John Leyden, 06 Feb 2012
Percentage of mobile malware on Android

Fandroids, take your phone's antivirus and burn it – Android bod

RSA 2015 Google takes a lot of stick from Apple and others over malware on the Android platform, but the company thinks the OS is now so secure that users don't need antivirus software. Speaking at the RSA Conference in San Francisco this week, Adrian Ludwig, lead engineer for Android security, explained that Google is now scanning for …
Iain Thomson, 24 Apr 2015
Toilet

'We've got the sanitation problem solved', says world's richest poop drinker

QuoTW This week, the headlines were dominated by Lenovo's bad behaviour, Google's dot-xyz obsession and a story from Silicon Valley, where even the trailer parks have $40m drama. These were some of the best quotes: The team behind the film Dallas Buyer's Club wants to go pirate hunting down under, but local authorities aren't so …
Team Register, 16 Aug 2015

It's 2015 and Microsoft has figured out anything can break Windows

Microsoft head software engineer Lee Holmes says Windows 10 applications will now be able to plug into installed anti-virus platforms to better combat malicious scripts. Holmes says the Windows 10 Antimalware Scan Interface (AMSI) will allow apps and services to use anti-virus to find badness operating in memory. He says most …
Darren Pauli, 12 Jun 2015
Spam

Security rEsrchRs find nu way 2 spot TXT spam

Symantec boffins reckon it's no longer enough to shield e-mail users from malicious email and that spam and phishing over SMS are now worthy of some decent defences. They've even penned a study to back up the proposition, suggesting that SMS spam could be 97 per cent detectable with a false positive rate as low as 0.02 per cent …
Cheat by https://www.flickr.com/photos/sohelparvezhaque/ CC 2.0 attribution https://creativecommons.org/licenses/by/2.0/

CHEATER! Test labs out AV vendor for using rival's engine

Chinese anti-virus vendor Qihoo 360 has been caught cheating on benchmarking tests by submitting versions running A-V engines from rival Bitdefender. The company has been reprimanded by established testing outfits Virus Bulletin, Av-Comparatives, and AV-Test which withdrew its 2015 certifications. In a joint statement [PDF] the …
Darren Pauli, 01 May 2015
Close-up of the flu virus (artist's impression) - Shutterstock

Google unleashes tame botnet to hunt XSS in cloudy code

Google has unleashed its own application security scanner, potentially rescuing admins from 'fiddly' existing offerings. The scanner will check code running in App Engine for cross-site scripting (XSS) and mixed content vulnerabilities. Choc Factory engineering head Rob Mann says its scanner uses its Compute Engine to forge a …
Darren Pauli, 20 Feb 2015

Boffins laugh at Play Store bonehead security with instant app checker

An armada of university researchers have devised a novel method of detecting malicious applications on Android app, and by way of demonstration have dug up 127,429 shady software offerings, including some bearing exploits for a whopping 20 zero days. The scheme dubbed MassVet is the brainchild of eight researchers: Kai Chen; …
Darren Pauli, 31 Aug 2015
The Register breaking news

Sophos says sorry over Google Analytics false alarm

Updated Sophos has apologised after its security screening technology went awry and began falsely warning users when they visited websites running Google Analytics. The false positive - which identified web content served up from google-analytics.com as malicious code (specifically HTMLGen-A) - kicked in at around 05:15 GMT and …
John Leyden, 10 Jun 2011
Netflix FIDO logo

Netflix looses FIDO hack attack dog as open source

Netflix has released source code for its automated incident response tool to help organisations cut through the noise of security alerts. Project lead and security boffin Rob Fry together with Brooks Evans, and Jason Chan announced the unleashing of the Fully Integrated Defense Operation (FIDO) saying it has chewed the time to …
Darren Pauli, 05 May 2015

Check your Clungene, Irish women warned

Ireland's Health Products Regulatory Authority (HPRA) has advised any woman who's trying to get pregnant to check her Clungene, if indeed she's using the Chinese pregnancy test kit to confirm she's up the duff. In some cases, the product has been providing false positives, so just when you think your Clungene is telling you …
Lester Haines, 07 Aug 2014

IEEE expands malware initiatives

Standards body the IEEE has launched two new anti-malware initiatives designed to help software and security vendors spot malware that's been inserted into other software, and improve the performance of malware detection by cutting down on false positives. The organisation's Anti-Malware Support Service (AMSS) is designed to …
Tor

Attack reveals 81 percent of Tor users but admins call for calm

The Tor project has urged calm after new research found 81 percent of users could be identified using Cisco's NetFlow tool. A research effort led by professor Sambuddah Chakravarty from the Indraprastha Institute of Information Technology in Delhi found that well-resourced attackers such as a nation-state could effectively …
Darren Pauli, 17 Nov 2014

False positives run amok in Vista anti-virus tests

The first independent tests of anti-malware products on 64-bit Windows Vista revealed a rash of false positives. Of the 20 products submitted for testing to independent security certification body Virus Bulletin, six generated false positives when scanning a set of known clean files. As a result, the product failed to earn …
John Leyden, 03 Aug 2007
virus_1_648

Want to download free AV software? Don't have a Muslim name

Exclusive Software export controls are being applied to blacklisted people as well as countries: and these controls apply to routine security packages such as freebie antivirus scanning software, as well as more sensitive technologies, El Reg has concluded. We've come to this way of thinking after investigating why Reg reader Hasan Ali …
John Leyden, 07 Aug 2015
bug on keyboard

Panda antivirus labels itself as malware, then borks EVERYTHING

Panda users had a bad hair day on Wednesday, after the Spanish security software firm released an update that classified components of its own technology as malign. As a result, enterprise PCs running the antivirus software tied themselves in something of a knot, leaving some systems either unstable or unable to access the …
John Leyden, 11 Mar 2015

Redmond boffins build coffins for exploit kits

Microsoft boffins have crafted what they say is the world's first platform specifically designed to kill exploit kits. The tool goes by the name "Kizzle" and is a fast signature compiler that targeted the common practise of code-reuse by malware authors, and could generate identifying signatures weeks ahead of current anti-virus …
Darren Pauli, 24 Feb 2015
The Register breaking news

Security firms plot revamp to minimise false alarms

Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process. Last week, misfiring updates from Symantec falsely categorised Spotify and Adobe Flash as malicious in two separate incidents. The week before a ropey update from Kaspersky Lab falsely flogged Google AdWords as …
John Leyden, 02 Feb 2010
The Register breaking news

Avira owns up to BitDefender Trojan false alarm

Updated German security firm Avira has admitted it falsely warned that a beta version of an upcoming security package from its Romanian rival was contaminated with a Trojan. Few users outside the testing community would be running Avira and BitDefender 2011 beta 4 at the same time, so the incident is notable only as providing an …
John Leyden, 10 Aug 2010
hand with thumb up

Disturbance in the force lets phones detect gestures with Wi-Fi

How would you like a phone that gives you gesture recognition - without needing to buy a new phone? That's the tantalising prospect offered by a project at the University of Washington (UoW), which uses the existing Wi-Fi capabilities of consumer-grade devices (laptops were used for the research paper) to work out peoples' …

FireEye enters crowded IPS market

Late last week, FireEye took something of a plunge, throwing its hat into the ring of the crowded intrusion prevention system (IPS) market, with a beta of software that adds IPS capability to its virtualised MVX environment. With the IPS to be made available as a license add-on for the company's NX network threat prevention …
Mozilla Firefox Fox sitting down

Lazy sysadmins rooted in looming Mozilla cert wipeout

Mozilla is about to revoke some weak X.509 PKI certs, and has warned sysadmins that it will affect the Firefox browser and they'll need to assess their infrastructure. The four affected root certificates from Entrust and ValiCert are marked for removal because they contained weak keys. A further seven from CyberTrust, Thawte …
Darren Pauli, 20 Aug 2014
apple mac malware vxer

Mac security packages range from peachy to rancid – antivirus tests

Updated Independent tests of Mac antivirus products have discovered that the effectiveness of these security packages runs from a risible 20 per cent to an unimpeachable 100 per cent. German security lab AV-TEST.org put 18 free and paid-for Mac OS X security products and services to the test, discovering widely differing performances in …
John Leyden, 04 Sep 2014
The Register breaking news

Symantec fires off false alarm on WoW update

Updated World of Warcraft denizens are complaining that an anti-virus update published by Symantec over the weekend falsely labelled a component of the game as potentially malign. Instead of throwing spells or wielding axes, fans of the role-playing game who choose Symantec for their security protection complain that the firms is …
John Leyden, 17 May 2010
Borked computer keyboard

Review: McAfee Endpoint Protection for SMB

Anti-virus – sorry, endpoint security - programs suck. I loathe them and they have been the bane of my professional existence for the better part of 20 years. Despite the crushing, crushing sadness that they cause, the call came down to review Intel Security’s latest endpoint security product, McAfee Endpoint Protection Advanced …
Trevor Pott, 23 Mar 2015
Our happy travellers surrounded by armed police at LAX

New BOMB detect-o-tech 'could give sniffer dogs competition': TRUE

Researchers working on a new type of bomb detector technology have made the rather underwhelming boast that their kit "could soon give bomb-sniffing dogs some serious competition". “Bomb-sniffing dogs are expensive to train, and they can become tired,” said study co-lead author Ren-Min Ma, one of the boffins who came up with the …
Lewis Page, 21 Jul 2014
The Register breaking news

HSBC Trojan warning tracked down as false alarm

Updated A false alert left users of Kaspersky's internet security software fearing there was malware on HSBC's website last weekend. Users of Kaspersky Internet Security logging onto HSBC's Personal Internet Banking site were incorrectly informed that a malicious file containing the HTLM-Agent-CE Trojan had been loaded onto their …
John Leyden, 17 Aug 2009

Zoom out for a view of malware, say boffins

One of the reasons malware gets past corporate defences is that a single HTTP request can look perfectly innocent. However, according to research to be presented at a security conference next week, those requests reveal themselves if the defender takes a “big picture” view. According to research to be presented at the Internet …
windows 7 image

Redmond is patching Windows 8 but NOT Windows 7, say security bods

Microsoft has left Windows 7 exposed by only applying patches to its newest operating systems. Researchers found the gaps after they scanned 900 Windows libraries and uncovered a variety of security functions that were updated in Windows 8 but not in 7. They said the shortcoming could lead to the discovery of zero day …
Darren Pauli, 06 Jun 2014
Artist's conception showing the inner four planets of the Gliese 581 system. GJ 581g, potentially habitable, is in the foreground. Credit: Lynette Cook/NSF

ANGRY ALIENS hit by BEBO SPAMGASM probably don't exist

The world is breathing a collective sigh of relief today as interstellar war with aliens from the well-known prospective "Goldilocks" worlds orbiting the star Gliese 581 has been averted – because the planets don't actually exist. Youtube video of the planets orbiting Gliese 581 In the heady early days of the search for planets …

OpenSSL Heartbleed bug sniff tools are 'BUGGY' – what becomes of the broken hearted?

Software that claims to detect the presence of OpenSSL's Heartbleed bug in servers, PCs and other gear may falsely report a system to be safe when users are actually in danger, according to a security consultancy. This finding is disputed by developers publishing tools that test for the vulnerability. The teams behind Nessus, …
John Leyden, 17 Apr 2014
BBC logo 2012

Heavy VPN users are probably pirates, says BBC

BBC Worldwide, the commercial arm of the BBC that markets its products around the world, has told Australia's government that heavy users of “IP obfuscation tools” are so suspicious that internet service providers (ISPs) should consider them as likely content pirates. The organisation states that case in a submission (PDF) to …
Simon Sharwood, 09 Sep 2014
snowden insider theft security

350 DBAs stare blankly when reminded super-users can pinch data

Enterprises are ripe picking grounds for would-be Ed Snowdens, according to a survey conducted by the Ponemon Institute for Raytheon that found hundreds of organisations did not have policies to limit the amount of sensitive data staff can access. The survey of 700 techies found Snowdens-in-waiting were typically database …
Darren Pauli, 21 May 2014
channel

Review site furious over McAfee SiteAdvisor 'false alert'

A UK business had to fight for two weeks to clear its name after falsely being accused of harbouring malware by McAfee's SiteAdvisor service. SiteAdvisor issued a red alert against software review site tech-pro.net at the start of July. It wrongly claimed the site contained a dangerous download. SiteAdvisor uses a mixture of …
John Leyden, 17 Jul 2008
The Register breaking news

Kaspersky defends false detection experiment

Kaspersky Lab has defended its handling of a controversial experiment criticised by some as a marketing exercise of questionable technical value. The Russian anti-virus firm created 20 innocent executable files, adding fake malware detections for ten of the sample, before uploading the files to online online malware scanning …
John Leyden, 10 Feb 2010
bug on keyboard

Infosec bods try Big Data in search for better anti-virus mousetrap

Infosec house Panda Security is looking to Big Data and application monitoring as a means to achieve better malware detection. The launch of Panda Advanced Protection Service (PAPS) is a response to the widely known shortcomings of signature-based anti-virus detection as well as a means for Panda to sell extra services. The …
John Leyden, 20 Jun 2014
The Register breaking news

Eset false alarm puts system files on remand

Slovakian anti-virus firm Eset has confirmed that a misfiring virus definition update wrongly labelled Windows system files as infected with malware. As a result of the dodgy definition key files were identified as a virus and shuffled off into quarantine. Eset said it spotted the problem within minutes and released a new update …
John Leyden, 10 Mar 2009

EFF: Cops' spyware for parents is insecure – and a fat waste of money

Spyware distributed by US police to parents so they can check their precious little snowflakes aren't getting up to no good online is worse than useless, according to a new report by the Electronic Frontier Foundation (EFF). The Windows and OS X software, dubbed ComputerCOP, has been purchased by 245 or so police departments in …
Iain Thomson, 03 Oct 2014
The Tardis in a field

Time travellers outsmart the NSA

If there are time travellers around, they're being careful not to leave their fingerprints on the Internet. That's the conclusion in a paper published at Arxiv, put together by Michigan Technical University physics professor Robert Nemiroff and PhD candidate Teresa Wilson. They searched the Internet for “prescient” signatures – …
Bounty hunters

How much is a security bug report worth to Facebook? About $2,100

Facebook wasn't the first to offer security researchers bounties for reporting vulnerabilities – but the social network reports it paid out $1.5m in 2013 for bug reports, and says it is increasing the amount of cash on offer in the coming year. According to the advertising giant, it received 14,763 reports of suspected flaws …
Iain Thomson, 03 Apr 2014
The Register breaking news

New research cuts Kepler's exoplanet count by one third

A new study has shown that the number of exoplanets – planets outside of our solar system – discovered by NASA's Kepler may be inflated by over a third. The Kepler team's "Table of confirmed planets" (their emphasis) in that spacecraft's slice of the sky now stands at 105. According to the criteria used by NASA's Exoplanet …
Rik Myslewski, 07 Dec 2012

Dodgy Kaspersky update borks THOUSANDS of NHS computers

A misfiring antivirus update from Kaspersky Lab "effectively levelled several networks" last months including systems at Britain's NHS, The Register has learned. A Kaspersky update released on 25 October falsely classified a Windows system file, specifically tcpip.sys, as malign and quarantined it. The procedure left Windows PCs …
John Leyden, 07 Nov 2013
DNA

Bad genes? US watchdog halts 23andMe's handy home DNA test kits

Vanity DNA testing company 23andMe has hit a major roadblock, having been told by the US Food and Drug Administration (FDA) that it must stop selling its personal genome testing kits. Backed by Google and run by Anne Wojcicki, the estranged wife of Google cofounder Sergey Brin, 23andMe has marketed its Saliva Testing Kit and …
Neil McAllister, 25 Nov 2013