Feeds

Articles about False Positives

The Register breaking news

Avast false alarm hits Steam's weekend gamers

Freebie anti-virus scanner Avast falsely identified an executable associated with the popular Steam gaming platform as a Trojan on Sunday. The snafu, which persisted for around 90 minutes, meant that SteamService.exe was wrongly identified as a Trojan (specifically Trojan-gen) and sent to quarantine. Judging by posts on Steam …
John Leyden, 06 Feb 2012

FireEye enters crowded IPS market

Late last week, FireEye took something of a plunge, throwing its hat into the ring of the crowded intrusion prevention system (IPS) market, with a beta of software that adds IPS capability to its virtualised MVX environment. With the IPS to be made available as a license add-on for the company's NX network threat prevention …
The Register breaking news

Sophos says sorry over Google Analytics false alarm

Sophos has apologised after its security screening technology went awry and began falsely warning users when they visited websites running Google Analytics. The false positive - which identified web content served up from google-analytics.com as malicious code (specifically HTMLGen-A) - kicked in at around 05:15 GMT and …
John Leyden, 10 Jun 2011

Zoom out for a view of malware, say boffins

One of the reasons malware gets past corporate defences is that a single HTTP request can look perfectly innocent. However, according to research to be presented at a security conference next week, those requests reveal themselves if the defender takes a “big picture” view. According to research to be presented at the Internet …

OpenSSL Heartbleed bug sniff tools are 'BUGGY' – what becomes of the broken hearted?

Software that claims to detect the presence of OpenSSL's Heartbleed bug in servers, PCs and other gear may falsely report a system to be safe when users are actually in danger, according to a security consultancy. This finding is disputed by developers publishing tools that test for the vulnerability. The teams behind Nessus, …
John Leyden, 17 Apr 2014
The Register breaking news

Avira owns up to BitDefender Trojan false alarm

German security firm Avira has admitted it falsely warned that a beta version of an upcoming security package from its Romanian rival was contaminated with a Trojan. Few users outside the testing community would be running Avira and BitDefender 2011 beta 4 at the same time, so the incident is notable only as providing an …
John Leyden, 10 Aug 2010
The Register breaking news

Security firms plot revamp to minimise false alarms

Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process. Last week, misfiring updates from Symantec falsely categorised Spotify and Adobe Flash as malicious in two separate incidents. The week before a ropey update from Kaspersky Lab falsely flogged Google AdWords as …
John Leyden, 02 Feb 2010
Bounty hunters

How much is a security bug report worth to Facebook? About $2,100

Facebook wasn't the first to offer security researchers bounties for reporting vulnerabilities – but the social network reports it paid out $1.5m in 2013 for bug reports, and says it is increasing the amount of cash on offer in the coming year. According to the advertising giant, it received 14,763 reports of suspected flaws …
Iain Thomson, 03 Apr 2014

False positives run amok in Vista anti-virus tests

The first independent tests of anti-malware products on 64-bit Windows Vista revealed a rash of false positives. Of the 20 products submitted for testing to independent security certification body Virus Bulletin, six generated false positives when scanning a set of known clean files. As a result, the product failed to earn …
John Leyden, 03 Aug 2007
The Tardis in a field

Time travellers outsmart the NSA

If there are time travellers around, they're being careful not to leave their fingerprints on the Internet. That's the conclusion in a paper published at Arxiv, put together by Michigan Technical University physics professor Robert Nemiroff and PhD candidate Teresa Wilson. They searched the Internet for “prescient” signatures – …

Dodgy Kaspersky update borks THOUSANDS of NHS computers

A misfiring antivirus update from Kaspersky Lab "effectively levelled several networks" last months including systems at Britain's NHS, The Register has learned. A Kaspersky update released on 25 October falsely classified a Windows system file, specifically tcpip.sys, as malign and quarantined it. The procedure left Windows PCs …
John Leyden, 07 Nov 2013
DNA

Bad genes? US watchdog halts 23andMe's handy home DNA test kits

Vanity DNA testing company 23andMe has hit a major roadblock, having been told by the US Food and Drug Administration (FDA) that it must stop selling its personal genome testing kits. Backed by Google and run by Anne Wojcicki, the estranged wife of Google cofounder Sergey Brin, 23andMe has marketed its Saliva Testing Kit and …
Neil McAllister, 25 Nov 2013

NASA to programmers: Save the Earth and fatten your wallet

NASA is teaming up with the asteroid-mining wannabes at Planetary Resources to offer $35,000 in prizes in a contest to develop algorithms to detect Near-Earth Objects (NEOs) – asteroids – with the goal of spotting those that might threaten the Earth. Actually, saving our planet from destruction is but one goal of the Asteroid …
Rik Myslewski, 11 Mar 2014
Skype iPad

Redmond researchers profile Skype scammers

A group of Microsoft researchers has used supervised machine learning to try and improve detection of fraudulent user accounts. With Skype as their test platform, the group says it was able to achieve 68 per cent successful detection of fake accounts within four months of activity, while keeping false positives down to 5 per …
The Register breaking news

Symantec fires off false alarm on WoW update

World of Warcraft denizens are complaining that an anti-virus update published by Symantec over the weekend falsely labelled a component of the game as potentially malign. Instead of throwing spells or wielding axes, fans of the role-playing game who choose Symantec for their security protection complain that the firms is …
John Leyden, 17 May 2010
The Register breaking news

New research cuts Kepler's exoplanet count by one third

A new study has shown that the number of exoplanets – planets outside of our solar system – discovered by NASA's Kepler may be inflated by over a third. The Kepler team's "Table of confirmed planets" (their emphasis) in that spacecraft's slice of the sky now stands at 105. According to the criteria used by NASA's Exoplanet …
Rik Myslewski, 07 Dec 2012
The Register breaking news

Malwarebytes declares Windows 'malicious', nukes 1,000s of PCs

A dodgy software update for virus-killer Malwarebytes disabled thousands of PCs before a fix was issued this week. Malwarebytes' database version v2013.04.15.12 erroneously flagged core Windows system files as malicious, resulting in unstable - and in some cases unbootable - machines. Windows system files were wrongly identified …
John Leyden, 19 Apr 2013
The Register breaking news

HSBC Trojan warning tracked down as false alarm

A false alert left users of Kaspersky's internet security software fearing there was malware on HSBC's website last weekend. Users of Kaspersky Internet Security logging onto HSBC's Personal Internet Banking site were incorrectly informed that a malicious file containing the HTLM-Agent-CE Trojan had been loaded onto their …
John Leyden, 17 Aug 2009
Microsoft Security Essentials

Microsoft Security Essentials loses AV-TEST certification

Microsoft Security Essentials, Redmond’s free antivirus tool for home users and business with up to ten PCs, can detect just 64 per cent of zero-day threats when running under Windows 7. That low detection rate has cost it the AV-TEST Institute’s seal of approval, a certification it hands out to products that meet 11 of 18 …
Simon Sharwood, 30 Nov 2012
padlock

Didn't have time to ask about it in our security Regcast? No problem

Our Regcast Security: Knowing what you don't know - and what you can do about it (on demand version here) brought together Raimund Genes, CTO of Trend Micro, and Freeform Dynamics' Tony Lock, chief security nagging officer of the analyst community. They gave us a fascinating insight into how the security landscape has changed …
Tim Phillips, 11 Apr 2014

Google study finds users ignore Chrome security warnings

You're surfing the 'net when Chrome decides not to bring you the web site of your choice, but instead a page warning that the site you'd hoped to visit might be bogus or contain malware. Do you: (a) Click on “Proceed anyway” because you really want to see the cat picture someone Tweeted to you; (b) Click “Back to safety” …
Simon Sharwood, 15 Jul 2013

Admins warned: Drill SSL knowledge into your Chrome users

Admins of Chrome shops unite – your users are dabbling with dodgy SSL, and you must teach them how to be safer online until Google updates its browser. That's the gist of a new report from Google researcher Adrienne Porter Felt and University of California, Berkeley graduate student Devdatta Akhawe, who trawled some 25 million …
Jack Clark, 10 Aug 2013
The Register breaking news

Kaspersky defends false detection experiment

Kaspersky Lab has defended its handling of a controversial experiment criticised by some as a marketing exercise of questionable technical value. The Russian anti-virus firm created 20 innocent executable files, adding fake malware detections for ten of the sample, before uploading the files to online online malware scanning …
John Leyden, 10 Feb 2010
Evil Android

Android antivirus apps CAN'T kill nasties on sight like normal AV - and that's Google's fault

Android users expecting Windows levels of performance from Android-specific antivirus packages are likely to be disappointed because only Google can automatically delete dodgy apps on Android devices, say malware experts. Anti-malware bods agree that antivirus programs on Android can’t remove viruses automatically, meaning that …
John Leyden, 17 Dec 2013
The Register breaking news

Bank whips out palm-recognition kit - and a severed hand won't work

Italian banking group UniCredit has developed a commercial biometric payment system based on Fujitsu PalmSecure palm vein reader technology. UniCredit selected palm vein reader technology instead of more widely touted biometric technologies, such as fingerprint readers and retina scanners, to underpin a prototype mobile payment …
John Leyden, 06 Mar 2013
The Register breaking news

Eset false alarm puts system files on remand

Slovakian anti-virus firm Eset has confirmed that a misfiring virus definition update wrongly labelled Windows system files as infected with malware. As a result of the dodgy definition key files were identified as a virus and shuffled off into quarantine. Eset said it spotted the problem within minutes and released a new update …
John Leyden, 10 Mar 2009
channel

Review site furious over McAfee SiteAdvisor 'false alert'

A UK business had to fight for two weeks to clear its name after falsely being accused of harbouring malware by McAfee's SiteAdvisor service. SiteAdvisor issued a red alert against software review site tech-pro.net at the start of July. It wrongly claimed the site contained a dangerous download. SiteAdvisor uses a mixture of …
John Leyden, 17 Jul 2008
The Register breaking news

Sophos antivirus classifies its own update kit as malware

Sophos users woke up to mayhem on Thursday after the business-focussed antivirus firm released an update that classified itself and any other update utility as a virus. As a result enterprise PCs running the application went haywire, generating false positives reporting SSH/Updater-B malware. Sysadmins were bombarded with …
John Leyden, 20 Sep 2012
The Register breaking news

Bonkers MS security update flags Google.com as malign

A dodgy update to Microsoft's anti-virus software on Tuesday meant users of the software were wrongly warned that Google's homepage was infected with the infamous Blackhole Exploit Kit. Users of Microsoft's Forefront corporate security products (here) and freebie Security Essentials scanner software (here) were both affected by …
John Leyden, 15 Feb 2012

Microsoft's security apps still trip up on Windows 8

German independent security firm AV-Test has released evaluations of security software for Windows 8 for the first time, and – not entirely surprisingly – it once again found Microsoft's own products were among the weaker performers. The firm tested its usual batch of 25 antivirus products for consumers, plus eight aimed at …
Neil McAllister, 09 Apr 2013
The Register breaking news

DARPA demos cyborg binoculars to spot the enemy

The US Defense Advanced Research Project Agency (DARPA) reports that field trials of a new threat detection system, which augments cameras with a human operator's brainwaves, has shown remarkable success in spotting potential threats. DARPAs been working on the snappily titled Cognitive Technology Threat Warning System (CT2WS) …
Iain Thomson, 20 Sep 2012
The Register breaking news

Avira anti-virus labels itself as spyware

Avira anti-virus detected components of its own application as potentially malign on Wednesday following a dodgy signature update. Avira detected its own AESCRIPT.DLL library file as the previously obscure "TR/Spy.463227" strain of malware. The dodgy AntiVir virus definition file was quickly pulled and replaced with a new …
John Leyden, 26 Oct 2011

US gov SMASHES UP TVs and MICE to nuke tiny malware outbreak

A US Department of Commerce agency has been chastised for spunking $2.7m chasing down a supposed major malware infection that was actually limited to a handful of PCs. The Economic Development Administration adopted a scorched earth policy - isolating itself from the internet before destroying more than $170,000 worth of …
John Leyden, 10 Jul 2013
The Register breaking news

NASA: There are 17 BEEELLION Earth-sized worlds in Milky Way

Scientists scrubbing up data about starlight from NASA's Kepler telescope have used it to estimate that there are 17 billion other Earths in our galaxy, the Milky Way. Artist's impression of the the variety of planets being detected by NASA's Kepler spacecraft, Credit: C. Pulliam & D. Aguilar (CfA) Artist's impression of the …
Anna Leach, 08 Jan 2013

Bit9 wants to bin 'broken' antivirus, install whitelisting tech

Bit9 is using the Infosec show as a launchpad for its move into Europe as part of its wider ambitions to displace traditional antivirus technologies from corporate desktops and data centres. The firm is marketing its brand of trust-based application control and whitelisting as a better way of tackling the growing malware menace …
John Leyden, 24 Apr 2012
The Register breaking news

AV-Test boss dismisses Microsoft criticism of malware test results

A war of words has broken out over security testing, with Microsoft and the AV-Test Institute going head-to-head over Redmond's failure to qualify for the last round of certification from the German testers. On Tuesday, AV-Test announced its December round of security software evaluations, and both Microsoft's Security …
Iain Thomson, 17 Jan 2013
The Register breaking news

Report: Feeble spam filters catch less junk mail

Enterprise spam filters are blocking less junk mail, according to independent tests from Virus Bulletin. During a comparative of 20 corporate email filtering products, several missed more than twice as much spam as in previous editions of the VBSpam tests. Virus Bulletin reckons the drop in performance might be down to improved …
John Leyden, 20 Mar 2012
The Register breaking news

eBay: It's safe to buy busted lava lamps and bug-infested rugs again

eBay has resolved a cross-site scripting bug on its website that independent experts warned posed a significant risk of fraud to users of the auction site. The XSS flaw meant that, once logged into a seller account on eBay, an attacker could insert an XSS exploit code into a listing of an item for sale. The XSS security flaw on …
John Leyden, 22 Nov 2012
The Register breaking news

Paid secur-o-ware is generally better than free, but not always by a lot

Antivirus tests that assess the effectiveness of security products from the moment users visit infected websites have exposed widely differing performances among the various anti-malware products. The unsponsored tests by Dennis Technology Labs, which were run over a three-month period, revealed that the efficacy of paid-for …
John Leyden, 15 Oct 2012
Nigerian 419 plus Unix Terrorism shirts montage

Nigerian scams are hyper-efficient idiot finders

A Microsoft researcher, Cormac Herley, has penned a paper titled “Why do Nigerian Scammers Say They are from Nigeria?” (PDF), and concludes the whoppers the scam includes are actually a very efficient way of finding likely targets. Herley's analysis suggests the scam works because it quickly passes BS-detection thresholds in …
Simon Sharwood, 21 Jun 2012
The Register breaking news

Schneier spanks AV industry over Flame failures

Security guru Bruce Schneier has questioned some of the excuses coming from the antivirus industry as to why it is taking them so long to pick up advanced malware like Flame and Stuxnet. Schneier's scolding was inspired by a mea culpa published in Wired by F-Secure's top security man, Mikko Hypponen. He admitted that when Flame …
Iain Thomson, 19 Jun 2012
The Register breaking news

Norton blocks Facebook as 'phishing site'

Symantec has withdrawn an update to its Norton consumer security software that branded Facebook a phishing site on Wednesday. The snafu meant that users of Norton Internet Security were blocked from accessing the social networking site and were told a "fraudulent web page" had been blocked, as illustrated in a discussion thread …
John Leyden, 14 Oct 2011

Freebie virus scan biz punts belt-and-braces security for suits

Malwarebytes, the anti-virus firm best known for its freebie scanner software, branched out into the enterprise with the launch of corporate products on Monday. Malwarebytes Enterprise Edition (MEE) is designed to catch malware that other anti-virus programs sometimes miss, including some strains of blended attacks (for example …
John Leyden, 17 Sep 2012

Japan to get Android phone with built-in radiation dosimeter

Japan's third network operator, Softbank, has outfitted its latest mass-market handset with a radiation dosimeter, proving that the inscrutable Japanese are just as vulnerable to fear-driven advertising as the rest of us. "I hope that mothers of children will feel safe by carrying this smartphone" said the operator's CEO …
Bill Ray, 29 May 2012

El Reg drills into Office 365: What's under the hood?

Microsoft's cloudy services offering have had an overhaul. Office 365 is faster, stronger, smarter, better and more like TIFKAM (the interface formerly known as Metro), or Modern User as it is now called, than ever before. The new overhaul is a major upgrade in usability and administer ability. Let's take a peek under the hood …
Trevor Pott, 13 May 2013
The Register breaking news

Valve unbans 12,000 Steam 'cheaters'

Valve "erroneously" banned 12,000 gamers for cheating playing Modern Warfare 2 on Steam. In an email today, Gabe Newell, President of Valve, apologised to the banned and confirmed that their accounts were restored. To make amends, the company has given all affected two free copies of Left 4 Dead 2, one to own and one to give to …
Drew Cullen, 27 Jul 2010
The Register breaking news

Fingerprint scanner can detect drugs in sweat

A prototype fingerprint scanner has been developed that can detect the presence of opiates, cannabis, or cocaine in the sweat on a user's fingertip. The device uses special cartridges to take a fingerprint, which are then processed using both chemical testing and a unique photo scanning system. This takes a high resolution image …
Iain Thomson, 11 Nov 2011
The Register breaking news

WinPatrol blames McAfee for lost business

Security software firm WinPatrol has criticised McAfee for a tardy response to a false positive problem that it claims might have lost it business. McAfee wrongly identified the set-up program of a new version of WinPatrol's system monitoring software as malign from around 2 October. WinPatrol complained but McAfee said its …
John Leyden, 11 Oct 2010
The Register breaking news

Boffins devise early-warning bot spotter

Researchers have devised a way to easily detect internet names generated by so-called domain-fluxing botnets, a method that could provide a first-alarm system of sorts that alerts admins of infections on their networks. Botnets including Conficker, Kraken and Torpig use domain fluxing to make it harder for security researchers …
Dan Goodin, 05 Nov 2010
The Register breaking news

Sourcefire jumps into anti-malware market

Sourcefire, the security biz behind the commercial versions of the open-source Snort intrusion-detection software, is bowling itself at enterprises and touting tech designed to quickly detect and block malware outbreaks. FireAMP offers a malware discovery and analysis tool that offers visibility of threats and outbreak control. …
John Leyden, 23 Jan 2012