Thursday, 27 October 2011

Avira Attacks Self

It's like CA eTrust all over again

Always a bit of a guilty laugh whenever this happens to some poor unsuspecting antivirus vendor. After Wednesday's signature update, Avira's freebie anti-virus offering started marking certain components of its own code as "potentially malign".

Stefan Berka of Avira Operations broke the news thusly on their own support forum: Hello, We have had an false positive for the Avira file AESCRIPT.DLL which was detected as "TR/Spy.463227". Their statistics show around 4,000 false positive samples received on Oct 26, before the fixed Virus Definition File was deployed.

False positives in application files or Windows components are actually quite common, particularly in free offerings like this one, but the last time such an "auto-immune" false detection is known to have occurred was over two years ago, when the CA eTrust antivirus went completely mad, renaming and quarantining parts of itself, together with various bits of MS Visual Studio, Incredibuild, and others. Users at that time were advised to block the update, as well as to consider temporarily disabling on-access scanning. And that was only one month after its previous attack on them pesky Windows system files.

No comments:

Post a Comment