Anti-virus False Positives – been a few

McAfee - Not Proven Security (image courtesy Lifehacker) It was an Ed Bott article which got me to thinking, “just how many anti-virus false positives have I dealt with over the years?”.   Six.   A false positive is when your anti-virus product flags a non-virus file as being virus-infected.

Number of false positive virus updates which impacted my customers? 6
Number of virus outbreaks which occurred, which the AV products missed? 3
Number of virus outbreaks actually prevented by an AV product? 0

I’ve often thought that enterprise customers should pilot AV updates before inflecting them on their wider user community.  I mean, what’s the point of having an AV product which effectively does more damage than an actual outbreak?

Here is the list of anti-virus updates I’ve seen which have caused some havoc for customers.  It was longer than I thought it would be.

AV product Date Product it killed Customer impact
McAfee AV April 2010 Windows Minor.  We stopped it in time.
CA eTrust September 2008 Spybot S&D Couldn’t use SpyBot as eTrust deleted the .exe
CA Pest Patrol March 2005 IBM SameTime 20,000+ computers unable to use instant messaging product.
CA eTrust January 2004 Windows Stopped Windows booting in two countries.
CA eTrust December 2003 WiseScript created utilities Broke a number of software installations, and caused a logon error on 1,000+ computers.
Symantec Norton AV November 2001 InstallShield created software installs. When trying to install a particular VPN product, Symantec said the install was “NIMBA”.  Stopped a country-wide deployment for a week.

The anti-virus product I use at home?  Microsoft Security Essentials.

Bookmark and Share

Comments are closed.