It was an Ed Bott article which got me to thinking, “just how many anti-virus false positives have I dealt with over the years?”. Six. A false positive is when your anti-virus product flags a non-virus file as being virus-infected.
|Number of false positive virus updates which impacted my customers?||6|
|Number of virus outbreaks which occurred, which the AV products missed?||3|
|Number of virus outbreaks actually prevented by an AV product?||0|
I’ve often thought that enterprise customers should pilot AV updates before inflecting them on their wider user community. I mean, what’s the point of having an AV product which effectively does more damage than an actual outbreak?
Here is the list of anti-virus updates I’ve seen which have caused some havoc for customers. It was longer than I thought it would be.
|AV product||Date||Product it killed||Customer impact|
|McAfee AV||April 2010||Windows||Minor. We stopped it in time.|
|CA eTrust||September 2008||Spybot S&D||Couldn’t use SpyBot as eTrust deleted the .exe|
|CA Pest Patrol||March 2005||IBM SameTime||20,000+ computers unable to use instant messaging product.|
|CA eTrust||January 2004||Windows||Stopped Windows booting in two countries.|
|CA eTrust||December 2003||WiseScript created utilities||Broke a number of software installations, and caused a logon error on 1,000+ computers.|
|Symantec Norton AV||November 2001||InstallShield created software installs.||When trying to install a particular VPN product, Symantec said the install was “NIMBA”. Stopped a country-wide deployment for a week.|
The anti-virus product I use at home? Microsoft Security Essentials.