An error made by security software provider McAfee on Friday has caused user systems to delete or quarantine a number of executable files, including some Microsoft Excel documents, that had never been infected by a virus.
The error occurred when McAfee released a new virus definition file with code targeting the W95/CTX virus. This is a common process for antivirus vendors, especially those with a large constituent base.
It is little secret that viruses aimed at Windows are so prevalent that AV vendors must update their software continually to guard against infiltration.
What happened in this case, though, was hardly routine — although it appears it may be more common than most people realize.
McAfee included code in its VDF (virus definition file) that identified clear files as being infected by a virus. This error leads to “false positives,” according to Sophos Senior Security Consultant Ronald O’Brien.
“When an AV vendor issues code which is intended to recognize and correct vulnerabilities in a system’s operating software, occasionally a non-infected file is erroneously identified,” he said.
If the client’s system is set to quarantine files that have been identified as infected, ultimately little damage is done. However, if the system is set to delete such files, a lot of pain can result — depending on the nature of the files that were mistakenly flagged.
Several common file types, including Excel spreadsheets, were affected by the mistake, McAfee said.
If nothing else, the experience serves as yet another illustration of the need for companies and individuals to have stringent back-up processes in place.
“Even if the files [were] deleted by the error, people who backed up their files should be okay,” O’Brien observed.
Once a Quarter
This event also provides a behind-the-scenes look at how the sausage gets made at an AV shop. While most consumers might look at an AV vendor as the final word on Internet security, false positives, in fact, are not a rarity.
News reports suggest that McAfee experiences problems in that vein about once a quarter, O’ Brien pointed out.
Even though they are corrected as soon as possible, making such errors even once every three or four months could be considered frequent by industry standards, he said.
“Hearing how often this happens might not inspire confidence on the part of the company’s clients,” he suggested.