Wednesday, November 12, 2008

Anti Virus, can be "dangerous"

AVG LogoRecently, there are reports that AVG (anti virus) update deletes critical Windows XP file causing the system un-bootable.

Many users of AVG 7.5 and AVG 8.0 reported seeing a warning that the Windows system file 'user32.dll' was infected with the PSW.Banker4.APSA or Generic9TBN Trojans, with a recommendation that the file be moved to the program's vault and deleted.

With the file 'user32.dll' deleted/quarantined, Windows XP will no longer be able to boot up as it is a critical system file.

AVG has since admitted that the detection was a false positive. " Unfortunately, the previous virus database might have detected the mentioned virus on legitimate files. We can confirm that it was a false alarm," said a company spokesman.

A workaround under Topics 1574 False Positive user32.dll was published in their support website. (Shown on picture on the right)

Anyway, Anti Virus having false positive is not only unique to AVG. Major Anti Virus companies such as Symantec, Mcafee and Trend Micro also had reported to wrongly identity Windows system file previously. Some examples below:

- In May 2007, Symantec Anti Virus cripples thousands of Chinese systems when it mistakenly identify two critical Windows .dll files for malware (Related Article in "ComputerWorld: Symantec false positive cripples thousands of Chinese PCs")

- In September 2008, Trend Micro issued two anti-virus signatures that causes Windows DLL files to be quarantined. (Related Article in "ZDNet UK: Trend Micro gives false positive details")

- In October 2008, a faulty update from Mcafee led to an integral component of the Windows Vista operating system being falsely flagged as a trojan horse. (Related Article in "The Register: McAfee update classifies Vista component as a Trojan")

Related Articles:
- AVG update deletes critical Windows file

- The Register: AVG slaps Trojan label on core Windows file


Anonymous said...

Well done AVG! Cannot expect too much from a Freeware.

were said...

Anti Virus softwares are always compare with accurancy rate as the false positive rate is very very low, even less than 0.1%.

But u just need 1 out of a millions signatures to "crash" your servers.