Vendors of anti-virus products have commented on the false positive
problems incurred by McAfee over the past 12 hours.
Mel Morris, CEO at Prevx, claimed that the flawed update is 'another
symptom of the increasing sophistication of malware writers and will
be a problem that will continue to escalate over time'.
Sympathising with McAfee, he said: "Criminals are essentially either
hijacking or mimicking core Operating System components by giving
malware the same name as many of these components. This not only makes
it much harder for research labs to spot attacks, but also increases
the chances of a false positive whereby something is wrongly
identified as a piece of malware.
"In the pressure to act quickly and get a cure out, vendors will
inadvertently remove critical OS components and disable millions of
PCs in one go. What many of these vendors need is technology that can
more effectively identify these types of malware attacks by tracking
them in real-time and automating the process of detection."
David Harley, director of malware intelligence at ESET, claimed that
the company was not going to capitalise on McAfee's unfortunate false
positive problem as such problems can arise for any anti-virus vendor.
He said: "It's an inevitable risk when you're trying to walk the line
between the best possible detection of threats and avoidance of false
detections. Fortunately, most false positives don't have such public
consequences, and McAfee deserves more credit than they've received
for their prompt response and attempts at remediation. Again, I
wouldn't expect less of a reputable vendor."
Graham Cluley, senior technology consultant for Sophos, warned that
hackers are exploiting the problem with blackhat SEO (search engine
optimisation) techniques to create web pages stuffed with content
which appears to be related to McAfee's false alarm problem. These are
on the front page of Google results if users search for phrases
associated with McAfee's false positive.
Cluley said: "It's bad enough if many of the computers in your company
are out of action because of a faulty security update, but it's even
worse if you infect your network by Googling for a fix.
"The hackers know that users turn to search engines when they are
looking for the latest news on a breaking story, and are lying in wait
to infect the unwary."
Finally, Sunbelt Software moved to offer McAfee enterprise customers,
who may be unhappy with recent events, six months of free maintenance
added to any new order placed before 30th June 2010.
Jim Moise, senior vice president of sales and marketing for Sunbelt
Software, said: "Based on recent events, we are seeing record numbers
of McAfee enterprise customers looking for an alternative solution for
endpoint security. In order to make the transition to VIPRE easier, we
are offering them a simple financial incentive to move to our endpoint
security solution."
No comments:
Post a Comment