December 26, 2007

Perhaps They Should Have Tested More - Kaspersky Lab

A faulty signature update from the anti-virus vendor Kaspersky caused Windows Explorer to be identifed as a low-risk virus.

For many, this meant it would be quarantined, or perhaps even deleted - causing Windows to stop functioning.
"David Emm, senior technology consultant at Kaspersky Lab UK, said one UK enterprise customer and three end-users had reported problems with the false alert. "False alarms occasionally happen, and we take the issue seriously when it does," he told El Reg. "We have test systems in place to minimise the risk of this happening, but this seemed to have slipped through the net."

He added that Kaspersky would review the false alert, alongside last week's glitch, to see what improvements might be made to its internal testing system in order to minimise the risk of any similar errors in future"

And it's not the first problem with signature updates from Kaspersky recently.  An earlier bug could cause some machines to lock up, after the next correct signature update.
"Unfortunately, the error did not occur when the defective threat signature update was initially installed, but only when the next correct update was performed. Therefore, the error was not detected during internal testing of the defective update and was subsequently sent out to users of the company's products."

Back in March, Eugene Kaspersky was critical of similar problems in Microsoft's anti-virus software.

At that time, Kaspersky indicated that their own false positives were almost toally stopped by their automated testing.
"Kaspersky said that false positives are not just a problem for Microsoft, but for the whole antivirus industry. He said that about 1 percent of Kaspersky records were false positives, but they were almost totally stopped by the company's test robots. He added, however, that sometimes false positives are released by Kaspersky."