Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Sophos f***ks up… big time…

February 22nd 2006 in Uncategorized

http://www.sophos.com/pressoffice/news/articles/2006/02/inqtanafix.html


Ok, so Sophos says “this update was flawed, and Mac OS X users may have been mistakenly warned by Sophos Anti-Virus for Mac OS X that some files on their computers were infected with the worm”


What an exquisite understatement for the chaos this stuff-up caused …. here’s what some affected users say:
http://my.simmons.edu/services/technology/archives/2006/02/this_is_an_aler.shtml


“Users of Simmons Macintosh computers should immediately disconnect their computers from the network.


There is a virus spreading throughout campus that disables Microsoft Office (Excel, PowerPoint and Word). We do not yet know how the virus is spreading. Sophos Antivirus has an update that identifies the virus, but does not yet disinfect.


Because we do not know how it is spreading, the only prevention we have is for Macintosh computers to stay off the network.”


Followed by…


http://my.simmons.edu/services/technology/archives/2006/02/mac_users_shut.shtml


“Whether you are using a Simmons Macintosh, or your own Macintosh computer, please stop using your computer, and shut it down immediately.


There is a virus spreading throughout the Internet and the Simmons network. It appears to affect the Microsoft Office suite, but Sophos Antivirus may be misidentifying some files as infected that are not infected. This misidentification further complicates the problem and may result in disabling your computer.”


Then….


http://my.simmons.edu/services/technology/archives/2006/02/mac_users_start.shtml


“Unfortunately, while Sophos Antivirus was malfunctioning, it may have “broken” some of the software on your computer. Once the Sophos update is done, please try to use the software on your computer that you normally use. You may find that one or more applications no longer work. For example, Microsoft Word may tell you that a component of the software is missing and you have to reinstall.”


And this:


http://groups.google.com/group/comp.sys.mac.comm/tree/browse_frm/thread/12ab6933b337173c/3ce08e746b457230?rnum=1&q=sophos+false+positive&_done=%2Fgroup%2Fcomp.sys.mac.comm%2Fbrowse_frm%2Fthread%2F12ab6933b337173c%2F3ce08e746b457230%3Flnk%3Dst%26q%3Dsophos+false+positive%26rnum%3D1%26#doc_3ce08e746b457230


“The results of the false positives are, in some cases, disastrous… Many of our campus computers have lost access to their Microsoft and Adobe products. We’re having trouble reinstalling them because they immediately get re-infected. … Sophos’ AntiVirus software is generating false positives for the “OSX/Inqtana.B worm”, invoking users to delete critical application and system files and causing serious issues…it destroys office 2004… even with a reinstall, office doesn’t work”


Sophos did not just “mistakenly warn” users that some files were infected on computers.


I’m seeing reports that not only was Office 2004 affected, but also Office X and some Adobe products.


By the way, that bit where Sophos says “less than two hours later”.. accordingly to those affected by this problem, it was over four hours…


Comments are closed.

It sure as hell isn’t a legitimate site anymore… please, don’t go there unless you’re using IE7, or a well patched IE6… better still… add www.msnbc.co.uk to your Restricted Sites zone before going anywhere near it (hyperlink neutralised).  I don’t know what may happen if you visit that site unprotected (or the links it advertises) […]

Previous Entry

http://australianit.news.com.au/articles/0,7204,18245495%5E15306%5E%5Enbv%5E,00.html
“GOOGLE infringed copyright by posting thumbnail photos from other websites on its search results pages, a US judge has ruled.”

Next Entry

Archives