Feeds

back to article McAfee false alert snares innocent JavaScript files

Faulty virus definition updates from McAfee that flagged legitimate JavaScript files as potentially malign caused a headache for some sysadmins earlier this week. The false alarm, which meant benign content was flagged as infected by Exploit-Packed-c-gen, was corrected promptly by a set of revised definition updates from McAfee …

COMMENTS

This topic is closed for new posts.
FAIL

In this case..

In this case the failure is with people who insist on using packer applications for their Javascript and are surprised when an AV application flags it up as being potentially malicious. There's no justification these days for using a packer - it's not as if you can't decode the things if you are really interested, and bandwidth these days will easily cope with unpacked Javascript.

0
0
Joke

Windows Viruses

"Dodgy anti-virus signature updates make for a well known problem with security scanners which affects all vendors from time to time. The problems caused are far worse when Windows system files are affected rather than only general applications."

Isn't windows itself a virus? I remember the days when it was only on computers at work. Now it seems to have spread to the home. Particularly bad is an application called "Internet Explorer". Once installed, it's impossible to remove and even reinstalling the operating system won't help. The problem is so bad, even the European Commission have been called in to help.

Tellingly, Norton don't flag this as a virus. I suspect some secret deal has taken place...

0
0
Alert

Nope

Conrad,

believe it or not some people have to live with really crappy connections so I disagree totally, anyway scanners should not use a packers signature as a detection mechanism.

Often people don't want their executables, javascript or wsh file open to public gaze, therefore they pack it or at least obscure it

In fact even with a decent connection myself I still object to huge web pages, with shit loads of Flash, animations, javascript and their ilk.

Design we had to suffer huge numbers of fonts and rounded boxed when DTP first turned up, and it's worse than ever on web pages.

Nevermind if the site does what it's supposed to do, is there lots of crap flying around on screen ?

0
0
Happy

What a difference

a couple of days nake. One day winning an award, the next screwing systems up.

0
0
Coat

"cut back on our internet access for a few hundred employees"

> "We thought we were under virus attack today [Thursday] and cut back on our internet access for a few hundred employees," our UK-based informant told us."

Did your informant go on to say "... Productivity levels rocketed .... "?

0
0
Thumb Down

Try another AV product

I struggled with McAfee's false positives on several programs I had to use. The programs were automatically placed in quarantine. You could remove them from quarantine, but they were immediately put back. McAfee was totally uninterested in doing anything about it (aside from wasting hours of your time doing useless system scans), so now I'm using Avira. Avira politely asks you what to do, and you can select ignore if you like. Best of all, you can report the false positive to them, and within a day or two the detection is removed. What a difference!

0
0
Silver badge
FAIL

Let me finish that for you

"McAfee is aware that a limited number of customers"...

Is getting more limited every time their updates trash even more computers.

0
0
Joke

@Windows Viruses

Agree, and believe it or not, it now spread even to servers!!

Joke alert - but not only a joke, I mean, WHY Windows on a server (because I guess the most problematic is when this sort of thing happens on a server)?? Compared to *nix, Windows was NOT first designed with networking in mind, so why not just use *nix for servers?

0
0
Coat

Packed Script

My site at http://regionaltraffic.co.uk/ uses packed script, because that's a 57 kB hit compared to 165 kB for the unpacked source. I'll take the time and bandwidth savings over the failings of AV companies any day :)

0
0
Joke

@Windows Viruses

You thought that was bad... It's on my bleeping phone, and the service providers only tell me to quit complaining and go buy a new phone!

0
0
Coffee/keyboard

Terms that should be banned...

... from IT industry press releases, advertising, etc.:

#1: "limited number". As in "... the problem affected a /limited number/ of customers..." - replace "limited" with "finite", that's nearer to the truth...

#2: "up to". As in "... bandwidth of up to 16 Gbit/s..." - suggestion: replace "up to xxx" with "you will never see xxx, but we will bill you for that anyway."

#3: "comitted to". As in, "... we are commited to imporving the security of our products...". Suggestion: Replace "committed to xxx" with "we couldn't care less about xxx, but what you're gonna do about it, big boy?"

Any more suggestions? Feel free to post...

0
0
Thumb Down

At least they are fixing the issues asap.

I still do not like their site advisor which can't tell the difference between an intranet site and the internet.

My company uses internal web apps and when they click on the company internal homepage to run their app then the SiteAdvisor hangs supposedly trying to submit an internal link as a internet link to check it out and then the browser crashes.

Pretty bad that they haven't fixed that yet...

0
0
This topic is closed for new posts.