Users of Google's Chrome browser are in an uproar after antivirus software from Microsoft classified it as virulent piece of malware that should be deleted immediately. On Friday, a faulty signature update for both Microsoft Security Essentials and Microsoft Forefront incorrectly detected the Chrome executable file for Windows …
An accident just waiting to happen, just happened.
Every time someone pushes the button to rollout an update, they have to pray that it'll only take out intended targets - killing Chrome is a huge FU.
Don't they have an in-house representative test bed of a selection of typical user setups before going wild?
"Chrome users that do not send usage statistics to Google are unaffected"
Admittedly, such an in-house test bed would probably not be sending usage statistics to Google, so how could they have known the scale of the impact?
I feel sorry for the affected users and whoever's ass is going to get kicked to Mars for this...
"An accident just waiting to happen, just happened."
It hasn't been waiting, it's happened several times already. AV updates have hammered legit software more than once in the past. And the fact that it's happened before in a way makes it even worse each time it happens.
But this should be a lesson to everybody to set their AV software the prompt for an action for every positive. And for every IT department to test updates before they roll out.
Anti-virus programs should classify IE as malware, lol
And not a browser that sends everything to Google?
Chrome **IS** a malware. Every AV should detect and obliterate it.
Even Android phones are a piece of malware, as friends of mine who have it have sent Google all my contact data (phone numbers, addresses, email address, date of birth, etc. etc.) without asking **MY** permission.
Then that's your friends fault for not reading the ToS and agreeing to them blindly. Not Google.
Hmm, a continuation of chrome bashing?
Microsoft were bashing Chrome continually through their Build conference, are they getting serious now?
How could Microsoft possibly bash Chrome? They have created the absolute worst browsers ever thrown together in the known universe!
Oh, they're still looking for a clue.
OK, here's one. Write your operating systems in a way that doesn't need AV software.
Write your operating systems in a way that doesn't need AV software.
presumably you mean by having a tiny install base that's not worth targetting...
Sounds good to me. After all, Vista came close.
Writing an operating that takes seriously ownership of files and user privilege.
Its only been around since 1970 or so after all.
I don't think anyone is looking forward to go back to the DOS era, even though it knew no virusses.
Its impossible to prevent virusses on the OS level these days. At the very least a trojan horse can wreck havoc on your own data.
Get back in your pram
"I don't think anyone is looking forward to go back to the DOS era, even though it knew no virusses."
Presumably you weren't around for Brain, Stoned, Vienna, Jerusalem ...
Tiny user base
// presumably you mean by having a tiny install base that's not worth targetting...
Exactly, if instead of one huge target we had a number of smaller ones, then these problems would all be far less serious... Why do you think browser exploits are less common now that no browser commands 90% marketshare, and the most common attacks now target software which still has a huge market share.
Tiny user base remains tiny.
>>Exactly, if instead of one huge target we had a number of smaller ones, then these problems would all be far less serious... <<
Incompatible hardware. Incompatible software. More tightly bound together than OSX and the Mac are now.
There are no economies of scale.
Prices remain high, market penetration remains low. The introductory price of the C-64 was $1326, adjusted for inflation.
Companies enter and exit the business at a bewildering pace, leaving you high and dry. You had a computer.
Now you own a souvenir paperweight.
Can you be specific?
What about the NT security model: Users, Groups, ACLs, process isolation is actually worse the Unix?
Same as it ever was, though MS keep changing its name:
Yes because its way over-complicated so the chances of getting it configured properly are lower. Also Windows is installed with settings that are by default insecure. So you have a ton of work ahead of you even if you understand all that stuff.
The whole Windows model is fundamentally insecure, partly as a result of Microsoft software architects getting away with making stupid design decisions, and partly because windows was originally never meant to be an OS itself, let alone a professional multi-user environment. Consequently it still has many stupid legacy issues in its design.
Such as, mechanisms like the registry and the fact that when you install apps they can and usually do put stuff into the Win32 directory, No 'proper' OS would have a model where just installing user applications extends the Operating System itself.
>> Its impossible to prevent virusses on the OS level these days.
You're very wrong. Especially if you're talking about virusses that get in through the browser.
Windows especially sucks at security. Consider running a browser in a sandbox under an OS that properly implements permissions like Linux. . Even the most virulent website wouldn't have a hope of being able to infect your OS.
Does anyone remember when McAffee
...flagged svchost.exe in XP SP3 as a virus?
Not sure how, but somehow I managed to miss out on this one :)
But that's McAfee..
Which, as far as I can tell, only exists to establish the bottom of the barrel in terms of anti-virus software.
Completely awful and useless. Worse than no anti-virus software at all.
Or when PC Tools Spyware Doctor generated lots of BSOD's,
OR when AVG left you in a continual reboot cycle.
Shit happens, but nothing decent backup process would fix in minutes.
Ok, OK, and um,.. no.
Don't recall the first two, but I wouldn't be surprised by them. But when an AV signature kills a couple of hundred programs in an office, even a decent backup process won't fix it in minutes. The McAfee one was particularly bad. Most systems we were able to repair, but a few of them wouldn't let us get in even as a local admin. No local admin, no backup.
Yeah, I have to support McAfee, but not by my choice.
Wait for it... Oh no, we won't have to
Let commence the conspiracy theories regarding deliberate mis-classification.
But it's true!
Chrome IS a virus!
Just as Planned!
Also, WHO are these "long-time chrome users"??
A Mistake My Arse
No, I don't mean my arse is a mistake I mean
Ohhh you bloody well know what I mean :oD
Simple mistake to make!!!
"Users of Google's Chrome browser are in an uproar..............
..............after antivirus software from Microsoft classified it as virulent piece of malware that should be deleted immediately."
Yes, and your problem is?
You ain't kidding.
The fact that apparently only users who send usage stats back to Google should give these people a clue. Chrome behaves in some respects like a trojan. It just happens to be that the users have asked it to behave like that.
I've been warned before that certain software is exhibiting behaviour like a particular trojan. Could it be that MS are too keen to shoot first and ask questions later.
"Chrome behaves in some respects like a trojan. It just happens to be that the users have asked it to behave like that."
A trojan is by definition software that does things that users have specifically NOT asked it to do.
Chrome behaves in some respects like _spyware_.
"...by definition software that does things that users have specifically NOT asked it to do.."
E.g., the perpetual popups reminding me of something I've known about for fuc*king years???
Who doesn't backup their bookmarks?
"Chrome's beta version is unaffected, making it a suitable substitute until Microsoft can correct the error."
What was the error, deleting Chrome or not deleting the beta version?
I thought that Chrome's bookmarks were synchronised to Google Docs anyway, so a user could just visit there to find them.
Warning: Visiting this site may harm your computer!
Microsoft.com certainly harmed mine.
Well not mine...
I never go there.
"Chrome's beta version is unaffected, making it a suitable substitute until Microsoft can correct the error"
Until you try and go back on release ver and it tells you your profile has been upgraded beyond that version.
As for the false poz, it happens, but the clients were configured to quarantine (and thus able to restore after new defs downloaded) not delete... right?
Yes, Microsoft is an evil company, but I'd bet this time (as with most of their actions) it was their stupidity and not their malice what got them into trouble.
@A. Coatsworth - I would vote for both
Knowing the long and well documented history of Microsoft.
The irony of the line “Chrome users that do not send usage statistics to Google are unaffected.” is not lost on me.
Bit of a snafu tho hey, think what would happen if the corporates actually started doing this kind a on purpose....
Opera is too quirky for most people...
...who are not a bit quirky themselves. I am quirky myself and tried opera several times over the years but simply could not live with it, although I can understand why some people do like it, especially with very fine grained control over individual site security etc.
Since firefox changed to the awful 4+ i have bizarrely started to use IE9. I have not used IE of my own free volition ever, I even preferred Netscape when there were only the 2 choices, but now IE9 is very safe if on limited rights account and MS are doing a much better job that Google and others at identifying and blocking malicious sites.
I recently carried out my own tests and the MS solution was surpisingly effective, and together with the blocking from Malwarebytes Pro it has stopped almost all of the really nasty things that I threw at it, and the rest was stopped by PrivateFirewall HIPS. MS Essentials is also there to check only downloads and incoming files onto the system as an extra condom, just in case.
Back to the point, MS are doing a much better job these days,apart from the very rare false-positive mentioned here, and in some cases are better than the competition, strange as it seems to me, but my own tests have proven it. Professional tests have shown that MS actually have one of the most impressive fals-positive rseults of any AV, but Google definitely behaves like a trojan and so they deserve it.
NO! Don't give MS more ideas on what to trash next!
I do use Opera at home, not configured the remote bookmarks which I think I will do when I return home then if it does occur reinstall login and download.
I was pretty sure Chrome and Firefox had this feature as well if linked to a Google/Mozilla account? Probably looks like a much more useful feature today.
There are actually 3000+ people in this world who are using both Microsoft Security Essentials anti-virus software and a non-Microsoft browser? Wouldn't users of a non-Microsoft browser tend to use one of the many other free anti-virus products that aren't from Microsoft? Avast? AVG?
lots more, actually
It may come as a shock to some, but there are people in the world who evaluate products on the basis of usefulness rather than which company released them. Accordingly, large numbers of people use MSE and its corporate cousin for antivirus while also using non-MS web browsers (around here, usually Firefox, with a few Opera holdouts and one or two Safari nuts. No Chrome users to my knowledge, though, and if there are any, they undoubtedly will have turned that Trojan-like 'report to the Chocolate Factory' setting off.)
What I find interesting is that persons allegedly working in IT who haven't figured out how to set the automatic actions in MSE. (Hint: it's really difficult, as it involves going to the 'Settings' screen and unchecking a checkbox, actions which should require at least a MCSE.)
MSE is the best of the free AV packages available for Windows at the moment. The 'best' browser, OTOH, is mostly down to personal use case.
MSE and non-MS browsers.
Both Avast and AVG, and most of the other free antivirus products, are tending towards graphics-heavy interfaces with lots of "pay for our full version" popups.
Many users of Chrome and Opera use those browsers because the minimal *ahem* chrome that gets in the way. MSE is the free AV equivalent to that, at least for now.
Ah for the good-old days, and F-PROT for DOS...
Nowadays it is my standard configuration for third parties: I am an Opera fan but I install Chrome, and while using Avast (at home only :), I go for Microsoft Security Essentials to avoid the yearly reregistration.
Totally agree: MSE is the best free AV now. No annoying messages to upgrade and a simple, clean interface.
Chrome is a virus.
it installs the browser binary in your appdata.. (which isn't for executable binaries but from application data... duh) to bypass the security of windows, so it doesn't need elevation to install loads of spyware on unexpecting victims from its browser.
it shows every behavior a virus has.. So I don't see why a virus checker should get a slap on the wrist for detecting it as such.