back to article Sophos says sorry over Google Analytics false alarm

Sophos has apologised after its security screening technology went awry and began falsely warning users when they visited websites running Google Analytics. The false positive - which identified web content served up from as malicious code (specifically HTMLGen-A) - kicked in at around 05:15 GMT and …


This topic is closed for new posts.
  1. Tony Green

    Potentially malign?

    I'd say Google Analytics IS malign. Too many times I'm sitting waiting for a page to load and I see Firefox telling me it's waiting for Google Analytics.

    Funnily enough, since I put dummy addresses for their servers in my /etc/hosts file, an awful lot of pages load faster...

    1. launcap Silver badge

      re: Potentially malign?

      NoScript & adblock are your friends. I have GA blocked on all my computers and (as you say) things load a hell of a lot faster. Especially if you block facebook and Twitter URLs as well.

      Social media? As Worzel Gummidge would say: Garn.

    2. TeeCee Gold badge

      @Tony Green

      Beat me to it. That's stretching the term "false positive" a long way and I reckon "accidently telling the truth" is a more accurate description of this behaviour.

  2. The Beer Monster

    An hour? From 5:15?

    We were seeing that from 7:30 until around 11, despite the servers here checking for updates every 15 minutes.

    In Sophos' defence we were aware that it was a false positive and that an auto update would fix it.

  3. Adze

    Still... better safe than...

    Sony... err... or sorry.

  4. Harry
    Thumb Up

    "falsely warning users"

    There's nothing "false" about warning users that web sites which use third party spyware *are* potentially malign.

    Google does no evil, so it claims -- but nobody including Google will ever be able to *prove* it.

    If a webmaster needs to analyse its traffic, it should be doing so using its own server logs and not implanting third party spyware.

  5. Anteaus

    Could be worse...

    NIS automatically deletes any download its database hasn't encountered before, whether malware or not. In doing so it claims that the file was 'suspect by reputation' -Which would seem to be dangerously close to grounds for a libel action. Or, possibly a USA class action by affeced coders. Now, that could be majorly expensive. I'm surprised Symantec haven't considered that risk.

    McAfee Site Advisor allows members of the public to rate websites as benign or malicious, and is robot-friendly, judging by the many thousands of identical troll postings. Again, allowing trolls to use your system to defame websites in-bulk could be very costly, in a legislative sense.

    Eset recently gave a false positive on one of our downloads. This caused it to automatically delete a security utility, leaving the computer in a state where no new software could be installed. Uncertain how many users were affected but it certainly damaged our reputation as coders, and though no fault of ours.

    Basically the whole anti-malware business is in chaos. Key problem is the desire to cover all eventualities, while at the same time to present a 'dumbed-down' interface which makes all decisions without asking the user's OK. Now, the software is bound to get it wrong sometimes, but it's when the human is taken out of the loop that the daft decisions really cause damage.

    As for Google Analytics, if the site loads third party content or stores a third-party cookie there are at least grounds for suspicion of unethical actions.

  6. Leeroy Silver badge

    Affect Effect Infect ?

    Quote "Sophos rapidly pushed out an update, which ought to apply itself automatically but may take time to propagate around all infected systems."

    I think it is a bit harsh to say that the affected systems were infected especially when the effect was to speed up the systems in some cases :)

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019