Sophos Antivirus Software Flags Self as Threat, Deletes Important Bits
No antivirus software is without quirks and faults. Even so, having the piece of code that’s meant to be protecting your computer from malicious outside forces start going haywire doesn’t exactly build confidence in its ability to actually perform as intended. That’s exactly what the antivirus products of Sophos did yesterday. Specifically, said products decided that they themselves were malware and carried out the rest of their duties.
The story gets better, though. The threat was detected in something called “Shh/Updater-B” and, depending on whether the software was set to deny access to threats or move and delete them, the software then could effectively neuter itself. If the “move and delete” setting was activated, it removed important binaries, so updating wasn’t going to fix things. The products gave themselves a lobotomy, basically.
Sophos, for their part, has acknowledged that this was definitely a false positive reading of their software by their software. False positives do happen, of course. This certainly isn’t the first time antivirus software has mistakenly classified functional code as a problem only to then screw the pooch and delete important files. It is, however, one of the more amusing stories to come out of a false positive reading.
It’s certainly a lesson in understanding the nature of antivirus software. They’re not exactly infallible, and they definitely conform to the “garbage in, garbage out” kind of philosophy. Sometimes, though, they’re more “garbage out” than anything else.