Microsoft's Antivirus Briefly Flags Google.com As Malicious

tsu doh nimh writes "Computers running Microsoft's antivirus and security software may be flagging google.com — the world's most-visited Web site — as malicious, apparently due to a faulty Valentine's Day security update shipped by Microsoft. For several hours on Tuesday, PC users browsing with Internet Explorer on a machine equipped with Microsoft Security Essentials or Forefront saw warnings that Google.com was serving up a 'severe' threat – Exploit:JS/Blacole.BW — basically that google.com was supposedly infected with a Blackhole exploit kit. The warning prompted users to 'delete' the threat, although accepting the default action appeared to cause no ill result. The episode is more embarrassing than harmful, given that Microsoft is expected to ship antivirus technology with the next version of Windows."

And here I thought Windows was the real virus...

[Anonymous Coward]

Isn't the real virus actually windows?

Re:

[Anonymous Coward]

Fan boys really don't know how to spot a joke...

Re:

[Anonymous Coward]

Same as Windows don't know how to spot a threat!

Re:

[Saintwolf]

ZING!

Re:And here I thought Windows was the real virus..

[mr_gorkajuice]

It might have been kinda funny some 5+ years ago when someone first told it. Maybe if I came across it less than once per week, I'd eventually find it kind of amusing again.

Re:

[Anonymous Coward]

5+ years ago? Somebody first told it the day the first windows AV software shipped.

Re:And here I thought Windows was the real virus..

[oakgrove]

I think poking fun at Microsoft Google Apple and the whole lot is for the most part almost always funny. Ever considered removing the giant stick from your ass?

Re:

[Anonymous Coward]

Except that people don't rationally poke fun. They are just corporate cheerleaders for companies they don't work for, compete against, or know anybody who falls into those camps.

Re:

[oakgrove]

Except that people don't rationally poke fun.

Sure they do. It's a fundamental part of the human condition to make fun of things and joke around. Only on the internet when the jest is directed at $SOMEBODIES_FAVORITE_CORPORATION does this reality ever seem to come into contention.

They are just corporate cheerleaders for companies they don't work for, compete against, or know anybody who falls into those camps.

Maybe loosen the tin foil, man.

Re:

[Belial6]

I would say it is more an issue of the current cultural climate that has most people believing that if you couch your very serious statements in the form of a joke it isn't OK for anyone to point out how wrong you are.

Re:And here I thought Windows was the real virus..

[poetmatt]

It's no different than when they "accidentally" (note the word) flagged chrome as a virus before.

Expect these accidents to become more frequent as microsoft panics about google competition.

Apparently this has to happen more than 50 times before people accept that it's not just some magic "mistake".

see http://chrome.blogspot.com/2011/09/problems-with-microsoft-security.html [blogspot.com]

Re:

[Kalriath]

You should loosen your tin foil hat. I think it's constricting blood flow to your brain.

Re:

[poetmatt]

thanks for providing a useful and informative reply. I can clearly see your opinion is very useful, and should be modded somewhere between 0 and -1.

I mean it's not like they're a convicted monopolist more than twice over or anything, right?

They may know...

[Anonymous Coward]

...something the world does not know !

There is nothing incompetence cannot achieve!

[coder111]

Let's just wait until they block microsoft.com due to some related screwup.

Exploit:JS/Idiots.ASS detected

Re:

[VortexCortex]

WARNING
The website you are about to visit, update.microsoft.com , may harm your computer.
Find out more [google.com]
Get me out of here [windows7sins.org]

Proceed to to update.microsoft.com [microsoft.com]

Aww!

[Cyphase]

Dear Google,

          Happy Valentine's Day!

                    Your valentine,
                              Microsoft

Oh my god

[SmallFurryCreature]

I just had an image of Steve Ballmer and Bill Gates going down on Larry Page and Sergey Brin (which by the way, google had to guess at being the right answer for being the founder of google) in a nerd love fest...

My eyes! What has been seen cannot be unseen.

...

...

...

Oh who am I kidding. Fap fap fap fap fap

Re:

[Greyfox]

MMO Quests are like orgasms: You may solo them, I prefer them in a group.

Sounds like you're soloing this one...

Re:

[gnapster]

Do you like me? Check one:

• o - Yes
  o - No

Well, Google did that already to MS..

[Giloo]

Google already flagged MS France as malicious 2 years ago: http://gilouweb.com/bordel/google_truth.png [gilouweb.com] (Ce site risque d'endommager votre ordinateur meaning: this website might harm your computer) So I guess it's only revenge ;)

Re:Well, Google did that already to MS..

[Bogtha]

this website might harm your computer

To be fair, it does host Microsoft software ;)

Re:

[cdrudge]

To be equally fair, so does Google.

Everything's dangerous!

[Anonymous Coward]

Since anti-malware programs largely work by looking for known patterns and fingerprints, and the databases of these patterns and fingerprints keep growing steadily, when will we have reached the point where basically every software ever written will fit one of the patterns? :)

Re:

[wmac1]

The feature space which these software look into is astronomically huge. Pattern classifiers just need to look into small areas of the feature space.

It is similar to saying, with trillions of existing stars, will we reach a time where space is filled with stars?

Skynet

[fast turtle]

when skynet becomes self-aware

God damn speed filter

I'm not a cowboy! Sod off you damn Whore Mongers, the damn speed filter doesn't apply to me as I'm a Fast Turtle for damn good reason,.

Needs sanity checks.

[Dwedit]

Does this mean that all antivirus makers must start doing sanity checks before releasing definition updates to the public? For example, there was once a definition update for an antivirus program that deleted some critical system file in Windows. Running a scan against a set of known clean Windows files and other popular programs should always be done before a release. Same idea for popular websites.

Re:

[cc1984_]

Actually, I'm pretty sure it was McAfee

http://tech.slashdot.org/story/10/04/21/1735211/mcafee-kills-svchostexe-sets-off-reboot-loops-for-win-xp-win-2000 [slashdot.org]

Re:Needs sanity checks.

[Sancho]

You act like this has only happened once. [google.com]

Antivirus has detected system files as viruses since the DOS days.

Re:

[danomac]

Yes, but AVG also shipped a x32 binary in a x64 release, causing computers to crash.

Otherwise their antivirus was better than what we were using, and was a better price.

Dropped them like a hot rock after that happened... it appears they can't even do basic QC.

To be fair

[Reed Solomon]

in Microsoft's eyes, they are the most malicious threat in existence right now.

Re:

[Coisiche]

Indeed.

My first thought on reading the headline was "Well, duh".

Arguable

[Anonymous Coward]

Aren't all search engines technically spyware? Especially in the case of Google where it tailors your results based on previous browsing history (if you've got that option on).

Note: Yeah, MS made a mistake. Go figure. At least they dealt with it within *hours* instead of a greater span of time and it didn't really have much, if any, negative effects other than mild annoyance on the part of the users. Still preferable to them not having any antivirus.

Did not see the behavior on a Win8 VM

[AndGodSed]

Incidentally I was doing a google search from a Win8 VM and did not see this behavior. I _did_ get a notification to update my spyware/malware definitions for Windows Defender as well, so maybe my definitions did not yet include this snafu.

Of course I have updated post Vday, so cannot confirm this behavior now, even with an older snapshot.

Re:

[TheGoodNamesWereGone]

I booted up Win7-64 yesterday so it could run Patch Tuesday and got the Blacole.BW false positive, so I can confirm this.

AV is not really mature yet

[gweihir]

I like MS bashing just as much as the next slashdot-poster, but I think here the blame is minimal. AV software based on signatures has a very high probability of doing things like that and testing all common possibilities is very hard or impossible, while at the same time new signatures need to be pushed fast in order for them to be effective.

That also shows that AV software is, at best, a temporary measure. IMO the future is better OS security (and here MS is to blame), better application security (which is a budgetary and an education/knowledge problem).

Re:AV is not really mature yet

[nzac]

AV software based on signatures has a very high probability of doing things like that and testing all common possibilities is very hard or impossible

No basic automated testing of say the top 500 websites and 100 applications to see if they get a false positive is too hard or time consuming. Say they managed to block some local news site that uses some site that uses shitty java-script with adds is a mistake.

That also shows that AV software is, at best, a temporary measure. IMO the future is better OS security (and here MS is to blame), better application security

No this incident is does not prove anything like this, just that software needs decent quality testing.

Re:

[rtb61]

All this really point too, is corporations are really lax when penalties are not applied for damaging mistakes. It seems whoops tee hee, it's just a boo boo is always enough. I bet the whole system would tighten up if they were charged for the costs generated by each and everyone of their mistakes, just like the real brick and mortar world. Ever since it went digital (supposedly to reduce errors) errors are treated like a lame joke and laughed off.

Warranties, we ain't got no warranties, we don need no wa

Re:

[JasterBobaMereel]

If you trust Microsoft with AV software given their track record then you are asking for trouble ...

AV and security is all about trust, and I for one don't trust MS with security, and looking at all the add-ons to MS products to enhance security nor do many many people

MS should be trying to make AV software obsolete, not trying to write their own ..

Re:

[whoever57]

If you trust Microsoft given their track record then you are asking for trouble ...

FTFY

Re:

[flimflammer]

I disagree. MSE is actually a dependable package as far as free AV software goes, and even compares well to subscription based products. This is nothing new; AV software has been issuing false positives for ridiculous things since signature based AV has existed. This didn't even do any damage. It issued a scary warning and then went away.

As for making AV software obsolete, you should know that it's not possible to just suddenly make AV obsolete. Microsoft is better off trying to contain the potential damage

Re:

[JasterBobaMereel]

Try and Buy anntivirus software for Linux, it is not needed, and mostly scans for Windows Viruses

Note this is antivirus, not firewall, not browser exploits, but actual antivirus ...

If a virus tries to get itself run, and can do so without your permission, then your OS has failed, AV is just a stopgap to plug a hole the OS should not have .

Re:

[Sloppy]

No this incident is does not prove anything like this, just that software needs decent quality testing.

Yeah, yeah, I know. It's merely the 17 billionth confirmation of the overall fundamental failure of the basic idea behind malware signature blacklisting, not proof.

Re:

[nzac]

This is a really bad example for this argument. It is not an example of good, properly tested scanner failing.

Re:

[oakgrove]

Nice apology, dude. From my perspective if Microsoft doesn't have sense enough not to flag the number one web site on the net, why would I want to run their software?

Re:

[gweihir]

I am the last person to defend MS, but the fact of the matter is that all AV software currently used has this problem.

Re:

[garaged]

So, the best thing they can do is create an AV culture, and 15 years later realize that they can profit from it too?

Re:

[gweihir]

Good comment. Sums the overall problem up very well.

Re:

[realityimpaired]

That also shows that AV software is, at best, a temporary measure. IMO the future is better OS security (and here MS is to blame), better application security (which is a budgetary and an education/knowledge problem).

So.... you're suggesting that the iOS method is the way to go?

As long as it's possible for users to run things with administrative privileges, viruses will have a way in through social engineering. And as long as it's possible to install stuff from vendors other than the OS manufacturer, there will be programs which think they need to run as admin, and users who let them. And the only way to get around that problem is to run a completely closed system, where users don't need to install drivers at all, and w

Re:

[gweihir]

No, the "walled garden" is not the solution either (as AC has pointed out in comment #39043337). The only solution I see is software that is very hard to compromise, including on the OS layer. Of course that requires things to slow down and mature. Software like Apache, Linux, Perl, OpenSSH etc. is quite old (in the sense that only incremental development has been done for a long time), quite mature and very, very hard to attack. As long as MS reinvents their OS every few years, they will not get there (bi

You can tell it was a mistake

[Anonymous Coward]

It didn't flag apple.com

Re:

[Anonymous Coward]

Slashdot: Where Anonymous Cowards strut around being smug and hip by blaming the users of Apple products of being smug and hip

I think

[maroberts]

Microsoft simply confused Valentines Day with April Fools Day

Icing on the cake

[high_rolla]

Would have been absolute gold if the message that came up was something along the lines of:

"We're sorry but Google.com has been identified as a threat to Microsoft *cough* *cough*, I mean your computer. We suggest you fix this by going to Bing.com. Would you like us to make Bing your homepage and redirect all future request for Google to Bing instead?"
[Yes] [OK]

Delete the threat

[inpher]

So, did anyone manage to delete the threat? Google.com is still running.

Meh, I guess nobody really reads the warning dialogues anymore.

These things can happen

[MrManny]

To be honest, I don't think this is really *that* big of a deal. This can happen. Worse has happened, not only at Microsoft but by other AV products as well. I recall Avast crying out loud over Steam less than a month ago, moving its service into containment. And if I recall correctly, Avast even flagged notepad.exe as a virus once. I specifically mention Avast, because a.) I use it, and b.) it actually scored rather well last time I bothered to look it up in comparative studies.

As long as there are probabilities involved, false positives and false negatives are bound to happen. When it comes to AV, I don't mind if it errs on the side of caution as long as it doesn't happen too often.

Mod me down or call me fanboy as much as you want, but I really don't consider this too problematic, regardless of Microsoft being the "aggressor" here.

Re:

[Tr3vin]

I'm a huge Android / Google fanboy and I have no problem with what happened. There are going to be false positives and Microsoft resolved the situation. While it is embarrassing for Microsoft, I highly doubt it was done on purpose. Google changes their home page all of the time and there was an update for Valentine's Day, so it is something that Microsoft may not have been able to catch.

Re:

[Locutus]

but wasn't this a signature update which included a flag targeting the number one search engine used? Even if it were some automated system which somehow generated a diagnostic which flagged google.com, wouldn't you think Microsoft would run tests on this stuff before shipping it out? I think they have the resources and the money to do this.

they have done this type of thing before and landed in court a few times over it but it cost them little compared to what they gained. As they well know, claiming it's

Re:

[Kalriath]

Um, no? Can you even begin to imagine the amount of resources they'd need to test every popular website on earth with their antivirus? And then there's the expectation that if they have to test every popular website, the first time it mistakenly flags an unpopular one someone will sue because their site wasn't tested.

I mean, fuck... other antiviruses have flagged parts of the goddamned operating system as malware without being caught in testing, and you expect then (and only them, no doubt) to make sure t

Re:

[Locutus]

I forgot, google.com is just another web site. my mistake.

LoB

MS Malicious, that bitch ....

[OldHawk777]

Most of the /. "Open" community has danced with MS Malicious at one time or another over the past 20 years. US, EU, RU ... Faux-capitalism, if you can't compete any "WhoopsFU" that may help the profit line is legally fine.

Capitalism=Meritocracy+Value: If the best cannot compete, enter the market, and/or is fettered by sector/product protectionist law, plus increases in profits, benefits, pay-packs ... are not attributable to value added, then the national economy is Faux/Pseudo-Capitalism based and must e

"PC users browsing with Internet Explorer"

[Anonymous Coward]

Nice to know nobody was effected.

Re:

[Locutus]

even with the declining market share, there are enough IE users to give BING a nice bump. It's probably time for some nice "independent" research to come out showing how MS BING is gaining market share and this bump will help that study perfectly.

LoB

Interesting beacuse yesterday ...

[amcdiarmid]

I was checking the Site to Zone Assignment feature of group policy. I found this posting ( http://www.grouppolicy.biz/2010/03/how-to-use-group-policy-to-configure-internet-explorer-security-zone-sites/ [grouppolicy.biz] ) where the example was to put google.com (and everything in it) to be the "restricted sites zone."

Re:

[Locutus]

most anyone who bases their profession on only Microsoft software will tote this kind of line. Microsoft targets companies and lets their fans know who are the enemy so you see tutorials like this where the enemy is trashed while Microsoft's software is advanced. Self preservation by those following Microsoft and basing their livelihood on them. Microsoft loves this and designs their partner and developer programs to promote these things.

It is also why these kinds of "bugs" tend to be looked at as intentio

I'm just glad it didn't lead to further problems

[sarbonn]

This happened to me last night when I was playing a game. I used google to look up something, and that warning came up. So I had them "remove" it. I was concerned because it didn't really give me a lot of information, but when you're left with the choice of removing a virus/trojan and just leaving it there, you're generally going to go for removing it. Reading about it today, I now realize what happened last night. This reminds me of years ago when I was installing some update to Microsoft Internet Explorer

Google is a black hole though, isn't it?

[ToiletBomber]

Microsoft Security Essentials recognized that Google was sucking up all of Bing's patrons like a Blackhole, and sought to remove the threat once and for all by having users 'delete' Google en masse!

Overdue gambit

[paiute]

I am surprised that Microsoft didn't rejigger IE to just block Google altogether about the time Bing was being first promoted. By the time the lawyers got done beating each other to a bloody pulp - even if Google managed a legal victory - there would be millions of users who would have used Bing as the only alternative because they didn't know about the existence of any other browsers than the IE on their Windows desktop.

Re:

[Greyfox]

Ooh and they could remove "Firefox" search results from bing! That would be brutal!

Nice

[pr0fessor]

Valentine's day is just a little to convenient. I wander if there are a couple of developers from both companies chuckling at each other. I know I have pulled pranks on friends and co-workers before. {I would not however want to answer to the boss when my prank hit the news}

SOP for competing products

[Locutus]

they took out AOL's TCP/IP stack years ago too and low and behold it happened right around the time Microsoft was getting MSN going. The default action for users clicking their AOL links and finding the dialer stopped working was to use the MSN dialer and bring MSN in. It took a court case to get them fix it and that fix was claimed to take months. It was a bug. Right, because they didn't bother to test against the most used TCP/IP stack out there. Google's a target now so stuff like this is just fun for Mi

Tough Love

[Predatory QQmber]

Heh, it's just how Ballmer expresses his repressed admiration. Akin to throwing chairs as a sigh of respect.

Is it really that embarrassing?

[flimflammer]

Embarrassing I guess, but really? This sort of mistake happens with every single anti-virus on the market. Some will even flag and delete core system files causing the installation of the OS to get crippled. I'd say that's embarrassing. It happens. It always will happen. It's not like this is some new slip up that only Microsoft could cause.

Re:

[flyneye]

But when you got it you forgot to mention the irony of their already having shipped useless firewall bloatware which takes up space and no one uses. Microsoft; all your harddrive are belong to us.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[flyneye]

Wow, you're quite an advocate.

Unfortunately, my experience with MS and their range of products supersedes your sincere hyperbole.
Even without the list of aches and pains, having a firewall at the workstation,rather than the gateway is like putting mud and snow tires on roller skates.

But don't feel bad, I think ads are a bunch of crap too.

Nicely written.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:first!

[WrongSizeGlass]

And stranger than that, you are not bonch and your post isn't a criticism of Google claiming that they deserve it and Microsoft is right to label them as malicious. What are the odds!

Perhaps Microsoft was right about the Google homepage on the 14th:
- MS Security Essentials is written by programmers/nerds.
- On the 14th, Google had an animated "Valentine's Day" logo.
- The animated logo was an animated female. Innocent and harmless, but female none the less.
- As usual, nerds (or in this case MS Security Essentials, the product of nerds) had no idea how to react to a female.
- When MS Security Essentials determined that the animated female was holding a valentine it panicked.
- MS Security Essentials protected Windows from Google's trojan horse valentine (metaphorically, of course).

Re:

[LifesABeach]

I'm still working on the part where a group of convicted Liars, and Thieves [wikipedia.org] are still allowed to do business. But then again, I'm amazed that Criminal Law is second to Torts.

Re:

[HideyoshiJP]

If criminals and thieves weren't allowed to do business, what would happen to all the multinational corporations?

Re:

[Mister Whirly]

Because they settled the case. When the Appeals Court and the Department of Justice decide it is okay for Microsoft to do business, it is ok for Microsoft to do business. I guess Microsoft is basing it's practices on the law, and not your opinion. But you can read all about it in the link you posted.

Re:

[LifesABeach]

There are many laws. Torts, in this case, are not a pastry. And the way that law enforcement is handling their litigation is not cute. When business comes before people, someone has been bribed.

Re:

[Anonymous Coward]

Microsoft wasn't convicted. The case was settled with a consent decree.

So legally, no wrongdoing was found. Microsoft essentially agreed to let the government watchdog them for a few years in exchange for the charges going away.

Re:

[LifesABeach]

Dear AC, no one pays a fine and allows themselves to be "watched" when they've done nothing wrong, Period.

Re:

[Kalriath]

Greece is paying through the nose and allowing themselves to be watched, so I would disagree with that.

Re:

[LifesABeach]

Dear AC, so what is the minimum threshold for a business to not be criminally prosecuted for Fraud? Ignoring criminal activities is in itself, criminal; especially by Wards of the Court.