Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Bug Google Microsoft Security IT

Microsoft's Antivirus Briefly Flags Google.com As Malicious 123

tsu doh nimh writes "Computers running Microsoft's antivirus and security software may be flagging google.com — the world's most-visited Web site — as malicious, apparently due to a faulty Valentine's Day security update shipped by Microsoft. For several hours on Tuesday, PC users browsing with Internet Explorer on a machine equipped with Microsoft Security Essentials or Forefront saw warnings that Google.com was serving up a 'severe' threat – Exploit:JS/Blacole.BW — basically that google.com was supposedly infected with a Blackhole exploit kit. The warning prompted users to 'delete' the threat, although accepting the default action appeared to cause no ill result. The episode is more embarrassing than harmful, given that Microsoft is expected to ship antivirus technology with the next version of Windows."
This discussion has been archived. No new comments can be posted.

Microsoft's Antivirus Briefly Flags Google.com As Malicious

Comments Filter:
  • by Anonymous Coward on Wednesday February 15, 2012 @04:47AM (#39042307)

    Isn't the real virus actually windows?

  • by Anonymous Coward on Wednesday February 15, 2012 @04:51AM (#39042327)

    ...something the world does not know !

  • Aww! (Score:5, Funny)

    by Cyphase ( 907627 ) on Wednesday February 15, 2012 @04:55AM (#39042333) Homepage

    Dear Google,

              Happy Valentine's Day!

                        Your valentine,

  • by Giloo ( 1008735 ) on Wednesday February 15, 2012 @04:57AM (#39042341) Homepage Journal
    Google already flagged MS France as malicious 2 years ago: http://gilouweb.com/bordel/google_truth.png [gilouweb.com] (Ce site risque d'endommager votre ordinateur meaning: this website might harm your computer) So I guess it's only revenge ;)
  • by Anonymous Coward

    Since anti-malware programs largely work by looking for known patterns and fingerprints, and the databases of these patterns and fingerprints keep growing steadily, when will we have reached the point where basically every software ever written will fit one of the patterns? :)

    • by wmac1 ( 2478314 )
      The feature space which these software look into is astronomically huge. Pattern classifiers just need to look into small areas of the feature space.

      It is similar to saying, with trillions of existing stars, will we reach a time where space is filled with stars?
    • when skynet becomes self-aware

      God damn speed filter

      I'm not a cowboy! Sod off you damn Whore Mongers, the damn speed filter doesn't apply to me as I'm a Fast Turtle for damn good reason,.

  • by Dwedit ( 232252 ) on Wednesday February 15, 2012 @05:06AM (#39042369) Homepage

    Does this mean that all antivirus makers must start doing sanity checks before releasing definition updates to the public? For example, there was once a definition update for an antivirus program that deleted some critical system file in Windows. Running a scan against a set of known clean Windows files and other popular programs should always be done before a release. Same idea for popular websites.

  • To be fair (Score:5, Funny)

    by Reed Solomon ( 897367 ) on Wednesday February 15, 2012 @05:07AM (#39042371) Homepage

    in Microsoft's eyes, they are the most malicious threat in existence right now.

  • by Anonymous Coward

    Aren't all search engines technically spyware? Especially in the case of Google where it tailors your results based on previous browsing history (if you've got that option on).

    Note: Yeah, MS made a mistake. Go figure. At least they dealt with it within *hours* instead of a greater span of time and it didn't really have much, if any, negative effects other than mild annoyance on the part of the users. Still preferable to them not having any antivirus.

  • by AndGodSed ( 968378 ) on Wednesday February 15, 2012 @05:14AM (#39042389) Homepage Journal

    Incidentally I was doing a google search from a Win8 VM and did not see this behavior. I _did_ get a notification to update my spyware/malware definitions for Windows Defender as well, so maybe my definitions did not yet include this snafu.

    Of course I have updated post Vday, so cannot confirm this behavior now, even with an older snapshot.

  • by gweihir ( 88907 ) on Wednesday February 15, 2012 @05:26AM (#39042437)

    I like MS bashing just as much as the next slashdot-poster, but I think here the blame is minimal. AV software based on signatures has a very high probability of doing things like that and testing all common possibilities is very hard or impossible, while at the same time new signatures need to be pushed fast in order for them to be effective.

    That also shows that AV software is, at best, a temporary measure. IMO the future is better OS security (and here MS is to blame), better application security (which is a budgetary and an education/knowledge problem).

    • by nzac ( 1822298 ) on Wednesday February 15, 2012 @06:22AM (#39042605)

      AV software based on signatures has a very high probability of doing things like that and testing all common possibilities is very hard or impossible

      No basic automated testing of say the top 500 websites and 100 applications to see if they get a false positive is too hard or time consuming. Say they managed to block some local news site that uses some site that uses shitty java-script with adds is a mistake.

      That also shows that AV software is, at best, a temporary measure. IMO the future is better OS security (and here MS is to blame), better application security

      No this incident is does not prove anything like this, just that software needs decent quality testing.

      • by rtb61 ( 674572 )

        All this really point too, is corporations are really lax when penalties are not applied for damaging mistakes. It seems whoops tee hee, it's just a boo boo is always enough. I bet the whole system would tighten up if they were charged for the costs generated by each and everyone of their mistakes, just like the real brick and mortar world. Ever since it went digital (supposedly to reduce errors) errors are treated like a lame joke and laughed off.

        Warranties, we ain't got no warranties, we don need no wa

      • If you trust Microsoft with AV software given their track record then you are asking for trouble ...

        AV and security is all about trust, and I for one don't trust MS with security, and looking at all the add-ons to MS products to enhance security nor do many many people

        MS should be trying to make AV software obsolete, not trying to write their own ..

        • If you trust Microsoft given their track record then you are asking for trouble ...


        • I disagree. MSE is actually a dependable package as far as free AV software goes, and even compares well to subscription based products. This is nothing new; AV software has been issuing false positives for ridiculous things since signature based AV has existed. This didn't even do any damage. It issued a scary warning and then went away.

          As for making AV software obsolete, you should know that it's not possible to just suddenly make AV obsolete. Microsoft is better off trying to contain the potential damage

          • Try and Buy anntivirus software for Linux, it is not needed, and mostly scans for Windows Viruses

            Note this is antivirus, not firewall, not browser exploits, but actual antivirus ...

            If a virus tries to get itself run, and can do so without your permission, then your OS has failed, AV is just a stopgap to plug a hole the OS should not have .

      • by Sloppy ( 14984 )

        No this incident is does not prove anything like this, just that software needs decent quality testing.

        Yeah, yeah, I know. It's merely the 17 billionth confirmation of the overall fundamental failure of the basic idea behind malware signature blacklisting, not proof.

        • by nzac ( 1822298 )

          This is a really bad example for this argument. It is not an example of good, properly tested scanner failing.

    • Nice apology, dude. From my perspective if Microsoft doesn't have sense enough not to flag the number one web site on the net, why would I want to run their software?
      • by gweihir ( 88907 )

        I am the last person to defend MS, but the fact of the matter is that all AV software currently used has this problem.

    • That also shows that AV software is, at best, a temporary measure. IMO the future is better OS security (and here MS is to blame), better application security (which is a budgetary and an education/knowledge problem).

      So.... you're suggesting that the iOS method is the way to go?

      As long as it's possible for users to run things with administrative privileges, viruses will have a way in through social engineering. And as long as it's possible to install stuff from vendors other than the OS manufacturer, there will be programs which think they need to run as admin, and users who let them. And the only way to get around that problem is to run a completely closed system, where users don't need to install drivers at all, and w

      • by gweihir ( 88907 )

        No, the "walled garden" is not the solution either (as AC has pointed out in comment #39043337). The only solution I see is software that is very hard to compromise, including on the OS layer. Of course that requires things to slow down and mature. Software like Apache, Linux, Perl, OpenSSH etc. is quite old (in the sense that only incremental development has been done for a long time), quite mature and very, very hard to attack. As long as MS reinvents their OS every few years, they will not get there (bi

  • by Anonymous Coward

    It didn't flag apple.com

    • Re: (Score:2, Funny)

      by Anonymous Coward

      Slashdot: Where Anonymous Cowards strut around being smug and hip by blaming the users of Apple products of being smug and hip

  • I think (Score:3, Funny)

    by maroberts ( 15852 ) on Wednesday February 15, 2012 @05:52AM (#39042525) Homepage Journal

    Microsoft simply confused Valentines Day with April Fools Day

  • by high_rolla ( 1068540 ) on Wednesday February 15, 2012 @06:10AM (#39042565) Homepage

    Would have been absolute gold if the message that came up was something along the lines of:

    "We're sorry but Google.com has been identified as a threat to Microsoft *cough* *cough*, I mean your computer. We suggest you fix this by going to Bing.com. Would you like us to make Bing your homepage and redirect all future request for Google to Bing instead?"
    [Yes] [OK]

  • by inpher ( 1788434 ) on Wednesday February 15, 2012 @06:32AM (#39042651)
    So, did anyone manage to delete the threat? Google.com is still running.

    Meh, I guess nobody really reads the warning dialogues anymore.
  • by MrManny ( 1026106 ) on Wednesday February 15, 2012 @07:22AM (#39042851)

    To be honest, I don't think this is really *that* big of a deal. This can happen. Worse has happened, not only at Microsoft but by other AV products as well. I recall Avast crying out loud over Steam less than a month ago, moving its service into containment. And if I recall correctly, Avast even flagged notepad.exe as a virus once. I specifically mention Avast, because a.) I use it, and b.) it actually scored rather well last time I bothered to look it up in comparative studies.

    As long as there are probabilities involved, false positives and false negatives are bound to happen. When it comes to AV, I don't mind if it errs on the side of caution as long as it doesn't happen too often.

    Mod me down or call me fanboy as much as you want, but I really don't consider this too problematic, regardless of Microsoft being the "aggressor" here.

    • by Tr3vin ( 1220548 )
      I'm a huge Android / Google fanboy and I have no problem with what happened. There are going to be false positives and Microsoft resolved the situation. While it is embarrassing for Microsoft, I highly doubt it was done on purpose. Google changes their home page all of the time and there was an update for Valentine's Day, so it is something that Microsoft may not have been able to catch.
    • by Locutus ( 9039 )
      but wasn't this a signature update which included a flag targeting the number one search engine used? Even if it were some automated system which somehow generated a diagnostic which flagged google.com, wouldn't you think Microsoft would run tests on this stuff before shipping it out? I think they have the resources and the money to do this.

      they have done this type of thing before and landed in court a few times over it but it cost them little compared to what they gained. As they well know, claiming it's
      • Um, no? Can you even begin to imagine the amount of resources they'd need to test every popular website on earth with their antivirus? And then there's the expectation that if they have to test every popular website, the first time it mistakenly flags an unpopular one someone will sue because their site wasn't tested.

        I mean, fuck... other antiviruses have flagged parts of the goddamned operating system as malware without being caught in testing, and you expect then (and only them, no doubt) to make sure t

  • Most of the /. "Open" community has danced with MS Malicious at one time or another over the past 20 years. US, EU, RU ... Faux-capitalism, if you can't compete any "WhoopsFU" that may help the profit line is legally fine.

    Capitalism=Meritocracy+Value: If the best cannot compete, enter the market, and/or is fettered by sector/product protectionist law, plus increases in profits, benefits, pay-packs ... are not attributable to value added, then the national economy is Faux/Pseudo-Capitalism based and must e

  • by Anonymous Coward

    Nice to know nobody was effected.

    • by Locutus ( 9039 )
      even with the declining market share, there are enough IE users to give BING a nice bump. It's probably time for some nice "independent" research to come out showing how MS BING is gaining market share and this bump will help that study perfectly.

  • I was checking the Site to Zone Assignment feature of group policy. I found this posting ( http://www.grouppolicy.biz/2010/03/how-to-use-group-policy-to-configure-internet-explorer-security-zone-sites/ [grouppolicy.biz] ) where the example was to put google.com (and everything in it) to be the "restricted sites zone."
    • by Locutus ( 9039 )
      most anyone who bases their profession on only Microsoft software will tote this kind of line. Microsoft targets companies and lets their fans know who are the enemy so you see tutorials like this where the enemy is trashed while Microsoft's software is advanced. Self preservation by those following Microsoft and basing their livelihood on them. Microsoft loves this and designs their partner and developer programs to promote these things.

      It is also why these kinds of "bugs" tend to be looked at as intentio
  • This happened to me last night when I was playing a game. I used google to look up something, and that warning came up. So I had them "remove" it. I was concerned because it didn't really give me a lot of information, but when you're left with the choice of removing a virus/trojan and just leaving it there, you're generally going to go for removing it. Reading about it today, I now realize what happened last night. This reminds me of years ago when I was installing some update to Microsoft Internet Explorer
  • Microsoft Security Essentials recognized that Google was sucking up all of Bing's patrons like a Blackhole, and sought to remove the threat once and for all by having users 'delete' Google en masse!
  • I am surprised that Microsoft didn't rejigger IE to just block Google altogether about the time Bing was being first promoted. By the time the lawyers got done beating each other to a bloody pulp - even if Google managed a legal victory - there would be millions of users who would have used Bing as the only alternative because they didn't know about the existence of any other browsers than the IE on their Windows desktop.
  • Valentine's day is just a little to convenient. I wander if there are a couple of developers from both companies chuckling at each other. I know I have pulled pranks on friends and co-workers before. {I would not however want to answer to the boss when my prank hit the news}

  • they took out AOL's TCP/IP stack years ago too and low and behold it happened right around the time Microsoft was getting MSN going. The default action for users clicking their AOL links and finding the dialer stopped working was to use the MSN dialer and bring MSN in. It took a court case to get them fix it and that fix was claimed to take months. It was a bug. Right, because they didn't bother to test against the most used TCP/IP stack out there. Google's a target now so stuff like this is just fun for Mi
  • Heh, it's just how Ballmer expresses his repressed admiration. Akin to throwing chairs as a sigh of respect.

  • Embarrassing I guess, but really? This sort of mistake happens with every single anti-virus on the market. Some will even flag and delete core system files causing the installation of the OS to get crippled. I'd say that's embarrassing. It happens. It always will happen. It's not like this is some new slip up that only Microsoft could cause.

"How many teamsters does it take to screw in a light bulb?" "FIFTEEN!! YOU GOT A PROBLEM WITH THAT?"