Sophos Anti-Virus Deletes Itself as a Virus

Anti-virus software is a necessary evil in today’s world, thanks to the proliferation of hackers, malware and botnets.  Unfortunately, the software can frequently cause high profile problems like locking users out of their computers and causing endless reboots by deleting necessary Windows system files.  Perhaps no problem has been more embarrassing than the recent Sophos debacle.  The security software flagged it’s own files as malicious and proceeded to delete them.

For the most part, it’s better for these programs to err on the side of caution than risk allowing a user’s system to be infected.  However, Sophos went a bit far with their most recent update, when it flagged the Shh/Updater-B file as malicious.  Although the problem was worldwide, thankfully Sophos allows users and administrators to choose what happens when threats are detected.  If your settings called for simply denying access to the file then there was little harm.  For those who set their computers to delete offending files the program proceeded to cripple itself by deleting it’s own updater.  That made the process to undo the damage a bit more time consuming and difficult than simply waiting patiently for an update to trickle down.

Sophos has since fixed the issue by pushing an update.  Kudos to the company for acting quickly in this matter, but it illustrates the problems that have plagued this type of software.  With Windows 8 now looming on the horizon these problems may become less widespread thanks to the built-in Windows Defender that handles most of this duty, much to the dismay of third-party software makers.

Comments

Trackbacks

  1. […] La nueva versión de su antivirus que Sophos lanzó identificaba el archivo Shh/Updater-B como malicioso. El programa daba la opción de borrar el fichero o denegar el acceso. Si se escogía la segunda vía el daño es menor y con la actualización que ha sacado la compañía se repara fácilmente. En caso contrario será más complicado, según indican desde Geek News Central. […]