Sophos false positive made it impossible to login to Windows 7

vbimport

#1

We’ve just posted the following news: Sophos false positive made it impossible to login to Windows 7[newsimage]http://www.myce.com/wp-content/images_posts/2016/09/sophos-logo-95x75.png[/newsimage]

A false positive from antivirus company Sophos made that some Windows 7 SP1 users could no longer login to their operating system last Sunday. The company writes on its website that it mistakenly marked ‘winlogon.exe’ as a virus or spyware.

            Read the full article here: [http://www.myce.com/news/sophos-false-positive-made-impossible-login-windows-7-80379/](http://www.myce.com/news/sophos-false-positive-made-impossible-login-windows-7-80379/)

            Please note that the reactions from the complete site will be synched below.

#2

The company writes on its website that it mistakenly marked ‘winlogon.exe’ as a virus or spyware.
It’s an honest mistake… they probably mistook it for Windows 10, which [I]is[/I] spyware. :stuck_out_tongue:


#3

Well MSE/Defender is working just fine no Windows 7 blocks… :cool:


#4

I’ll go with what DrageMester said.


#5

[QUOTE=G_Ivan Awfulitch;2780431]I’ll go with what DrageMester said.[/QUOTE]
Only if that was in a rosy world but considering how long they been in the business that is one reason to not use it. A A/V doing this is fast track to the junk yard.


#6

[QUOTE=coolcolors;2780442]Only if that was in a rosy world but considering how long they been in the business that is one reason to not use it. A A/V doing this is fast track to the junk yard.[/QUOTE]

On a general level, I would expect any Security/AV company to have samples of any version system files for all supported operating systems and anything less would be ‘fast track…’ as you say. However, reading the article, it states:

This issue is limited to a specific 32-bit version of Windows 7 SP1 systems only

In other words, mistakes do happen :flower:


#7

[QUOTE=Xercus;2780470]On a general level, I would expect any Security/AV company to have samples of any version system files for all supported operating systems and anything less would be ‘fast track…’ as you say. However, reading the article, it states:[/QUOTE]But we assume they will admit to it rather then someone exposing it. Also this:

The culprit was an update that was released Sunday. Later that day, when Sophos became aware of the issue, the antivirus company send out a corrected update to Sophos clients. The update corrected the issue.
Do they not test the release for sending it out? Obviously they didn’t here in this case. They don’t tell how they found out but most likely it was the users that complained and they found out otherwise no one would know what happened. They got scared and fixed ASAP.

This issue is limited to a specific 32-bit version of Windows 7 SP1 systems only.

[QUOTE=Xercus;2780470]In other words, mistakes do happen :flower:[/QUOTE]Only if they admit to the mistake then it was a mistake but for someone to make net news about the problem would be something for Windows O/S update but a A/V should test before release. We have enough problems with Windows already.


#8

Earlier today, Comodo gave me an interesting false positive. I don’t remember exactly what the file was called, but I think it was something along the lines of “gnu-GPLv2.txt”. I don’t see how an ASCII text file with no executable code could be malware. It’s just a software license that protects your freedom!

Anyway, I’m going to side with Xercus here: accidents happen. If Sophos does this frequently, then I guess they suck. But, seeing as how this has only happened this once, it can be forgiven.


#9

[QUOTE=TSJnachos117;2780718]I don’t see how an ASCII text file with no executable code could be malware. It’s just a software license that [B]protects your freedom[/B]![/QUOTE] Nothing is more malicious than that seen through the eyes of some software vendors! :stuck_out_tongue:


#10

I think you’re right DrageMester