Sophos Antivirus Glitch Detected

Posted 9.21.12 by

On Wednesday, the Sophos antivirus software started detecting its own program updates as malware, and subsequently quarantined the executable files. As a result, the updating function was disabled and unable to update, according to ZDNet.com.

Below is a screenshot of the false positive ‘malware’ from Sophos.com, detected as Shh/Updater-B:

Sophos Antivirus Glitch Detected

Sophos.com reports that by enabling Live Protection, you should no longer see the detections, since the files are now marked ‘clean’ in the Live Protection cloud. If you don’t have Live Protection enabled, once javab-jd.ide has been downloaded by your endpoint computers, you will stop seeing detections.

Sophos is directing users to this knowledgebase article that provides more information about the false positives and how to update endpoints with the latest IDE files: Advisory: Shh/Updater-B False Positives. The steps, with more detail in the article, are:

  1. Confirm SUM is updated and downloaded javab-jd.ide to distributions
  2. Configuration of cleanup options
  3. Endpoints check

What could have caused this bug? One theory attributes the issue to the lack of developer testing during the development cycle, and the failure to check code for bugs or security vulnerabilities. According to a survey conducted by Forrester Consulting and software vendor Coverity, more than 70 percent of respondents that had experienced a security incident also claimed there was a lack of security and technology processes for their developers.

Meanwhile, 79 percent of respondents could not keep pace with the rising code volume, and more than 60 percent stated there was not enough security funding. The short time-to-market also forced 41 percent of respondents to put security during development on the back burner.

“This has lots to do with developers being pressured to get out code,” said Steve Aiello, Sr. Systems Engineer, CISSP at Online Tech. “The primary objective in many companies is to make money, and that means the developers are pushed to get their product out quickly. This is a really good case and point on how even in the security industry, these things can happen.”

The issue has affected users and partners worldwide. If you need more technical support or want to read how others are handling the issue, visit SophosTalk, the Sophos community forum for Sophos Endpoint Protection.

Sophos Antivirus Detects Own Update as False Positive Malware
Shh/Updater-B False Positive by Sophos Anti-Virus Products
Study Finds Web Developers Undertake Too Little Vulnerability Testing

About Otava

Otava provides the secure, compliant hybrid cloud solutions demanded by service providers, channel partners and enterprise clients in compliance-sensitive industries. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava’s global footprint continues to expand. The company provides its customers in highly regulated disciplines with a clear path to transformation through its effective solutions and broad portfolio of hybrid cloud, data protection, disaster recovery, security and colocation services, all championed by an exceptional support team. Learn more at www.otava.com.

Get in touch with an Otava Rep today – just provide us with a bit of information below to get started and we’ll reach out to you shortly!