bit-tech.net

Symantec glitch breaks World of Warcraft

Symantec glitch breaks World of Warcraft

World of Warcraft fans using Norton Anti-Virus had a nasty surprise last week: a false positive which broke the game.

World of Warcraft might be an addictive time-sink, but would you class it as malware? If you work for Symantec, the answer might be yes - albeit unintentionally.

As reported over on Computeractive, the security software vendor responsible for Norton Anti-Virus admitted late last week that a bad definition update had been sent out which caused files required by the overwhelmingly popular World of Warcraft massively multiplayer online role-playing game to be detected as malware - and quarantined or deleted accordingly, making the game unplayable.

Blaming "a human analyst" who "made a mistake, [looking at the files] in isolation," Symantec was alerted to the issue on its product forums - and quickly repaired the update, pushing out a fixed version which removed the false positive.

Interestingly, product manager Kevin Haley used a statement to press regarding the issue to admit what users of signature-based anti-virus packages have long known: false positives are extremely common, with Norton Anti-Virus suffering between "ten to forty" such events every single month, but as the majority of them affect rare or unpopular software users are not often inconvenienced. Nevertheless, the company is said to review every single case of false positives "at a vice-presidential level."

Haley was quick to point fingers at his company's competitors, claiming that while the WoW gaffe was embarrassing it paled into insignificance compared to rival McAfee's recent blunder which saw the important Windows system file svchost.exe detected as a virus and quarantined - leaving users' PCs in an unbootable state.

While losing the ability to play a game may only seem like a complete disaster if you're totally addicted, it's still an embarrassment for Symantec - and yet another mark against the approach taken by traditional signature-based anti-virus packages.

Do you believe that the entire anti-virus industry needs a massive overhaul? Should companies be looking towards alternative technologies in order to avoid the harm caused by false positives? Share your thoughts over in the forums.

19 Comments

Discuss in the forums Reply
Ph4ZeD 7th June 2010, 10:37 Quote
People still use anti-virus software? :O
crazyceo 7th June 2010, 10:37 Quote
Why does everyone in WoW have a beard? even the women!
shanky887614 7th June 2010, 11:17 Quote
Quote:
Originally Posted by Ph4ZeD
People still use anti-virus software? :O

are you crazy you need an antivirus to get rid of them, if you dont have one you should install one

its just one of those things you need to do its like going to the docter we may not like it but we have to go if we are feeling ill
Arkanrais 7th June 2010, 11:27 Quote
Norton is a virus its self.
I've had the damn thing try so many times to install its self and it even succeded once when I wasn't being careful when installing some new software.
Fizzban 7th June 2010, 12:46 Quote
Norton has been one to avoid for years. But it classing WoW as malware is great lol.
theflatworm 7th June 2010, 12:48 Quote
I used to work at PC World, and whenever someone came in with a malfunctioning PC, the first thing the tech people did was ask if they had Norton installed, and if so, tell them to uninstall it.
B3CK 7th June 2010, 13:01 Quote
Norton AV isn't as bad as it used to be. The 360 edition is more resource hog than the standard AV edition; but they have gone a long way in the last couple years.

I think it might be time to do a performance review of how much the different AV products hurt performance in windows, in-game, and web surfing. While there are plenty of sites that track how well they detect something, not many offer performance stats.
deathtaker27 7th June 2010, 13:05 Quote
Lmao and isnt it pcworld that sell norton at a discount with every new PC ;)
aussiebear 7th June 2010, 13:09 Quote
Quote:
Originally Posted by shanky887614
are you crazy you need an antivirus to get rid of them, if you dont have one you should install one

Here's a few facts about AV solutions.

(1) You are immediately on the defensive when you use it. Meaning that you will ALWAYS be reacting to (one step behind), malware writers.

(2) Malware variants outnumber AV signatures. (The time required to get a malware sample; analyse; create a signature; test it; and then push out to customers; cannot match one's ability to push out 10 to 20 malware variants in the same period of time. Thanks to scripting and automation tools!)

(3) AV does NOT protect you from system or application specific exploits. (That is, they do nothing if malware specifically goes after something critical as a Windows service or something like Adobe Flash or Reader.)

(4) AV solutions are profitable because the whole business relies on user ignorance of what is already built-in Windows and poor computing habits. (Like using pirated software, allowing any random executable from the Internet to run, etc.)

(5) AV solutions are often poorly implemented and can be a potential security issue themselves! ie: Believe it or not, some AV solutions out there use specific hooks to the Windows Kernel such that it makes them vulnerable to certain types of attacks.

(6) AV solutions can kill your system or cause you major inconvenience IF the AV developer stuffs up their quality testing process with their signature updates. ie: The McAfee Anti-Virus Update which killed Windows XP computers back in April wasn't an accident. It was an eventuality. McAfee never tested their signatures on XP systems in the first place! (Unsurprisingly, its happened with Symantec!)

So what's the alternative? Prevention. Not reaction.

This is in the form of sound computer usage that is more security aware, and reversing the Allow-by-default concept of Windows.

To put it simply; Allow-by-default means you can run any executable from anywhere. Good or bad; regardless of where it came from! This is the fundamental issue at hand.

The reason for this approach is because of convenience to end-users. But its really flawed from a security perspective.

The prevention approach is to reverse this to Deny-by-default. This means you deny everything at first; and only allow to run things that are known to be safe or trusted. (So you restrict the running of software you actually need and nothing else.)

So for something like drive-by download attacks; they don't work on a Windows system that is set up with the Deny-by-default principle. This is because you are denying all foreign executables!

Malware is just software designed/written for a specific purpose; by denying the ability to run software that isn't from a known/trusted source; infection cannot occur!

The catch?

You must have a Windows version that supports Software Restriction Policy or AppLocker.
(NONE of the Home Editions have this feature.)

ie: You'll need to have one of the following...
=> Windows XP Professional
=> Windows Vista Business/Ultimate/Enterprise
=> Windows 7 Professional/Ultimate/Enterprise

For details, see here...
=> http://www.mechbgon.com/srp/

The overall point?

Don't waste your time and money on researching, investing, installing/maintaining AV software on your system. Spend the time in gaining knowledge/understanding and instill new habits of prevention. Because it saves you time, money, and your system resources in the long term.

You don't need AV when you know and practice sound security principles in computing.
This is what every experienced Linux, BSD, etc user knows. Only a minority of Windows users know this. The majority do NOT.
Quote:
Originally Posted by shanky887614
its just one of those things you need to do its like going to the docter we may not like it but we have to go if we are feeling ill

And if you live your life correctly with regular exercise, healthy diet, and other proper measures that prevent sickness and injury; you wouldn't need to go to the doctor in the first place!

Is it starting to sink through?
=> Prevention is better than cure.
javaman 7th June 2010, 15:09 Quote
Norton, doesn't surprise me. Like AVG and McAfee its useless, tho it has to be a first for it to actually detect something! Guess thats progress. Prevent certainly is better than cure but most anti-virus fail in that area. MSE and Avast have been the only two that i've used that actually protects the PC and has a good scanner if something does get on.
Guinevere 7th June 2010, 15:32 Quote
Quote:
Originally Posted by aussiebearx
Here's a few facts about AV solutions.

That's but one view to take, and one that assumes that everyone with a windows PC is cable as being as good at "prevention" as an "experienced Linux, BSD, etc user"

Can I give you a couple of examples of when it may be a good idea to have a good AV solution installed (Note I said good - I'm not going to get started about that definition)

- A PC owned and managed by competent users, but not experts (EG my parents)
- Owned and managed or just used by a responsible kid (Like many familes)
- Any use of downloads of suspect legality. (Like many many people)

Prevention is always better than a cure, and a good AV solution will prevent a lot of people from having problems.

It's great you don't need one (hey I don't have one on my mac) but discounting all their possible worth to EVERYONE means their real purpose hasn't sunk in for you.

An AV solution is aimed specifically at those that cannot put in place a 100% rock solid prevention system, or where a lapse in procedure is possible.
Bauul 7th June 2010, 19:42 Quote
Common sense and MS Security Essentials has seen me virus free for ages. Many people get viruses because they're silly and download stupid things: if someone is going to run an infected file, you need an AV to get rid of it.

Education is the cure, but it's nigh on impossible to educate everyone.
HourBeforeDawn 7th June 2010, 20:25 Quote
ha awesome, I use MS Security Essentials, works well and is pretty light way and free.
tristanperry 7th June 2010, 20:31 Quote
LOL! I definitely see the funny side! Norton really is junk though; I used it before and really disliked it. Definitely a bad piece of software, IMHO.

Anywhoo, aussiebear makes some very good points. I agree that if Windows moved away from its "Yay, lets allow everything to run automatically!" stance then it'd go a long way towards tackling some of these problems.
Fabou 7th June 2010, 20:47 Quote
And during this time linux user are having fun thinking that PC user pay a programe to sop another programs they are paying for.
Jokes aside new technologie for antivirus would be great but the most important is people to be prudent and do a few Relocation every years. I think there is no perfect way to keep a system clean.
Tele1952 7th June 2010, 20:50 Quote
Eset. Win. Bosh.
crazyceo 7th June 2010, 21:16 Quote
Quote:
Originally Posted by tristanperry
I agree that if Windows moved away from its "Yay, lets allow everything to run automatically!" stance then it'd go a long way towards tackling some of these problems.

The main problem with that is Microsoft gets dragged into court again for not freely allowing its users to goto/clickon/read/open/download whatever the users intentionally or unintentionally wants to.

A habitual drug user unfortunately has an overdose of whatever he/she has taken. The doctors and nurses work hard to revive the user and clear the users system of all toxins and when recovered release the user from hospital with the clear warning that they were lucky this time and to seek help. The user gets home and thinks "Boy, I was lucky this time. I better be more careful!" and goes to sees his/her dealer for more drugs.

The moral of the story? Stop downloading PORN!!!!!!!!!!!!!!!
[- pio -] 7th June 2010, 22:59 Quote
With people calling WoW a disease for so long, I'm almost surprised that antivirus programs haven't started "curing" it before now

On a related, and ever-so-slightly creepy, note: As many here have said, prevention is better than cure. Thus, the logical next step will be vaccinating people against WoW, kinda like with this guy
rhuitron 8th June 2010, 01:25 Quote
HA! Awesome!
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums