Anti-virus vendor Kaspersky has been left with egg on its face after it issued an update to its users falsely identifying Google's Adsense scripts as malicious.
As reported over on The Register
, the false positive left many users receiving unwarranted warnings while browsing perfectly innocuous sites - and with the number of sites relying on Google's Adsense network for their income, it was a pretty major upset.
Worse still, the Adsense false positive comes just hours after the company made a similar mistake with the bit.ly shortening service, adding it to a blacklist of known-bad domains due to its common usage in phishing e-mails - sadly ignoring its common usage elsewhere.
The issue of false positives is one that plagues anti-virus software: if you're too slow to add detection for a piece of malicious code, you leave your users at risk; add the detection in without thorough testing and there could be unintended consequences, as Kaspersky has found to its cost.
It's not a problem unique to Kaspersky, of course: back in 2008 Grisoft's popular AVG anti-virus - available in both free and paid-for editions - added code which detected a rather important Windows system file as malware, deleting the file and leaving many systems completely unbootable
. The same software was responsible for another false positive in 2009, which resulted in iTunes being listed as a Trojan horse
application. In the same year, Computer Associates found its Threat Manager software detecting Windows XP SP3
as a virus, along with the Cygwin Linux-style compatibility layer.
Unfortunately, it's a problem which is unlikely to go away - at least until we no longer need anti-virus applications.
Any Kaspersky users bit by this bug, or was the update not available for long enough to cause widespread problems? Share your thoughts over in the forums