What do you do when a widely used antivirus product reports a false positive on your new, valid, signed, virus-free software download -- and then goes ahead without asking and terminates it with extreme prejudice?
[ Now more than ever, you need InfoWorld's interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]
Yesterday I posted this notice on my software company's message board:
Several of our users have reported that today Norton Insight is flagging our patch files as possible threats with WS.Reputation.1. This is a false positive.
If you use Norton Insight, turn it off before downloading and installing our patches. Also please tell the Norton people that the files are fine.Note: WS.Reputation.1 is almost meaningless.
Excerpt:
WS.Reputation.1 is a detection for files that have a low reputation score based on analyzing data from Symantec’s community of users and therefore are likely to be security risks. Detections of this type are based on Symantec’s reputation-based security technology. Because this detection is based on a reputation score, it does not represent a specific class of threat like adware or spyware, but instead applies to all threat categories.
The reputation-based system uses "the wisdom of crowds" (Symantec’s tens of millions of end users) connected to cloud-based intelligence to compute a reputation score for an application, and in the process identify malicious software in an entirely new way beyond traditional signatures and behavior-based detection techniques.
Now, I can sympathize with any scheme that helps to make users safer from malware. But "the wisdom of crowds" means absolutely nothing when applied to a fresh software patch.
Sheesh!
This article, "Epic fail: Auto-deleting files based on their 'reputation'," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog.