Smashing Security #018: Windows is a virus. True or False?

Three security industry veterans, chatting about computer security and online privacy.

Smashing Security #018: Windows is a virus. True or False?

Security firm Webroot drops a clanger when it declared Windows was malicious and borked customers' PCs, millennials are streaming a lot of movies illegally, and blackmailers are targeting members of the Ashley Madison cheating site again.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Michael Hucks from PC Matic.

Show notes:

Subscribe: Apple Podcasts | Google Play | Overcast | Stitcher | RSS for you nerds.
This episode of Smashing Security is made possible by the generous support of Recorded Future - the real-time threat intelligence company whose patented machine learning technology continuously analyzes technical, open, and dark web sources to give organizations unmatched insight into emerging threats.

Sign up for free daily threat intelligence updates at recordedfuture.com/intel.

Thanks to Recorded Future for their support.

Hope you enjoy the show, and tell us what you think. You can follow the Smashing Security team at @SmashinSecurity on Twitter.

Remember: Subscribe on iTunes to catch all of the episodes as they go live. Thanks for listening!

Tags: , , , , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , , , , , ,

3 Responses

  1. drsolly

    April 27, 2017 at 2:56 pm #

    I hadn't known about the Great Sophos Disaster.

    How did they recover from a situation where they can't push out an update? And how did they fail to scan their own software?

    Because of the scanning method that DSAV-Findvirus used (single point), I don't think we ever had a false alarm.

    • Graham Cluley in reply to drsolly.

      April 27, 2017 at 11:35 pm #

      Here is how The Register reported the Sophos foul-up: https://www.theregister.co.uk/2012/09/20/sophos_auto_immune_update_chaos/

      If I recall correctly, the first fix was a manual one – on every computer that had had its Sophos Anti-Virus update feature borked by umm.. Sophos Anti-VIrus,

      Later there might have been a tool produced that could be rolled out across the network as users logged in, but that's lost in the mists of time for me.

      Regarding "how did they fail to scan their own software"? My understanding is that the false detection was spotted during testing…. and then human error meant that someone overrode the warning and pushed out the update anyway…

      But it's five or so years ago now, so that may not be right.

    • Graham Cluley in reply to drsolly.

      April 27, 2017 at 11:41 pm #

      I seem to recall there may have been occasional false alarms (but nothing like what McAfee and others suffered from) when it came to file compressors, Dmitry's heuristics, etc. But they were pretty rare. David Emm probably remembers better than me.

      BTW, it's 20 years since we put out this press release. Time files…

      http://www.prnewswire.co.uk/news-releases/mcafee-pleads-with-dr-solomons-to-reduce-virus-detection-rate-156451045.html

Leave a Reply