Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Aborted CA security update creates lots of confusion

Add to     Digg this story Digg this

August 19, 2009

An Internet security update that ran wild for the CA (Computer Associates) anti-virus software created a huge amount of confusion early this morning. Known as the 33.3.7051 update, it labeled a large number of binaries (most of them .dll and .exe files, including some components of eTrust itself) as infected with something called Std.Win32.

Nevertheless, those corrupted files were still sent off to the quarantine folder, resulting in many disabled computer systems that may be far from easy to recover.

CA immediately issued a statement saying that computer users are strongly advised to block the security update. Temporarily disabling on-access scanning, normally a bad idea, might also be worth considering.

Get the best Linux or Windows Web hosting plan for your website.
Get the lowest rate and the best tech support on any Linux or Windows hosting plan. Learn more by clicking here.

"CA have got it so wrong with this update that the Anti-Virus is even renaming core elements of its own program directory. E-Trust could even be deemed a virus in itself," one security analyst notes.

"I had an interesting morning cleaning up after a signature update caused CA's eTrust ITM to detect components of MS Visual Studio and Incredibuild as being infected with the new virus. This seems a bit beyond the usual false positives AV firms sometimes throw out. So far I've had 962 detections and 18 of 'StdWin32'."

CA later issued a statement explaining that the virus was due to an engine overhaul that had obviously gone wrong. Meanwhile, it said that it has developed a remediation tool.

CA then released a new updated anti-malware engine. This new release has resulted in false positive detections of a number of files. CA Threat Manager customers are the only customers being affected by this issue.

This is not a result of signature updates and does not impact CA consumer Internet security products, the company said...

Some observers reported that an updated definition called 34.0.6674 fixes the problem but this remained unconfirmed at the time of writing, so computer users are urged to be vigilant.

To resolve the issue, CA has rolled back the new engine and re-released its previous antimalware engine. CA customer support representatives are on call to answer customer questions and to provide remediation support. A remediation tool to rename the quarantined files is now available through CA support and will soon be accessible online.

Understandably, CA is working fast to resolve this issue, and to assist any customers who have been affected, as well as to identify the root cause of the incident. "We apologize for this inconvenience and look forward to the roll out of our new antimalware engine, which will ultimately offer our customers many benefits including enhanced malware protection and improved performance," said a posting on the CA website.

The computer software company had other and similar problems with another eTrust update in July. That update falsely tagged important Windows system files as potentially malign before dispatching them into quarantine, rendering those systems useless or extremly slow at best.

Add to     Digg this story Digg this

Source: CSAC.

Save Internet's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.

You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.

Click here to order your Proxy Sentinel™ Internet security server today!

Proxy Sentinel™ is the most secure Internet proxy server on the market today. Click here for more information.
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet is listed in
Global Business Listing

| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer

Install your server in Sun Hosting's modern colocation center in Montreal. Get all the details by clicking here.

Get your Linux or Windows dedicated server today.

The industry's best and most accurate tool to find out EXACTLY what your CORRECT keywords are. Click here to learn more.