Kaspersky's Internet security software creates confusion
July 15, 2010
Kaspersky's Internet security software created some confusion yesterday after it blocked the recently redesigned BBC News website and other Internet properties. Kaspersky's widely used Internet Security 2011 software labelled the revamped news site as a phishing risk, warning its users against visiting it.
The blocking behavior extended even across a wide range of other BBC sites and not just its main news site, until the Russian security company finally removed the faulty update late yesterday.
Web surfers were instead confronted with the following ambiguous message:
http://www.bbc.co.uk is used to steal passwords, credit card numbers and other confidential data. Access remains denied.
Kaspersky did acknowledge that its security software erroneously blocked access to the bbc.co.uk website earlier this morning.
Last week, one of Kaspersky's external partners for phishing protection software supplied incorrect data that was subsequently incorporated into the company's anti-phishing databases. As a result, all Kaspersky endpoint security products erroneously blocked all access to the bbc.co.uk website, wrongly identifying it as a phishing site.
The error was identified and corrected shortly thereafter, however.
Kaspersky apologized for the false positive, which it blamed on faulty data from a third-party phishing blocklist supplier. It also promised to improve its testing procedures to prevent a repetition of the incident in the future.
Overall, errors such as this are the result of "misfiring" security defining updates. Issues of this type are all too common and can label critical OS system files as potentially malign and quarantine them right on the server which can cripple a whole website or group of websites, Kaspersky said.
This incident is fairly minor by comparison, but will have generated plenty of confused support calls before it was finally resolved a few hours later, however.
"Kaspersky would like to apologise for any inconvenience this problem may have caused users. The company is continually improving its procedures for testing products and releasing updates to prevent such errors from occurring in future," a statement read on Kaspersky's site.
This security incident certainly isn't caused by the redesign of the BBC News site. Widespread criticism of the site's redesign on the Internet over its confusing layout, unappealing appearance and the ill-conceived decision to reduce the prominence of sports coverage is completely another topic.
The revamped BBC News site falls short of several HTML coding conventions but this should not by itself have resulted in this false positive, according to Kaspersky Labs.
Source: Kaspersky Labs.
You can link to the Internet Security web site as much as you like.