Users report Microsoft Security Essentials removes Google Chrome

Users report Microsoft Security Essentials removes Google Chrome

Summary: Hundreds of users on Google Chrome Help forum this morning reported that Microsoft security products were identifying Chrome as a password-stealing Trojan and removing it. Update: Microsoft acknowledged the issue, posted a fix.

SHARE:

UPDATE, 1:40 PM PDT: Microsoft has identified the problem as being caused by a faulty definition file. This text has been added to the relevant page at the company's Malware Protection Center: 

Information about incorrect detection of Google Chrome as PWS:Win32Zbot

On September 30th, 2011, an incorrect detection for PWS:Win32/Zbot was identified and as a result, Google Chrome was inadvertently blocked and in some cases removed. Within a few hours, Microsoft released an update that addresses the issue. Signature versions 1.113.672.0 and higher include this update. Affected customers should manually update Microsoft Security Essentials (MSE) with the latest signatures. After updating the definitions, reinstall Google Chrome. We apologize for the inconvenience this may have caused our customers.

To get the latest definitions, simply launch MSE, go to the update tab and click the Update button. The definitions can be updated manually by visiting the following Microsoft Knowledge Base article: http://support.microsoft.com/kb/971606

PWS:Win32/Zbot is a password-stealing trojan that monitors for visits to certain websites. It allows limited backdoor access and control and may terminate certain security-related processes.

UPDATE 2, 11:15 AM PDT: A Microsoft spokesperson provides the following response via e-mail:

On September 30th, 2011, an incorrect detection for PWS:Win32/Zbot was identified and as a result, Google Chrome was inadvertently blocked and in some cases removed from customers PCs. We have already fixed the issue - we released an updated signature (1.113.672.0) at 9:57 am PDT - but approximately 3,000 customers were impacted. Affected customers should manually update Microsoft Security Essentials (MSE) with the latest signatures. To do this, simply launch MSE, go to the update tab and click the Update button, and then reinstall Google Chrome. We apologize for the inconvenience this may have caused our customers.

The response does not provide any guidance for Forefront customers who have been affected by this issue. I've also asked for clarification on the "approximately 3,000 customers" figure. If a Forefront installation covering hundreds or thousands of users is counted as a single customer, the actual number of affected PCs could be considerably higher.

 Original post:

A support thread on the Google Chrome Help forum includes a growing number of complaints from Chrome users who complain that Microsoft Security Essentials is identifying the program as a password-stealing Trojan and removing it. The first report was time-stamped at 8:02 AM, from a user named chasd harris:

I have been using Chrome on my office PC for over a year. This morning, after I started up the PC, a Windows Security box popped up and said I had a Security Problem that needed to be removed. I clicked the Details button and saw that it was "PWS:Win32/Zbot". I clicked the Remove button and restarted my PC. Now I do not have Chrome. It has been removed or uninstalled. The Chrome.exe file is gone. Was there really a problem, or is this just a way for Microsoft to stick it to Google? If I reinstall Chome, will it have my bookmarks and other settings? Not sure what to do about this, but I much prefer Chrome to Explorer.

Six minutes later, the same user reported:

I just tried to reinstall Chrome, and Windows Security stopped it. Again citing a "severe" threat, "PWS:Win32/Zbot". What is going on here?

That report was followed by another 20 or so confirmations within a half-hour. At least two respondents reported encountering the same issue with Microsoft's enterprise Forefront security software, which uses the same definition files.

Since that initial report the forum post has had hundreds of additional reports, and after roughly two hours the thread is up to four pages.

I noted the version numbers for the software and its definitions as reported by one user. On a test system here, running the exact same revisions, I was unable to reproduce these reported symptoms. I was able to download, install, run, uninstall, and reinstall the current stable version of Chrome without a squawk from Microsoft Security Essentials.

It's possible (although unlikely) that these reports are related to either a compromised version of Chrome or a Microsoft Security Essentials. It's more likely that the errors are the result of some interaction with a separate program or process.

I've alerted Microsoft to the incident and asked for a comment. I will update this post with details when I hear back.

Update: This certainly isn't the first time a defective antivirus signature has created some havoc among Windows users. Remember the episode from April 2010 involving a McAfee definition that erased a key Windows system file and bricked many thousands of enterprise systems worldwide?

My colleague Ryan Naraine is also on the story.

Topics: Microsoft, Apps, Browser, Google, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

158 comments
Log in or register to join the discussion
  • RE: Users report Microsoft Security Essentials removes Google Chrome

    I wonder if this doesn't relate to those scammy Chrome links you found a while back...
    The one and only, Cylon Centurion
    • Finally one anti-spy software does its job

      Really what kinda browser is it that it collects your private info and sends it back to the head-quarter?
      LBiege
      • RE: Users report Microsoft Security Essentials removes Google Chrome

        @LBiege They save the passwords in your machine for auto log-in
        RHTrenkamp
      • RE: Finally one anti-spy software does its job

        @LBiege -- "Really what kinda browser is it that it collects your private info and sends it back to the head-quarter?"

        If the truth were known, probably all of them. What makes you think the others don't?
        Rodo1
      • RE: Users report Microsoft Security Essentials removes Google Chrome

        @LBiege Microsoft Internet Explorer, version 7 and 8 (and presumably 9) via their "Help us improve" install setting. Also, Internet Explorer with BingBar. Internet Explorer with various other Live! add-ons. Any questions?
        RobertMfromLI
    • RE: Users report Microsoft Security Essentials removes Google Chrome

      Very cool. Chrome being called what it is.
      rparker009
      • RE: Users report Microsoft Security Essentials removes Google Chrome

        @rparker009 Many of us suspect that actually
        javierdelgado
    • RE: Users report Microsoft Security Essentials removes Google Chrome

      @Cylon Centurion
      Browsers are stealing our data and send their HQ. My technician found out it a while ago. While i was thinking how this data could be used.

      I realised the collected datas used to build search engine results. It helps unindexed pages to be indexed i dont name these SE companies but you know them already. I still need time to prove it. But <a href="http://www.webmastersitesi.com/mozilla-firefox/">Firefox</a> seemed to me has more realationship with technological data theft (by hashed values) then google chrome.
      oyungame
  • RE: Users report Microsoft Security Essentials removes Google Chrome

    No issues here
    Randalllind
    • RE: Users report Microsoft Security Essentials removes Google Chrome

      @Randalllind
      everyone using windoze is affected.
      M$ should be investigated by the antitrust busters for this despicable act!
      Chrome is the most secure browser.
      The Linux Geek
      • RE: Users report Microsoft Security Essentials removes Google Chrome

        @The Linux Geek

        Not so. I use Win 7 and my Chrome installation is still good. Maybe you shou be investigated for not knowing what you are talking about.
        sackbut
      • RE: Users report Microsoft Security Essentials removes Google Chrome

        @The Linux Geek No issues here.
        RobertMoore12@...
      • RE: Users report Microsoft Security Essentials removes Google Chrome

        @The Linux Geek
        I think Google for one day should stop all its services from being accesses by Microsoft browsers citing it to be stealing passwords.
        dheerajnagpal
      • Miscrosoft Security Essential/Google Chrome

        I had the same problem. Uninstalled Chrome and haven't been able to reinstall it.
        Fins to Left
      • RE: Users report Microsoft Security Essentials removes Google Chrome

        @The Linux Geek Grow-up. Back to the French Fry station with you. Smoke break is over with...
        ItsTheBottomLine
      • RE: Users report Microsoft Security Essentials removes Google Chrome

        @The Linux Geek it really depends on many factors #1 it could be the version of the Security Software or the OS that is being used or the final thing could be how the Software is trained
        ryanlee05
      • RE: Users report Microsoft Security Essentials removes Google Chrome

        @The Linux Geek

        Once again, anyone who uses the phrases fan-boi, windoze, or M$ loses all credibility and should be banned.
        loggie48mxg
      • RE: Users report Microsoft Security Essentials removes Google Chrome

        @The Linux Geek
        Bullcrap. Crome is far from the most secure browser. It was one of the first to get hacked at the hacker's convention along with Firefox and the great Apple's Safari. Guess which one wasn't hacked?
        cougarrat
      • More than 20 machines here...

        @The Linux Geek

        ...Windows XP running on all of them and Chrome being the primary browser our company uses for accessing Google Apps, not problem one. I think this is a secret plot by Microsoft to gain sympathy through all the bad press that something like this generates, I mean they have to KNOW that people like yourself see Indians behind every rock and want to badmouth them, and MS figures that the rational people will sympathetically tune the conspiracy nutjobs out from now on...
        ReadWryt (error)
      • No issue here either

        @The Linux Geek

        How would you know? You are obviously not using Windows.

        But you have the gall to speak for all users of Windows...

        But I am using Linux RHEL 6.1, Ubuntu 10.10, Mint and Knoppix as well.

        Speaking of which I can assure you that Windows 7 & 8 are way more efficient and functional than Linux.

        Anyway, I didn't lose Google Chrome either.

        [i]~~~~~~~~~~
        Price is what you pay. Value is what you get.
        ~ Warren Buffett[/i]
        WinTard