Faulty Microsoft AV update nukes Chrome browser
Summary: Microsoft has confirmed that its security tools erroneously removed the Google Chrome browser from Windows machines, marking it as a variant of the notorious Zeus (Zbot) malware family.
UPDATE: Microsoft has confirmed that this was caused by a faulty anti-virus definition update that affected about 3,000 Windows users.
Here's Microsoft's statement:
“On September 30th, 2011, an incorrect detection for PWS:Win32/Zbot was identified and as a result, Google Chrome was inadvertently blocked and in some cases removed from customers PCs. We have already fixed the issue -- we released an updated signature (1.113.672.0) at 9:57 am PDT -- but approximately 3,000 customers were impacted.
A Microsoft spokesperson says affected users should manually update Microsoft Security Essentials (MSE) with the latest signatures.
"To do this, simply launch MSE, go to the update tab and click the Update button, and then reinstall Google Chrome. We apologize for the inconvenience this may have caused our customers," the spokesperson said.
ORIGINAL REPORT:
There are numerous reports circulating that the Microsoft Security Essentials anti-malware utility is flagging Google's Chrome browser as a password-stealing trojan.
In what appears to be a crucial false-positive, Microsoft's security tools are removing Chrome from Windows machines, marking it as a variant of the notorious Zeus (Zbot) malware family.
Complaints from Chrome users are lighting up support forums this morning:
I have been using Chrome on my office PC for over a year. This morning, after I started up the PC, a Windows Security box popped up and said I had a Security Problem that needed to be removed. I clicked the Details button and saw that it was "PWS:Win32/Zbot". I clicked the Remove button and restarted my PC. Now I do not have Chrome. It has been removed or uninstalled. The Chrome.exe file is gone. Was there really a problem, or is this just a way for Microsoft to stick it to Google? If I reinstall Chrome, will it have my bookmarks and other settings? Not sure what to do about this, but I much prefer Chrome to Explorer.
And another:
I just tried to reinstall Chrome, and Windows Security stopped it. Again citing a "severe" threat, "PWS:Win32/Zbot". What is going on here?
This Chrome user narrows down the problem:
I have the issue as well. Microsoft Security Essentials is removing it.
MSE Versions:
Security Essentials Version: 2.1.1116.0 Antimalware Client Version: 3.0.8402.0 Engine Version: 1.1.7702.0 Antivirus definition: 1.113.656.0 Antispyware definition: 1.113.656.0
In addition to Microsoft Security Essentials, the Microsoft Forefront Endpoint Protection product is also detecting and removing Google Chrome as a malware threat. Both products share the same anti-malware engine.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
RE: Microsoft security tools nuking Chrome browser
Running MSE here with no issues. I used the Chrome MSI installer instead.
RE: Microsoft security tools nuking Chrome browser
Are these people running a legit version of Chrome? Ed Bott did report a while back that people searching for Chrome were a target for attacks.
This is either FUD or MSE is working properly
Same here.
RE: Microsoft security tools nuking Chrome browser
RE: Microsoft security tools nuking Chrome browser
Microsoft has a conflict of interest
1) MS doesn't let you enable just that one file, they insist on removing the file or allowing this kind of virus forever and everywhere. That's not good.
2) It doesn't matter if they messed up the update deliberately... although - THEY SHOULD HAVE TESTED THE UPDATE ON CHROME AND OTHER SOFTWARE IN WIDE USE.
3) The mere presence of such a giant conflict of interest is an incontestable reason against using MS AV software or an OS which embeds it, especially for mission critical tasks.
RE: Microsoft security tools nuking Chrome browser
RE: Microsoft security tools nuking Chrome browser
A bad update to AVG in 2009 deleted flagged iTunes as a virus and deleted it.....false positives happen, the point is that MS appears to have fixed it quickly....certainly they fixed it faster than AVG did back in 2009
RE: Microsoft security tools nuking Chrome browser
RE: Microsoft security tools nuking Chrome browser
It's been watered down because AVs as we knew them have been depreciated. A lot of the power AVs once had have been taken out of the software and placed elsewhere in Windows and IE.
Today, the first line of defense against attacks can be found in the browser you're using (hopefully).
RE: Microsoft security tools nuking Chrome browser
The first line of defense is and should be in the OS itself.
We are all on-line these days so it should be self evident why the OS must be able to defend itself against both outside and inside threats. They all do it well, all except Microsoft Windows.
Spyware doctor is not good for any pc older than 4 years
RE: Microsoft security tools nuking Chrome browser
You DO realize that MSE and Forefront BOTH use the same av engine. Forefront is for corporations and is NOT free.
As far as being watered down, if you mean its way less bloated than say Norton and is pretty lightweight on resources, then I agree.
anono, the answer is very simple.
But don't be silly, Microsoft doesn't allow other trojans on their system. They just fired a shot at Google, let the world know what Chrome really is and then performed the correct business move.
They know that doing the right thing in this case would not be feasible, unfortunately. Google has deep pockets and it would have brought the DoJ and most certainly the European Commission. We can all now see the makeup of this non elected entity that was behind the illegal forcing of MS to alter it's software and pay enormous fines along the way:
<i> Two European Parliament lawmakers have resigned and a third has stepped down from his position in his party after a British newspaper reported they had agreed to propose legislation in return for bribes</i>
So you have been warned about Chrome. Not it's up to you if you want to run the trojan, it's really out of Microsoft's hands unless they give up doing so much good for billions of users just to do what is right in a situation they can't win.
And then there is Apple. Isn't it ironic that Apple can keep anything they want from their monopolized platform while at the same time building that same platform on the back of MS Windows? Without itunes for Windows, the ipod, iphone and ipad would have never been possible. And of course Google LIVES on and breathes on top of MS Windows. Again, they are nothing without it.
So you see the tragedy, the irony and the comedy of it all, don't you?
But the race has just begun. We shall see. We shall see.
Anono, the answer is very simple. But there is much to it.
But don't be silly, Microsoft doesn't allow other trojans on their system. They just fired a shot at Google, let the world know what Chrome really is and then performed the correct business move.
They know that doing the right thing in this case would not be feasible, unfortunately. Google has deep pockets and it would have brought the DoJ and most certainly the European Commission. We can all now see the makeup of this non elected entity that was behind the illegal forcing of MS to alter it's software and pay enormous fines along the way:
<i> Two European Parliament lawmakers have resigned and a third has stepped down from his position in his party after a British newspaper reported they had agreed to propose legislation in return for bribes</i>
So you have been warned about Chrome. Not it's up to you if you want to run the trojan, it's really out of Microsoft's hands unless they give up doing so much good for billions of users just to do what is right in a situation they can't win.
And then there is Apple. Isn't it ironic that Apple can keep anything they want from their monopolized platform while at the same time building that same platform on the back of MS Windows? Without itunes for Windows, the ipod, iphone and ipad would have never been possible. And of course Google LIVES on and breathes on top of MS Windows. Again, they are nothing without it.
So you see the tragedy, the irony and the comedy of it all, don't you?
But the race has just begun. We shall see. We shall see.
anono, the answer is simple. Yet there is much to it.
But don't be silly, Microsoft doesn't allow other trojans on their system. They just fired a shot at Google, let the world know what Chrome really is and then performed the correct business move.
They know that doing the right thing in this case would not be feasible, unfortunately. Google has deep pockets and it would have brought the DoJ and most certainly the European Commission. We can all now see the makeup of this non elected entity that was behind the illegal forcing of MS to alter it's software and pay enormous fines along the way:
<i> Two European Parliament lawmakers have resigned and a third has stepped down from his position in his party after a British newspaper reported they had agreed to propose legislation in return for bribes</i>
So you have been warned about Chrome. Not it's up to you if you want to run the trojan, it's really out of Microsoft's hands unless they give up doing so much good for billions of users just to do what is right in a situation they can't win.
And then there is Apple. Isn't it ironic that Apple can keep anything they want from their monopolized platform while at the same time building that same platform on the back of MS Windows? Without itunes for Windows, the ipod, iphone and ipad would have never been possible. And of course Google LIVES on and breathes on top of MS Windows. Again, they are nothing without it.
So you see the tragedy, the irony and the comedy of it all, don't you?
But the race has just begun. We shall see. We shall see.
<i></i>
RE: Microsoft security tools nuking Chrome browser
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=PWS:Win32/Zbot&threatid=2147598479
RE: Microsoft security tools nuking Chrome browser
Well, that's what MSE is supposed to do. If you have a baddie, it needs removed.
Why not?