Faulty Microsoft AV update nukes Chrome browser

Faulty Microsoft AV update nukes Chrome browser

Summary: Microsoft has confirmed that its security tools erroneously removed the Google Chrome browser from Windows machines, marking it as a variant of the notorious Zeus (Zbot) malware family.

SHARE:
92

UPDATE: Microsoft has confirmed that this was caused by a faulty anti-virus definition update that affected about 3,000 Windows users.

Here's Microsoft's statement:

“On September 30th, 2011, an incorrect detection for PWS:Win32/Zbot was identified and as a result, Google Chrome was inadvertently blocked and in some cases removed from customers PCs. We have already fixed the issue -- we released an updated signature (1.113.672.0) at 9:57 am PDT -- but approximately 3,000 customers were impacted.

A Microsoft spokesperson says affected users should manually update Microsoft Security Essentials (MSE) with the latest signatures.

"To do this, simply launch MSE, go to the update tab and click the Update button, and then reinstall Google Chrome. We apologize for the inconvenience this may have caused our customers," the spokesperson said.

ORIGINAL REPORT:

There are numerous reports circulating that the Microsoft Security Essentials anti-malware utility is flagging Google's Chrome browser as a password-stealing trojan.

In what appears to be a crucial false-positive, Microsoft's security tools are removing Chrome from Windows machines, marking it as a variant of the notorious Zeus (Zbot) malware family.

Complaints from Chrome users are lighting up support forums this morning:

I have been using Chrome on my office PC for over a year.  This morning, after I started up the PC, a Windows Security box popped up and said I had a Security Problem that needed to be removed.  I clicked the Details button and saw that it was "PWS:Win32/Zbot".  I clicked the Remove button and restarted my PC.  Now I do not have Chrome.  It has been removed or uninstalled.  The Chrome.exe file is gone.  Was there really a problem, or is this just a way for Microsoft to stick it to Google?  If I reinstall Chrome, will it have my bookmarks and other settings?  Not sure what to do about this, but I much prefer Chrome to Explorer.

And another:follow Ryan Naraine on twitter

I just tried to reinstall Chrome, and Windows Security stopped it.  Again citing a "severe" threat, "PWS:Win32/Zbot".  What is going on here?

This Chrome user narrows down the problem:

I have the issue as well. Microsoft Security Essentials is removing it.

MSE Versions:

Security Essentials Version: 2.1.1116.0 Antimalware Client Version: 3.0.8402.0 Engine Version: 1.1.7702.0 Antivirus definition: 1.113.656.0 Antispyware definition: 1.113.656.0

In addition to Microsoft Security Essentials, the Microsoft Forefront Endpoint Protection product is also detecting and removing Google Chrome as a malware threat.  Both products share the same anti-malware engine.

* See more on this issue from Ed Bott.

Topics: CXO, Browser, Microsoft, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

92 comments
Log in or register to join the discussion
  • RE: Microsoft security tools nuking Chrome browser

    Hehe. I wonder if it's not flagging it because of the crappy job Google did with the installation process. AKA installing to the user folder. ;)

    Running MSE here with no issues. I used the Chrome MSI installer instead.
    The one and only, Cylon Centurion
    • RE: Microsoft security tools nuking Chrome browser

      Ok, tried downloading the EXE form of Chrome and it installed fine, even with MSE running and up to date...

      Are these people running a legit version of Chrome? Ed Bott did report a while back that people searching for Chrome were a target for attacks.
      The one and only, Cylon Centurion
      • This is either FUD or MSE is working properly

        @Cylon Centurion
        Same here.
        toddybottom
      • RE: Microsoft security tools nuking Chrome browser

        I have been dealing with this issue most of the morning. Microsoft has already released a fix to the update that caused the issue. Your MSE probably does not have the update (the bad version is 1.113.656.0). <br><br>Only a handful of people here were affected, but it took me a while to figure out a workaround. My guess is Microsoft stopped pushing the update.
        rednival
      • RE: Microsoft security tools nuking Chrome browser

        @Cylon Centurion It appears to have been fixed quickly.
        CobraA1
      • Microsoft has a conflict of interest

        The installer has nothing to do with the problem - we tried everything (except allowing that kind of virus). A few things became clear:

        1) MS doesn't let you enable just that one file, they insist on removing the file or allowing this kind of virus forever and everywhere. That's not good.

        2) It doesn't matter if they messed up the update deliberately... although - THEY SHOULD HAVE TESTED THE UPDATE ON CHROME AND OTHER SOFTWARE IN WIDE USE.

        3) The mere presence of such a giant conflict of interest is an incontestable reason against using MS AV software or an OS which embeds it, especially for mission critical tasks.
        sambors
    • RE: Microsoft security tools nuking Chrome browser

      @Cylon Centurion Exactly what I was thinking. Hasn't happened yet on my machine, but if it does I won't lose any sleep. I use all three browsers anyway.
      statuskwo5
      • RE: Microsoft security tools nuking Chrome browser

        @statuskwo5

        A bad update to AVG in 2009 deleted flagged iTunes as a virus and deleted it.....false positives happen, the point is that MS appears to have fixed it quickly....certainly they fixed it faster than AVG did back in 2009
        Doctor Demento
    • RE: Microsoft security tools nuking Chrome browser

      @Cylon Centurion It's amazing that MS and Google can't get this right... Plus the MS Security tool in my opinion has always been pretty watered down security software plus very late to detect any real threats. For the <a href="http://www.bestantivirus2012.com" target="_blank">Best Antivirus 2012</a> I go to that site and they kindly list which one are good and why. If you're serious about security and have important files on your computer like I do, I don't play games when it comes to security software much less rely on MS security tool which are free. <br><br>Just my 2-cents...
      reviewsgirl
      • RE: Microsoft security tools nuking Chrome browser

        @reviewsgirl

        It's been watered down because AVs as we knew them have been depreciated. A lot of the power AVs once had have been taken out of the software and placed elsewhere in Windows and IE.
        Today, the first line of defense against attacks can be found in the browser you're using (hopefully).
        The one and only, Cylon Centurion
      • RE: Microsoft security tools nuking Chrome browser

        @Cylon Centurion
        The first line of defense is and should be in the OS itself.
        We are all on-line these days so it should be self evident why the OS must be able to defend itself against both outside and inside threats. They all do it well, all except Microsoft Windows.
        Mikael_z
      • Spyware doctor is not good for any pc older than 4 years

        @reviewsgirl It has always been a slow starter and a memory hog. I prefer Eset on such a pc.
        zmud
      • RE: Microsoft security tools nuking Chrome browser

        @reviewsgirl "much less rely on MS security tool which are free. "
        You DO realize that MSE and Forefront BOTH use the same av engine. Forefront is for corporations and is NOT free.
        As far as being watered down, if you mean its way less bloated than say Norton and is pretty lightweight on resources, then I agree.
        cybr2th@...
      • anono, the answer is very simple.

        First of all, Windows users like myself do not use Chrome so we don't have to worry about that large trojan, nor do I have itunes nor Quicktime, which are 2 more security nightmares of the highest order.
        But don't be silly, Microsoft doesn't allow other trojans on their system. They just fired a shot at Google, let the world know what Chrome really is and then performed the correct business move.
        They know that doing the right thing in this case would not be feasible, unfortunately. Google has deep pockets and it would have brought the DoJ and most certainly the European Commission. We can all now see the makeup of this non elected entity that was behind the illegal forcing of MS to alter it's software and pay enormous fines along the way:
        <i> Two European Parliament lawmakers have resigned and a third has stepped down from his position in his party after a British newspaper reported they had agreed to propose legislation in return for bribes</i>

        So you have been warned about Chrome. Not it's up to you if you want to run the trojan, it's really out of Microsoft's hands unless they give up doing so much good for billions of users just to do what is right in a situation they can't win.
        And then there is Apple. Isn't it ironic that Apple can keep anything they want from their monopolized platform while at the same time building that same platform on the back of MS Windows? Without itunes for Windows, the ipod, iphone and ipad would have never been possible. And of course Google LIVES on and breathes on top of MS Windows. Again, they are nothing without it.
        So you see the tragedy, the irony and the comedy of it all, don't you?
        But the race has just begun. We shall see. We shall see.
        xuniL_z
      • Anono, the answer is very simple. But there is much to it.

        First of all, Windows users like myself do not use Chrome so we don't have to worry about that large trojan, nor do I have itunes nor Quicktime, which are 2 more security nightmares of the highest order.
        But don't be silly, Microsoft doesn't allow other trojans on their system. They just fired a shot at Google, let the world know what Chrome really is and then performed the correct business move.
        They know that doing the right thing in this case would not be feasible, unfortunately. Google has deep pockets and it would have brought the DoJ and most certainly the European Commission. We can all now see the makeup of this non elected entity that was behind the illegal forcing of MS to alter it's software and pay enormous fines along the way:
        <i> Two European Parliament lawmakers have resigned and a third has stepped down from his position in his party after a British newspaper reported they had agreed to propose legislation in return for bribes</i>

        So you have been warned about Chrome. Not it's up to you if you want to run the trojan, it's really out of Microsoft's hands unless they give up doing so much good for billions of users just to do what is right in a situation they can't win.
        And then there is Apple. Isn't it ironic that Apple can keep anything they want from their monopolized platform while at the same time building that same platform on the back of MS Windows? Without itunes for Windows, the ipod, iphone and ipad would have never been possible. And of course Google LIVES on and breathes on top of MS Windows. Again, they are nothing without it.
        So you see the tragedy, the irony and the comedy of it all, don't you?
        But the race has just begun. We shall see. We shall see.
        xuniL_z
      • anono, the answer is simple. Yet there is much to it.

        First of all, Windows users like myself do not use Chrome so we don't have to worry about that large trojan, nor do I have itunes nor Quicktime, which are 2 more security nightmares of the highest order.
        But don't be silly, Microsoft doesn't allow other trojans on their system. They just fired a shot at Google, let the world know what Chrome really is and then performed the correct business move.
        They know that doing the right thing in this case would not be feasible, unfortunately. Google has deep pockets and it would have brought the DoJ and most certainly the European Commission. We can all now see the makeup of this non elected entity that was behind the illegal forcing of MS to alter it's software and pay enormous fines along the way:
        <i> Two European Parliament lawmakers have resigned and a third has stepped down from his position in his party after a British newspaper reported they had agreed to propose legislation in return for bribes</i>

        So you have been warned about Chrome. Not it's up to you if you want to run the trojan, it's really out of Microsoft's hands unless they give up doing so much good for billions of users just to do what is right in a situation they can't win.
        And then there is Apple. Isn't it ironic that Apple can keep anything they want from their monopolized platform while at the same time building that same platform on the back of MS Windows? Without itunes for Windows, the ipod, iphone and ipad would have never been possible. And of course Google LIVES on and breathes on top of MS Windows. Again, they are nothing without it.
        So you see the tragedy, the irony and the comedy of it all, don't you?
        But the race has just begun. We shall see. We shall see.
        xuniL_z
      • &lt;i&gt;&lt;/i&gt;

        <i></i>
        xuniL_z
    • RE: Microsoft security tools nuking Chrome browser

      @Cylon Centurion Looks like MS is calling this a false positive. I'd have to say, accidentally ripping your competition out of the file system also seems like a crappy job.

      http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=PWS:Win32/Zbot&threatid=2147598479
      yurodivuie
      • RE: Microsoft security tools nuking Chrome browser

        @yurodivuie

        Well, that's what MSE is supposed to do. If you have a baddie, it needs removed.
        The one and only, Cylon Centurion
      • Why not?

        Chrome is a trojan. Their software is crap, just like Apple's. <br>By the way, doesn't Apple monopolize the A4 market? Nothing diffferent than what Jackson did to eliminate Apple, SUN, IBM and other PC makers to fullfull his personal vendetta and turn MS into a monopoly...of one architecture. <br>Apple and Google need to die, and they will. Windows 8 with hyper-V and the full minwin implementation (on the client to run legacy apps fast with minimal resources) and the OS capable of turning any tablet into anything you want it to be. <br>It's a decade ahead of Apple suddenly. Android will never fill the spot due to fragmentation between it's many "versions". Devs are moving to WP7 and now win8 in droves. They are sick of coding with ancient tools as well. <br>Get ready for the second coming of Windows. It will be even bigger than the first coming.
        xuniL_z