Microsoft Security Products Flag Google Chrome As a Virus

New submitter maeltor writes "Reports poured in this morning that Microsoft's security products, namely Microsoft Security Essentials and Forefront Client Security, were flagging Google Chrome as a virus (PWS:Win32/Zbot) and removing the browser if users chose to clean and reboot their machines. Users reported that the only way to mitigate the problem was to set MSE and Forefront to 'always allow' Zbot, which is generally considered to be a bad idea." A Google employee in the above support thread notes that Microsoft has now pushed another update to resolve the issue. "On September 30th, 2011, an incorrect detection for PWS:Win32/Zbot was identified. On September 30th, 2011, Microsoft released an update that addresses the issue. Signature versions 1.113.672.0 and higher include this update."

A joke...

[Frosty Piss]

Microsoft Security Products Flag Google Chrome As a Virus

For once, Microsoft get's it right!

Re:A joke...

[Anonymous Brave Guy]

I realise you were going for humour, but Google does a lot of very shady things involving auto-updates and integrating with unnecessary parts of a system. Why does my Firefox installation need a Google Update plug-in I never asked for, and why does it keep getting reactivated even though I've explicitly turned it off?

The reaction might not have been deliberate on this occasion, but I am utterly lacking in sympathy if Google's shady code starts getting treated like malware. If it walks like a duck and quacks like a duck, it's still a duck, even though sometimes it can taste good.

Re:

[Ark42]

Fyi, duck is always delicious.

Re:

[Carewolf]

Chrome is no virus, but it is technically speaking spyware, forcing Google to introduce the term badware to replace malware, because malware includes spyware but badware only includes spyware used for id-theft, not spyware used for targeted advertisement.

Re:

[poofmeisterp]

Ok... compromise.

Stern-lookware?
Loud-sighware?
Adrenaline-releaseware?
Stomp-footware?
Annoyware?
But-I-trusted-youware?
I-need-to-walk-away-for-a-minuteware?
Please-stopware?
Wish-you-would-uninstall-instead-of-lyingware?

Well, a couple were a little long but hell... Runnin' out of acronyms; may as well run out of 'WareNames'. :>

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Talderas]

It made Slashdot because...

1. Microsoft dun screwed up (no matter how innocuous it may have been).
2. Google is a shining child of goodness and can do no evil.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[antdude]

Get's? Why is there an apostrophe in there?

Re:

[vux984]

Norton products especially at that point in time said that about pretty much everything that tries to connect to the internet.

Re:

[qubezz]

Considering Google adds its updater as both a service and as scheduled tasks and will reinstall these to keeps the undocumented service always running, always connecting to the internet, I would say spyware.

Microsoft to Google...

[killmenow]

"Oh, Woops! How did that happen?! So sorry about that Google. Totally a mistake. Totally. Our bad, really."

Meanwhile some clueless user just switched back to IE.

Re:Microsoft to Google...

[Chemicles]

Right. If some bug had been discovered in some open source software and was corrected in 2 hours, the comments on the story would be a circlejerk praising the open source community.

Microsoft realizes there's a bug, corrects it within 2 hours, and it's anti-competetive. Sheesh. They did a good job with a quick fix, can't we just acknowledge success when it happens?

It's a joke, son! A joke, I say!

[killmenow]

The righteous indignation is strong with this one. The way I figure it, upon confronting humor, you have three options: (a) laughing because you think it's funny; (b) not laughing because it's not funny to you; and, (42) taking it seriously, getting offended, lecturing the jokester and proving yourself humorless.

I applaud your choice, good sir! 42 is always the right answer.

Re:

[poofmeisterp]

I applaud your choice, good sir! 42 is always the right answer.

Careful.... 62% of geeks cannot recognize or do not know what dry humor is. :>

No, it wasn't.

[artor3]

There is absolutely nothing in the OP to suggest any sort of humor. It received four insightful mods, and not a single funny mod, so it's pretty clear that most people who read it agree with me.

Trying to claim that you were "only joking!" after someone disagrees with you is one of the most tiresome debate tactics imaginable.

Re:

[poofmeisterp]

Okay was the comment above yours dry humor or dry ice humor?

Re:

[Nyder]

Right. If some bug had been discovered in some open source software and was corrected in 2 hours, the comments on the story would be a circlejerk praising the open source community.

Microsoft realizes there's a bug, corrects it within 2 hours, and it's anti-competetive. Sheesh. They did a good job with a quick fix, can't we just acknowledge success when it happens?

You must be new here.

Re:

[dimeglio]

Well knowing Google and Microsoft are fierce competitors, and flagging a legit application as a virus to be a very rare occurrence, I can see why people might think Microsoft was maybe less diligent with their Chrome testing. How long it took to fix it is irrelevant as Microsoft probably had the fix ready. They were just waiting for people/Google to complain about this problem.

Re:

[poofmeisterp]

"Oh, Woops! How did that happen?! So sorry about that Google. Totally a mistake. Totally. Our bad, really."

Meanwhile some clueless user just switched back to IE.

I'm sorry but I have to...

"In business news today, Google has filed a lawsuit asking for $150,000,000 in damages from Microsoft for taking one Google Chrome Internet browser user from them. This is related to the 'false positive' report by a Microsoft product that the Google browser was a virus or piece of 'malware'. Google is seeking damages for the one lost user, plus total long-term net loss based on loss of referrals and recommendations, combined with the establishment of case law to help businesses b

Re:

[poofmeisterp]

Now that's funny. And I know funny. I'm a clownfish.

I'll take that as a compliment. lol

Re:

[ackthpt]

"Oh, Woops! How did that happen?! So sorry about that Google. Totally a mistake. Totally. Our bad, really."

Meanwhile some clueless user just switched back to IE.

Ah, reminds me of the MSN - Opera debacle years ago. Bork Bork Bork.

Re:

[roc97007]

> Meanwhile some clueless user just switched back to IE.

If your browser stops working (for whatever reason) and you switch to a browser that *does* work, I wouldn't call that "clueless". I'd call that "getting your work done".

I might call it "lacking in administration skills" but (this is something admins really need to learn) users have their own work to do. It's not their job, nor should it be, to know the inner workings of the OS.

Pragmatically, if this was easy to do, most of us would be out of a jo

Re:

[egamma]

"Oh, Woops! How did that happen?! So sorry about that Google. Totally a mistake. Totally. Our bad, really." Meanwhile some clueless user just switched back to IE.

So a couple of years ago when they accidentally flagged IE as a virus, you think the user switched to Chrome? And that was Microsoft's plan too?

Re:

[AmberBlackCat]

"Oh, Woops! How did that happen?! So sorry about that Google. Totally a mistake. Totally. Our bad, really."

Isn't that about the same thing google said about collecting people's Wi-Fi passwords?

Re:

[DeadboltX]

"hey mom, why are you using internet explorer again?"

Re:

[DarwinSurvivor]

Only every parent, aunt, uncle, grand-parent and 2nd cousin of anyone that knows anything about security. How did you THINK firefox's and chrome's market share went up so fast? Sadly, those geeks weren't there to notice that Chrome just disappeared.

Re:

[GameboyRMH]

Noob. l33t users browse with wget and cat. Yes we take in the code as it flies past our eyeballs at high speed. In fact, we don't even see the code, just blonde, brunette, redhead...

Re:

[arth1]

Surely wget is for the plebs?

telnet slashdot.org 80 ...
GET / HTTP/1.1
Host: slashdot.org [2x return] ...

or, for secure sites:
openssl s_client -connect www.google.com:443 ...
GET / HTTP/1.1
Host: www.google.com [2x return] ...

Virus scanner flags something that is not a virus!

[nedlohs]

This has never happened in all of computing history.

Re:Virus scanner flags something that is not a vir

[roc97007]

Right. Let's face it, Microsoft would have done this on purpose if they had thought of it and thought they could get away with it, but chances are, this was an honest mistake. Test by: the regular (but hopefully infrequent) false positives you get from any antivirus product. Also test by: the speed at which M$ corrected it. Probably nothing to see here.

Re:

[DarwinSurvivor]

Microsoft puts most updates out once a week. Most users that actually update their software and run A/V tests do it at least once a week, so it only needs to be "wrong" for that one week.

Re:

[PCM2]

MSE updates itself automatically. You see MSE definition updates in Windows Update, but they're marked "Optional" and you don't actually have to download them... you'll get them anyway.

Re:

[roc97007]

> You think in 2011 microsoft can't possible have come up with a whitelist, or a way to remove a legitimately installed program other than uninstalling it, like deleting the executable (standard antivirus response)?

It's certainly technically possible, but why would Microsoft care about whitelisting Google apps? What does that buy them? Especially for an app Microsoft is giving away for free?

Moreover, even if they had not intended to bugger Chrome, it's not like Microsoft hasn't made phenomenally stupid

Re:

[poetmatt]

again, you are skipping the other part: why, ever, could be labeled an accident, that removing a particular malware = uninstalling a legitimate program? no malware in the world would ever follow proper windows uninstall processes.

Re:

[Joe Jay Bee]

What's a five-letter word that begins with an 'H' and ends with an 'R', has a 'U' in the middle, and relates to the use of satire or comical remarks to spark a laugh or amusement in others?

"HURRR", as in "HURRR DURRRRRRR"?

Re:

[arth1]

What's a five-letter word that begins with an 'H' and ends with an 'R', has a 'U' in the middle

egrep -i '^H.U.R$' /usr/share/dict/*
surnames:Hauer

What do I win?

Re:

[AngryDeuce]

As a Symantec employee, you're a liar!!!! Viruses are everywhere, block ALL the things!!!!!

Whoops!

[Anonymous Coward]

It looks like they responded within 2 hours - not bad!
Google support ticket with issue and resolution at the top: http://www.google.com/support/forum/p/Chrome/thread?tid=42d6ba02d7eed070&hl=en
I wonder what Chrome did that smelled like Win32/Zbot.

Re:

[Anonymous Coward]

Good point. Makes you wonder what Chrome might be doing or tracking behind the scenes. Something must have triggered the virus scanner and normal program behaviour just does not do that. Just sayin'.

Re:

[Anonymous Coward]

They've got V8 generating code at runtime, Nacl sandbox using segment registers, installer doing address relocation after decompressing (probably using custom x86-specific compression algo like Snappy), an always-running update checker, etc. It's no wonder they'd get randomly marked as a virus.

Re:Whoops!

[Mashiki]

Well Zbot has a lot of really broad things that you're looking for in terms of detection. So to have something legitimate being nailed wouldn't surprise me, it actually surprises me that other browsers haven't been nailed yet because they do the same things that, that includes IE, Opera and a variety of webkit based ones.

Re:

[AngryDeuce]

causing UAC prompts

I do not know one single person under the age of 40 that left that stupid bullshit turned on.

Re:

[vux984]

Running windows with UAC off is like running unix as root.

Only idiots do that.

Granted running windows with UAC on was a bit painful, especially when it was first launched because it was a tad overbearing, and we had a large ecosystem of applications that wrote to folders and registry areas they had no legitimate business in do to lazy or outright bad programming...

But between windows 7 improving the experience and more importantly the general effort of the software developer community to conform to the rule

Re:

[AngryDeuce]

No, only idiots run software that is questionable enough to require UAC in the first place.

Re:

[PCM2]

Uh, no. UAC is useless. It just asks you "proceed or don't?"

It doesn't tell you what's asking for your permission or what it's asking for permission to do.

So kind of like sudo, then. Or the "give me the admin password" dialog boxes on Ubuntu.

Re:

[vux984]

First off, with sudo, you're explicitly saying "give me super user privileges" - it's not the OS doing it for no defined reason.

Right, sudo is like selecting "run as administrator", which is for a defined reason.

Secondly, in Ubuntu, you only run across that dialog when updating or installing software,

Or altering certain settings.... or hardware related...

and it's always in response to explicitly clicking on a button

No its not. It can pop up resulting from a scheduled script, or triggered by other ev

Re:

[Riceballsan]

That actually is the inteligent way to run a program that is expected to be updated on a frequent basis. UAC is rendered Virtually useless due to the huge flaw of it being expected for everything. If you are warned before doing anything at all at any time for any reason, you stop listening to the warnings and just hitting OK. UAC's vista implimentation would be best analogied by a safety guard made for kids that warns them when they are about to do something dangerous "You are about to cross the street, are

Re:

[PCM2]

UAC's vista implimentation would be best analogied by ...

Which is why they changed how it was implemented in Windows 7. It's not "expected for everything" (and wasn't really in Vista, either). You literally almost never see a UAC dialog box except when you're installing software.

Re:Whoops!

[killmenow]

I wonder what Chrome did that smelled like Win32/Zbot.

Made IE look stupid and fat.

Re:

[robmv]

Installing in %APPDATA% by default is one of them

It is a virus

[Anonymous Coward]

Chrome is a virus. You see, it has caused the marketing people at Mozilla to go crazy with the numbering scheme of FF and as a result, borked up my once good to use user interface into a complete mess of new design, misplaced buttons, screwy single menus and a whole host of unusable extensions. Chrome is a virus... that has killed Firefox.

Re:

[CuriousGeorge113]

... and Firefox is a virus that killed IE.

... and IE is a virus that killed Netscape Navigator.

Why is this even posted?

[cornface]

Even if the problem wasn't so completely lacking in newsworthiness, it was already fixed before the article got posted, so why even bother posting it?

Re:

[Blakey Rat]

Hey, usually Slashdot is about 2-3 days behind the news curve, this is lightning speed for this site.

It also allows an opportunity for stupid people to bash Microsoft.

Re:

[cyber-vandal]

You mean people who have working memories.

Re:

[Jeng]

Why it is time for everyone's favorite reality show.

It's

Five Minutes of Hate!!

Where you can hurl hate for fun and prizes!

Remember, it's not just fun, it makes you a better citizen.

Re:

[cornface]

It has already been fixed. The time to warn all the IT guys would have been when it was first reported.

Although at least it was only posted a few hours late instead of days late like usual.

Re:

[robmv]

In that 2 hours before the fix, an entire company PCs could have updated their signatures by IT policies and resulting in Chrome removed, or do you think the fix reinstall it?

Re:

[cornface]

I would respond to that but you will surely just change your argument again.

Re:

[robmv]

do not know why you say again, I am not one of the parent ACs. Think you live outside your time zone. A company has a policy to use wake on lan and apply patches, on that country is night when that the bad update was live. IT expect to receive a lot of complaints the next morning, for them this is a warning before that happens. Why hide it?

Well, it includes a virus...

[gstrickler]

...known as Adobe Flash.

Shoe's on the other foot

[Cro Magnon]

After all the times AV products have flagged Windows system files!

Not really that bad.

[JustAnotherIdiot]

It's not as bad as McAfee's "Oh hey, that important system file, you're not using it right? *delete*"
One of my friends was at work for nearly 2 weeks straight after that fiasco.

Latest in anti-competitive practices by MS.

[idbeholda]

The real reason Microsoft is flagging Chrome as a virus. Since Chrome appears to be a legitimate threat to IE (unlike FF), if enough users believe that Chrome *IS* a virus, perhaps IE will reign undisputed King Of The Browsers.

Re:

[hedwards]

Or, Chrome often times gets on a user's system the way that malware does, via an opt out in some shady software. If Google doesn't want their products treated like malware, then they really need to stop with that kind of shady distribution tactic.

In this case it's almost certainly a mistake.

Not the first thing IE has done.

[Oswald McWeany]

Patches to IE9 break g-mail's formatting.

Makes me really glad...

[Just Brew It!]

...that my primary OS at home and work is Linux. I guess I'd better check when I go into the office on Monday whether Chrome has been removed from my Windows VM; but given that the Windows VM is primarily used to access the corporate Intranet (most of which absolutely requires IE anyhow, don't get me started...), losing Chrome from there isn't the end of the world. I do 99% of my web access from the Linux host system!

Re:

[jank1887]

crap. if it delete's my saved Angry Birds chrome app levels, I'm gonna be pissed.

Google's fix

[countertrolling]

Disguise it as an FBI key logger [slashdot.org]

Well, that's one way..

[TrueSpeed]

to eliminate competition in the browser space.

Re:Holy crap!

[bloodhawk]

It is as good as most of the competitors products, plus its free and doesn't bog down the system or constantly nag you with useless information.

Re:

[alphatel]

Sadly, there's nothing better than MSSE + a good AV/AS firewall.

Re:Holy crap!

[grimmjeeper]

I'm betting you meant to suggest that the state of security software is pretty wretched these days rather than heap praise on MSSE. Am I right?

Re:

[snowraver1]

I think he's referring to the fact the the "best" antivirus solution isn't really the best at catching viruses. It just happens to be the best at not making your computer run like crap.

Re:

[PCM2]

I'd just like to interject here that I run a Windows computer practically full time. It's connected to the Internet (via NAT). I don't have any special firewall software installed except for the Microsoft default one. I do run Microsoft Security Essentials. But the only time I've received a warning from MSE is when I've downloaded something that I'm almost certain was bound to be a Trojan in the first place (serial number generator). Otherwise, in all the years I've been running Windows I've been virus and

Re:

[maxume]

It is probably the best free antivirus.

Re:

[treeves]

I'm using it right now!

Re:

[Jeng]

I install it on peoples computers who are incapable of re-registering Avast.

Not the best solution, but it doesn't require user intervention unless something really goes wrong. Good for people who have no fucking clue what they are doing.

Re:

[GameboyRMH]

You should try it, it's actually pretty good.

Re:

[AngryDeuce]

Why not? Common Sense 2.0 covers the big things, MSE is just an insurance policy...

Re:

[roc97007]

...but does it work just as well as the free competitors?

Re:Holy crap!

[spiffmastercow]

Actually, it works quite a bit better. And since it isn't an income source, it doesn't nag you constantly.

Re:

[spiffmastercow]

Actually, it works quite a bit better. And since it isn't an income source, it doesn't nag you constantly.

See that's what I love about Linux. I never see a nag screen. I also have a real package manager too, so I don't have an icon tray full of little annoying pop-ups telling me that such-and-such has an update and that i really need to separately update each individual program one at a time... If you like putting up with that go ahead. I prefer knowing I can i.e. edit a document without being distracted, advertised to, nagged, reminded of things that should be automated, etc.

Looks like we're under a smug alert.. I always find it interesting when Linux fanboys assume that because someone uses Windows, it means they only use Windows.

Re:

[spiffmastercow]

Actually, it works quite a bit better. And since it isn't an income source, it doesn't nag you constantly.

See that's what I love about Linux. I never see a nag screen. I also have a real package manager too, so I don't have an icon tray full of little annoying pop-ups telling me that such-and-such has an update and that i really need to separately update each individual program one at a time... If you like putting up with that go ahead. I prefer knowing I can i.e. edit a document without being distracted, advertised to, nagged, reminded of things that should be automated, etc.

Looks like we're under a smug alert.. I always find it interesting when Linux fanboys assume that because someone uses Windows, it means they only use Windows.

Looks like we're under a defensive dumbass alert... I always find it interesting when thoughtless persons assume that because someone uses multiple operating systems, it makes your comments about a particular one of those operating systems somehow less true. What I said about Windows applies to you when you are using Windows. This doesn't change just because you aren't always using Windows. Logic fail. You might as well say that because swans are birds, therefore all birds must be swans. But please keep accusing me of smugness because I don't like Windows, you seem so competent to assess this.

Looks like we're under a myopic moron alert. I always find it interesting when someone can't see any circumstance where someone would use a piece of software other than his preferred piece of software. What I said about the Security Essentials is true when I'm using Windows. What's also true when I'm using windows is that I'm a.) able to play games without spending 2 days looking for workarounds to get the game to run 5 minutes in Wine before it crashes, and b.) able to make money writing windows apps.

Re:

[spiffmastercow]

Protip: if you are angry and start responding to things the other guy never said, you're going to look and feel like an idiot.

Okay, let's look back at what was said:

If you like putting up with that go ahead. I prefer knowing I can i.e. edit a document without being distracted, advertised to, nagged, reminded of things that should be automated, etc.

That's a pretty strong implication that you (or whichever AC originally posted) does not "put up" with Windows, as well as a veiled insult towards those who do. I merely pointed out that there are legitimate reasons for using Windows, and that the product in TFA improves on the experience of using said OS.

Re:

[Riceballsan]

In my experience for typical users it works better, lately checking AV comparitives, MSE is falling lower and lower on the list of effective catches. MSE's greatest stregnth however, is it's ability to work silently, with a small footprint. When working as a PC tech, my greatest nusance was when after removing a virus, I would load up a PC with avira, run them on firefox, install ad-block. Take 30 minutes teaching them about everything, then I would get a call back 2 weeks later and discover, they disabled

Re:

[TheRealGrogan]

Avira has the better detections, but yes... when I come back several months later and find it in a dysfunctional state because the user didn't upgrade the program, or didn't notice that the umbrella wasn't opening anymore, or didn't notice that it's not even loading I have to switch them to something else.

Re:

[grimmjeeper]

Except for the fact that every security product has a plethora of false positives, I might believe your theory

This kind of error is far too obvious to be deliberate. When Microsoft wants to undermine a competitor, they're far more subtle about it.

Re:

[ColdWetDog]

When Microsoft wants to undermine a competitor, they're far more subtle about it.

Yes, they sue them.

Re:

[perlchild]

The biggest problems with false positives in most antiviruses isn't the false positives, it's that you can't do anything about them until they issue a fix. If you could just tell them "I know what I'm doing, this particular file is ok"without "disable yourself, you're fucked and need a doctor" it would be a lot more tolerable. It would also make accusations of "you're doing this to make people switch" a lot less believable.

Re:

[robmv]

Some have a setting to tell the AV to ignore some directories. I used it when AVG flagged one of our DLLs (resource DLL, only icons, no code) as a virus, they did not respond to our request to check their signatures. So We recommended that setting to our customers or change antivirus

Re:

[hedwards]

I tend to get annoyed by software that only allows you to set exceptions by path and name, without any provision for identical files in multiple places.

Re:

[Anonymous Coward]

Find me a virus scanner that has not once ever come up with a false positive. I bet you can't do it. Please think before jumping to dumb tin foil hattery.

Re:

[Anonymous Coward]

The difference is: Microsoft has a reputation as a strongly anti-competitive company.

Re:MSE

[Dunega]

Never had a single false positive with it. Odds are your's aren't. Beat it trollboy.

Re:

[poofmeisterp]

I've found MSE to be terrible at false positives, flagging more than one perfectly valid file on my computer as some sort of malware.

Worse is that if I tell MSE to let me decide what to do with it, then go look up whether someone else had this problem and/or research the virus or whatever, MSE will *automatically* decide after a short time that it needs to delete it and will do so.

It was at this point when I removed MSE in disgust and promised never to touch that filth ever again.

It's a hush-hush move on MS' part to encourage the individual to research on their own before acting. :)

HUMOR, HUMOR.

Re:

[AngryDeuce]

I'd bet almost anything this guy has Limewire installed on his computer. "False Positives", indeed....

Re:

[PCM2]

I never thought of renaming the keygens. MSE has told me on several occasions that keygens are very specific, very likely-sounding Trojans. I kinda believe it. But I'll try renaming one next time.

Re:

[ColdWetDog]

Wasted a good portion of the morning hunting down a non-existent threat.

Instead of hanging out at Slashdot? Shame on you.