Users of Google’s Chrome browser face a inconvenient road back to a working program after Microsoft’s Security Essentials (MSE) started flagging the software as malware on Friday.
In advance of an update, Google’s advice to users is to first update Security Essentials, ensuring that it is running virus signature version 1.113.672.0 or higher. Chrome itself then has to be completely de-installed and re-installed from scratch.
Judging from messages on Chrome’s support forum, a significant number of users appear to have been affected by a false positive that claimed that Chrome.exe was an instance of the Zbot banking Trojan, PWS:Win32/Zbot (Microsoft’s name). Once detected as such, users reported that elements of the program had been quarantined or removed from their system and Chrome could not be run.
“If Chrome is working correctly for you, then there’s no need to take any action,” read Google’s advice for everyone else.
Exactly why some users appear to have been affected while many others were left unaffected – Techworld was unable to promote the anti-Chrome reaction from MSE despite using it while the antivirus software was running earlier malware database versions – remains a mystery.
It could be that the trigger was the timeframe in which the browser was used – Microsoft appeared to jump on the false positive with an update very quickly which will have limited the issue. Alternatively, the checksum on a particular element of the Chrome program present on only some machines caused the issue, hence Google’s need to update the software.
Undoubtedly, the fault lies with Microsoft hence the company’s decision to apologise for it on its website.
Microsoft is not the first company to suffer an embarrassing false positive. In April 2010, McAfee’s antivirus software attracted ire for falsely claiming that Microsoft’s ‘svchost.exe’ was malware, causing endless reboots for affected systems. In 2008, AVG’s security suite took against Microsoft’s XP OS ‘user32.dll’.
As in the current issue, Microsoft has also been the perpetrator rather than the victim, branding Skype’s executable as the nuisanceware ‘Vundo’ earlier the same year.