Wasn’t us. T’was the fancy machine what with the blinking lights. Dern thang.
According to corporate spokeswoman Linda Smith Munyan, Symantec’s security team fingered an automated process for the damage done. “Symantec uses a variety of automated systems to complement manual analysis in order to provide rapid response times to new threats,” said Smith Munyan in an e-mail. “The automated processes have run successfully for several years and have allowed Symantec to dramatically increase the number of high quality malware detections it’s able to provide.”
Something went wrong, though.
“In response to the increased use of encryption in malware, a change was made to the automation recently to deal with these malware more effectively,” she said. “This inadvertently resulted in a change to a single definition used by the automated system and subsequently led to 2 files being falsely detected as malware.”
I have had external penetration testers attempt to hand me reports that were from an automated tool before. I had a wee chat with them as I explained that I had expected better from an outfit such as theirs. I would hope that a some point a human might be checking things like this at Symantec. So, what they’re saying is that the automated processes were not validated?
“Inadvertently”? There is a scary word to be using. Damn you HAL!
Then again, this could have been a brazen attempt to weed out pirates.
[tags]Symantec, Malware, False Positives, Virus[/tags]
while it’s all well and good to say that humans should validate the outputs from automated processes, considering the particulars of this instance (the complexity, the time requirements, the throughput, etc) would you care to guess at how that would work in practice?
I’ll take monumental tasks for $200 Alex.
Yes, I can well imagine the enormity of the task that AV vendors have before them. A rather unenviable position to be in to say the least. Then again I would doubt that the affected users in China would have much in the way of sympathy. I believe the age old adage, shit happens, would be best placed in the conversation at this point, no?
Thanks for the comment Kurt. I appreciate it when people take the time to comment. All of the lurkers might want to weigh in at some point…
i’ve been thinking about this subject a bit and it’s reminded me of how quality control often works in manufacturing… there too one often deals with largely automated systems and manual inspection of each and every widget is often not feasible so instead they sample a percentage of the output at regular intervals…
i have no idea if anti-virus companies in general or symantec in particular do anything similar (or even if it’s cost effective for them to do so, it really depends on how frequently errors occur) but i think this approach is the only reasonable approach they could take to quality control on the output of their automated analysis/signature generation technology, and it wouldn’t have necessarily prevented what has occurred… so yeah, shit happens is pretty much what i think this boils down to…