Wasn’t us. T’was the fancy machine what with the blinking lights. Dern thang.
According to corporate spokeswoman Linda Smith Munyan, Symantec’s security team fingered an automated process for the damage done. “Symantec uses a variety of automated systems to complement manual analysis in order to provide rapid response times to new threats,” said Smith Munyan in an e-mail. “The automated processes have run successfully for several years and have allowed Symantec to dramatically increase the number of high quality malware detections it’s able to provide.”
Something went wrong, though.
“In response to the increased use of encryption in malware, a change was made to the automation recently to deal with these malware more effectively,” she said. “This inadvertently resulted in a change to a single definition used by the automated system and subsequently led to 2 files being falsely detected as malware.”
I have had external penetration testers attempt to hand me reports that were from an automated tool before. I had a wee chat with them as I explained that I had expected better from an outfit such as theirs. I would hope that a some point a human might be checking things like this at Symantec. So, what they’re saying is that the automated processes were not validated?
“Inadvertently”? There is a scary word to be using. Damn you HAL!
Then again, this could have been a brazen attempt to weed out pirates.
[tags]Symantec, Malware, False Positives, Virus[/tags]