Sophos anti-virus software mistakes real files for pests, breaks Mac OS X systems

“Anti-virus vendor Sophos has released an update of the Inqtana-B virus identity file for it Sophos Anti-Virus for OS X software due to false positives,” Tom Sanders reports for vnunet.com. “The company initially released an antidote that incorrectly flagged various files in Microsoft Office 2004 and in Adobe Acrobat Reader as being infected with the OS X worm. Users in some cases reported that the anti-virus software claimed over 1,000 infections… the anti-virus program will block access or delete all ‘infected’ files, depending on the software’s configurations. This effectively renders the systems useless.”

Sanders reports, “The Sophos incident has given fuel to critics who all along have claimed that the noise around the detection of the first Mac OS X viruses last week was orchestrated by security vendors who are seeking to grow their revenues. ‘First they ‘find’ a virus, then they start a FUD[fear, uncertainty and doubt] factory of misinformation, and finally they turn loose the REAL virus (called their anti-virus software) on the newly paranoid Mac users they stirred up,’ a user wrote on the Macfixit Apple enthusiasts’ website.”

Full article here.

Advertisements:
MacBook Pro. The first Mac notebook built upon Intel Core Duo with iLife ’06, Front Row and built-in iSight. Starting at $1999. Free shipping.
iMac. Twice as amazing — Intel Core Duo, iLife ’06, Front Row media experience, Apple Remote, built-in iSight. Starting at $1299. Free shipping.
iMac and MacBook Pro owners: Apple USB Modem. Easily connect to the Internet using dial-up service. Only $49.
iPod Radio Remote. Listen to FM radio on your iPod and control everything with a convenient wired remote. Just $49.
iPod. 15,000 songs. 25,000 photos. 150 hours of video. The new iPod. 30GB and 60GB models start at just $299. Free shipping.
Connect iPod to your television set with the iPod AV Cable. Just $19.

Related MacDailyNews article:
Wired News: ‘Mac attack a load of crap’ – February 22, 2006
Patched in mid-2005 by Apple, Symantec warns ‘Inqtana-A’ worm could be ‘beginning of a trend’ – February 20, 2006

35 Comments

  1. These AV companies are definitely trying to take advantage of the newly switched by “scaring” them into believing OS X is as porous and vunerable as Win XP. We just have to continue to educate the new users to the facts versus the hyperbole of press releases from these so called anti-virus companies.

  2. You receive an email requesting you open a particular file, when in fact opening the file harms your computer. What I have just described is

    A) A “socially engineered” worm?
    B) Antivirus software.

    You are correct.

  3. This sophos seems to be up to no good.
    Somebody comes up wit the concept of a virus 8 months a go and this is then addressed by apple. So basically they are complaining about a virus that doesn´t actually exist and if it did wouldn´t work WTF!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

  4. Not to mention that the other Trogen threat (yes it was a trogen) couldnt actually damage any files or replicate itself because this part of the program was actually incorrectly coded. In addition even if it had worked this effect would only have worked over a local network and then only using 10.4.

    CHEESEY PEASSY FOR JESUS !!!!!!!!!!!!!!!

  5. I warned you all, don’t run anti-virus software as root, in fact don’t install anything as root

    First it was McFee and Virex

    Then it was Norton AV

    now it’s Sophos AV

    all these companies have caused more problems for Mac users than the tiny bit of malware they are supposed to protect against.

    Still no virus for Mac users, Apple patches stuff faster than a virus can gain significant momentum to spread.

    http://www.macfixitforums.com/php/showflat.php?Cat=&Board=Forum8&Number=713778

  6. Sanders reports, “The Sophos incident has given fuel to critics who all along have claimed that the noise around the detection of the first Mac OS X viruses last week was orchestrated by security vendors who are seeking to grow their revenues. ‘First they ‘find’ a virus, then they start a FUD[fear, uncertainty and doubt] factory of misinformation, and finally they turn loose the REAL virus (called their anti-virus software) on the newly paranoid Mac users they stirred up,’ a user wrote on the Macfixit Apple enthusiasts’ website.”

    I would believe the above to be true, before I would believe that there are malicious MacOSX virii in the wild. That’s why I posted that the first reported “virus” was too sophisticated (limited ability to propogate and did no harm), and was probably written by an anti-virus vendor..

    I don’t own, or use, anti-virus softwares. It’s money down the drain.

  7. That’s precisely why I don’t use anti-virus software that is (to this point) totally unnecessary to protect a Mac OS X computer. It does nothing but harm.

    By the way, Symantec’s Anti-Virus is spitting out the same false positives and is trashing good files too.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.