Saturday, October 01, 2011

Asshat Quote of the Day

Information about incorrect detection of Google Chrome as PWS:Win32Zbot

On September 30th, 2011, an incorrect detection for PWS:Win32/Zbot was identified and as a result, Google Chrome was inadvertently blocked and in some cases removed. Within a few hours, Microsoft released an update that addresses the issue. Signature versions 1.113.672.0 and higher include this update. Affected customers should manually update Microsoft Security Essentials with the latest signatures. After updating the definitions, reinstall Google Chrome. We apologize for the inconvenience this may have caused our customers. - Bill "sorry, my bad" Gates

So ya.. I fire up my computer today, click on Google Chrome, and Microsoft Security Essentials "accidentally" tells me that I have this "holy fuck we're all going to die" virus on my computer, and asks me "do you want to have all your passwords stolen so that hackers can empty your bank account, or should Security Essentials remove the threat?"

Chrome was fingered as Zbot, better known as Zeus, a widespread botnet Trojan that focuses on stealing online banking credentials, which criminals then use to vacuum money from accounts.

I nearly clicked "No, I do not want to die to this virus. Delete my computer please". Instead, I clicked on the "learn more" buttons a few times until I find out it was claiming Chrome was a virus. Fortunately I do this enough times until I see the explanation from Microsoft that it was a false positive.. but hey.. they fixed it in a "few hours"!!

Ya.. right. I wonder how many people nuked their Chrome installs because they didn't check out the positive identification? Did this make the news?

How funny is that? Microsoft just got millions of people to uninstall Google Chrome.


I mostly like Security Essentials. I like Windows 7 x64 a lot. I like that the anti-virus is "free", and it's seemlessly integrated into Windows. I don't, however, buy that the false positive was an accident. This must be tremendously embaressing to Microsoft.

If I were Google, I'd put something up on the Google search page with a warning about the false positive.. or maybe a message saying "Google has detected that your Windows operating system is a product of Satan and will be uninstalled. Please install Google Chrome OS."


Turns out Google did put the warning on a banner of their search page.


Microsoft said in a statement posted to the Facebook page of its malware research center. "We have already fixed the issue..., but approximately 3,000 customers were impacted."

And they know that, how? This happened yesterday, but I didn't have the false positive until today when I started my computer and then started Chrome. The AV on my machine was still on yesterday's definitions, and thus the false positive. How can Microsoft say yesterday that 3,000 people were affected when untold numbers are getting the same exact false positive when they turn their machines on with yesterday's definition installed?

The way Security Essentials works is that it just tells you that there is a virus, and you should "remove" it. I'm sure that 90% of users do just that and very few actually check to see what the virus is.

I think the number of people that had Security Essentials uninstall Chrome is probably more like 300,000. But really.. how the fuck could Microsoft know how many people did that unless they keep track of each user's deletion of virii?


Oh shit.. I just noticed that there is a setting for "Microsoft SpyNet", where it automatically opts you in to sending MS shit that happens with Security Essentials. I didn't know that. I'm opting out now.

Still.. even if they collect that data as a default for Security Essentials users, I can't imagine how the number affected is only 3000.

For fuck's sake.. the setting for "I do not want to join SpyNet" reads;

"No information will be sent to Microsoft. You won't be alerted if unclassified software is detected running on your computer".

What the fuck is "unclassified software"? If I click "don't send shit to MS", does that mean I leave my computer more vulnerable to a virus? Am I forced to send info to MS if I want to keep my machine protected?

Sometimes Microsoft can just go die in a fire as far as I'm concerned.

/update 2

A separate Chrome user said in this support forum that “Chrome users that do not send usage statistics to Google are unaffected.”

For fucks sake! I must be sending "usage statistics" to Google.. GORAK FUCKING DAMN THESE FUCKERS AND NUKE THEM INTO TINY PIECES.

/update 3

I found the "usage statistics" option and it was already off.. so that "Chrome user" must be full of shit.


Kor said...

It's no real secret that the majority of software vendors have been tracking customer habits for years. Even game publishers collect data about the product usage to allow for more effective marketing and figure out which features to spend less time working on due to lower usage. Why do you think EA make you create an online account for their own games separate from Steam/XBL/PSN?

Tom said...

Ya, I know that. I was amused when On-Star tried to sneak a change in their TOS that would allow them to sell info about where you travel in your car to 3rd parties.

I'm able to keep myself relatively unplugged and unsearchable on the net. It does bug me that you have to use your real name with game companies and they collect data.

It won't likely make any difference in the long term for me, but I can see where it could affect other people. Besides.. it's the principle of the deal. You can't opt out.