If you think of a virus as being something that replicates itself, spreading from computer to computer, until seemingly everyone has it installed, then maybe you could classify Google’s Gmail service as being one.
If you happened to be using Microsoft Windows Live OneCare security over the weekend then it would have done the classification for you. Yep, OneCare users who visited their Gmail account were being warned that their computers had been infected with the BAT/BWG.A virus. How do I know this? Well although as a UK based user I should not be able to install OneCare courtesy of some strange tribal culture thing going on at Microsoft US, by changing the language defaults on one machine I was able to fool the installer into thinking I was an American citizen and therefore trustworthy enough to be blessed with the security system. I have also been a fan of Gmail ever since the very first stages of the Beta, and have numerous Gmail accounts as a result. Note, I said Gmail because these accounts were established before the lawsuit that resulted in Google being unable to use that name in the UK and so switching to Googlemail instead.
Anyway, the point is that I have seen the false positives, for that is what they were. Indeed, it appears that the Gmail system upgrades were possibly the trigger here, because on the test machine I let OneCare do its stuff and clean the infection, after which the new options disappeared along with the ability to reply and forward messages. I was also treated to a rather unfriendly JavaScript error as a bonus.
All of which highlights the very real dangers of false positives, and why getting it right has to be paramount for any vendor involved in the security business. Now I am could shoot the easy target here by mentioning how Microsoft has never quite got it right in the past with either OS or web browser. Oops, looks like I just hit the sweet spot without trying, while Microsoft has hit the stink bucket big-time here. At the same time arch-rivals in the security market, Symantec, are launching a new ‘silent security’ concept where the user is not bothered by constant dialog boxes, click yes/no questioning and bombarded with information they do not understand and so which undermines the security of their systems. In my testing here for PC Pro magazine Symantec appear to have got this right as well.
I was at the Symantec Dublin research facility and spoke to the firewall architect about this very issue recently, and a lot of effort has gone into developing the trust factor. Making sure that the product knows if a process or application is safe before allowing it, reducing the likelihood of false positives to the absolute minimum. Symantec knows only too well the damage that false positives can do to brand value, as is has been there, done that and worn the t-shirt. Microsoft, it would seem, is about to learn the same lesson.
While it is all very well for Ziv Mador, the Microsoft Anti-malware Team response coordinator to confirm that the Gmail scare was a false positive and that a fixed signature has been pushed out to all users. While it is all very well for Microsoft to comfort the press with assurances that it will investigate how it happened and take steps to minimize the risk of it happening again. It is not very well for Microsoft to attempt to shift the blame onto changes made by Google to the Gmail website. It is not very well for Microsoft to leave OneCare users in the dark over the weekend, worried that their systems were infected, performing clean up operations that prevented Gmail from functioning properly. It is not very well for the OneCare support forums to be full of stories of folk who spent hours on live chat with tech support who had no idea what was happening or how to resolve it.
It certainly is not very well when you have one chap reporting how he was told to delete everything in his Gmail account, all his trash, sent items, inbox mail, all two years worth deleted and gone on the bad advice of Microsoft in an attempt to cure a problem that didn’t exist.
In the security business trust is everything. Right now, when it comes to OneCare at least, Microsoft has a trust rating of zero here...
