dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
5447
CTMustang
Premium Member
join:2007-09-10
New Canaan, CT

CTMustang

Premium Member

MSsecurity just uninstalled chrome.exe on TONS of computers.

World wide!!

I'm browsing around at 10am a box pops up asking to restart windows because MSSE needs to finish cleaning. I check out what file it was. Chrome.exe had been removed and is now unable to be added back!

Check the forums, it's all over the place!
CTMustang

CTMustang

Premium Member

»www.google.com/support/f ··· d7eed070

see for more info.

coldmoon
Premium Member
join:2002-02-04
Fulton, NY

coldmoon to CTMustang

Premium Member

to CTMustang
Glad I haven't updated yet as that is scheduled for tonight on some test systems here. If you are effected, try restoring to the previous day and then hold off on an update until MS clears this up...
CTMustang
Premium Member
join:2007-09-10
New Canaan, CT

CTMustang

Premium Member

said by coldmoon:

Glad I haven't updated yet as that is scheduled for tonight on some test systems here. If you are effected, try restoring to the previous day and then hold off on an update until MS clears this up...

I just allowed zbot for now and will unallow it when it's fixed.

HOWEVER, this is going to be a major PITA for a lot of users.

Right now Im sure at least 50% of my employees at work are flipping out because they all use chrome and have extentions, bookmarks and all that installed......furthermore they don't have the permissions to reinstall stuff.....so this is quite a bit deal!!

gugarci
Premium Member
join:2004-02-25
Lyndhurst, NJ

gugarci to CTMustang

Premium Member

to CTMustang
That stinks. Glad I removed MSE on the rest of my PC's. Only PC that still has MSE does not have Chrome installed. But if it did I would be be majorly pissed off.

coldmoon
Premium Member
join:2002-02-04
Fulton, NY

coldmoon to CTMustang

Premium Member

to CTMustang
said by CTMustang:

said by coldmoon:

Glad I haven't updated yet as that is scheduled for tonight on some test systems here. If you are effected, try restoring to the previous day and then hold off on an update until MS clears this up...

I just allowed zbot for now and will unallow it when it's fixed.

HOWEVER, this is going to be a major PITA for a lot of users.

Right now Im sure at least 50% of my employees at work are flipping out because they all use chrome and have extentions, bookmarks and all that installed......furthermore they don't have the permissions to reinstall stuff.....so this is quite a bit deal!!

Though it is more likely than not that this is a false positive detection, I would caution about allowing Zbot in any form for any time. It is a dangerous piece of work and might leave you open for a real infection in the interim...

YMMV

Smokey Bear
veritas odium parit
Premium Member
join:2008-03-15
Annie's Pub

Smokey Bear to CTMustang

Premium Member

to CTMustang
It seems that Chrome Beta isn't affected by the FP, you can download the Beta here: »www.google.com/landing/c ··· me/beta/
CTMustang
Premium Member
join:2007-09-10
New Canaan, CT

1 recommendation

CTMustang

Premium Member

said by Smokey Bear:

It seems that Chrome Beta isn't affected by the FP, you can download the Beta here: »www.google.com/landing/c ··· me/beta/

My solution was to get rid of MSSE

Link Logger
MVM
join:2001-03-29
Calgary, AB

2 recommendations

Link Logger to CTMustang

MVM

to CTMustang
What might be a good question is why would Chrome have this code signature?

Blake

AVD
Respice, Adspice, Prospice
Premium Member
join:2003-02-06
Onion, NJ

2 recommendations

AVD

Premium Member

probably something innocuous, like a printer routine. Are you really trying to pin a false positive on the software vendor? Its like blaming a woman for rape

Smokey Bear
veritas odium parit
Premium Member
join:2008-03-15
Annie's Pub

1 recommendation

Smokey Bear to CTMustang

Premium Member

to CTMustang
It's very simple: all antivirus vendors suffer from FP's, freebies and payware as well. So what's the big deal that this time it concerns MSE and Forefront?

EGeezer
Premium Member
join:2002-08-04
Midwest

EGeezer to Link Logger

Premium Member

to Link Logger
said by Link Logger:

What might be a good question is why would Chrome have this code signature?

Blake

That's a reasonable question. I hope neither vendor tries to sweep anything under the rug or point fingers at the other.

Link Logger
MVM
join:2001-03-29
Calgary, AB

Link Logger to AVD

MVM

to AVD
said by AVD:

probably something innocuous, like a printer routine. Are you really trying to pin a false positive on the software vendor? Its like blaming a woman for rape

Virus signatures aren't just some randomly picked thing as you try to base the signature on the actual malicious code sequence within the virus in order to prevent future false positives.

This isn't the first time Chrome has been a false positive by various AV vendors (AVG for example in December last year).

Blake

AVD
Respice, Adspice, Prospice
Premium Member
join:2003-02-06
Onion, NJ

AVD

Premium Member

said by Link Logger:

said by AVD:

probably something innocuous, like a printer routine. Are you really trying to pin a false positive on the software vendor? Its like blaming a woman for rape

Virus signatures aren't just some randomly picked thing as you try to base the signature on the actual malicious code sequence within the virus in order to prevent future false positives.

This isn't the first time Chrome has been a false positive by various AV vendors (AVG for example in December last year).

Blake

sorry, not buying it.
AVD

AVD to Smokey Bear

Premium Member

to Smokey Bear
said by Smokey Bear:

It's very simple: all antivirus vendors suffer from FP's, freebies and payware as well. So what's the big deal that this time it concerns MSE and Forefront?

when a publisher of a software product wipes out a competitor's installation it is a BIG DEAL. While I'm not suggesting that this is the case here, if my memory serves correct, MS has been accused of this before (windows upgrades breaking
Lotus1-2-3 or something like that. )

Link Logger
MVM
join:2001-03-29
Calgary, AB

Link Logger

MVM

said by AVD:

said by Smokey Bear:

It's very simple: all antivirus vendors suffer from FP's, freebies and payware as well. So what's the big deal that this time it concerns MSE and Forefront?

when a publisher of a software product wipes out a competitor's installation it is a BIG DEAL. While I'm not suggesting that this is the case here, if my memory serves correct, MS has been accused of this before (windows upgrades breaking
Lotus1-2-3 or something like that. )

I have apps that I wrote 20 years ago for Windows 3.0 that still run on Windows 7 (eg »www.zingpow.ca/blog/post ··· ity.aspx), no OS vendor anywhere has been a slave to backwards compatibility like MS. If you used undocumented API's etc then you deserved to be broken on any OS when updated.

I wonder if any of our AV employees on this forum will comment on this, but I doubt this is the conspiracy you think it is. Maybe it will prompt Google to make their own AV, as they could certainly use one for Android.

Blake

Proginoskes
Space
Premium Member
join:2001-08-11
Asbury Park, NJ

Proginoskes to CTMustang

Premium Member

to CTMustang
New MSE virus definition update (1.113.672.0) now fixes chrome false-positive issue.


FFH5
Premium Member
join:2002-03-03
Tavistock NJ

4 edits

FFH5

Premium Member

said by Proginoskes:

New MSE virus definition update (1.113.672.0) now fixes chrome false-positive issue.


The older version of MSE did target my old_chrome.exe and left chrome.exe alone. The newer 1.113.672.0 of MSE left both versions of Chrome alone.

old_chrome.exe - 14.0.835.186 9/19/2011 was flagged by old MSE
Chrome.exe - 15.0.874.54 9/29/2011 was left alone by old MSE

It looks like the old MSE only targeted a certain version of chrome.

jester121
Premium Member
join:2003-08-09
Lake Zurich, IL

jester121 to CTMustang

Premium Member

to CTMustang
said by CTMustang:

Right now Im sure at least 50% of my employees at work are flipping out because they all use chrome and have extentions, bookmarks and all that installed......furthermore they don't have the permissions to reinstall stuff.....so this is quite a bit deal!!

That shouldn't be too bad, MSE is limited to small businesses with up to 10 PCs, right?

AVD
Respice, Adspice, Prospice
Premium Member
join:2003-02-06
Onion, NJ

AVD to Link Logger

Premium Member

to Link Logger
said by Link Logger:

said by AVD:

said by Smokey Bear:

It's very simple: all antivirus vendors suffer from FP's, freebies and payware as well. So what's the big deal that this time it concerns MSE and Forefront?

when a publisher of a software product wipes out a competitor's installation it is a BIG DEAL. While I'm not suggesting that this is the case here, if my memory serves correct, MS has been accused of this before (windows upgrades breaking
Lotus1-2-3 or something like that. )

I have apps that I wrote 20 years ago for Windows 3.0 that still run on Windows 7 (eg »www.zingpow.ca/blog/post ··· ity.aspx), no OS vendor anywhere has been a slave to backwards compatibility like MS. If you used undocumented API's etc then you deserved to be broken on any OS when updated.

I wonder if any of our AV employees on this forum will comment on this, but I doubt this is the conspiracy you think it is. Maybe it will prompt Google to make their own AV, as they could certainly use one for Android.

Blake

way to change the subject!!!

FFH5
Premium Member
join:2002-03-03
Tavistock NJ

FFH5 to CTMustang

Premium Member

to CTMustang
Microsoft owns up to problem:
»www.geekwire.com/2011/mi ··· -malware

Microsoft this morning scrambled to release a fix after reports surfaced that its Security Essentials software was mistakenly identifying the Google Chrome browser as password-stealing malware — and removing the competing web browser from Windows machines.

Here’s Microsoft’s statement …

On September 30th, 2011, an incorrect detection for PWS:Win32/Zbot was identified and as a result, Google Chrome was inadvertently blocked and in some cases removed from customers PCs. We have already fixed the issue — we released an updated signature (1.113.672.0) at 9:57 am PDT — but approximately 3,000 customers were impacted. Affected customers should manually update Microsoft Security Essentials (MSE) with the latest signatures. To do this, simply launch MSE, go to the update tab and click the Update button, and then reinstall Google Chrome. We apologize for the inconvenience this may have caused our customers.


Thaler
Premium Member
join:2004-02-02
Los Angeles, CA

Thaler to AVD

Premium Member

to AVD
said by AVD:

said by Link Logger:

said by AVD:

probably something innocuous, like a printer routine. Are you really trying to pin a false positive on the software vendor? Its like blaming a woman for rape

Virus signatures aren't just some randomly picked thing as you try to base the signature on the actual malicious code sequence within the virus in order to prevent future false positives.

This isn't the first time Chrome has been a false positive by various AV vendors (AVG for example in December last year).

Blake

sorry, not buying it.

So when it happens to others, it's coincidence. When it happens to Microsoft, it's a conspiracy?
scross
join:2002-09-13
USA

scross to Link Logger

Member

to Link Logger
Get off your high horse. Microsoft itself used (and no doubt still uses) undocumented APIs out the yin-yang - as such was a major part of their "competitive and innovative" development culture from day one. This was one of the major tricks they used to help crush Lotus 1-2-3 in favor of Excel (memory management), and drive Word over Wordperfect (printer drivers), and so on. It took freakin' court orders and years of legal wrangling to get them to tone this down.
Bill or Will
Bill or Will Willy J to you LOL
Premium Member
join:2002-05-26
Lumberton, TX

1 recommendation

Bill or Will to CTMustang

Premium Member

to CTMustang
Anything Google has ever put out takes your data and makes it there's

Link Logger
MVM
join:2001-03-29
Calgary, AB

Link Logger to scross

MVM

to scross
said by scross:

Get off your high horse. Microsoft itself used (and no doubt still uses) undocumented APIs out the yin-yang - as such was a major part of their "competitive and innovative" development culture from day one. This was one of the major tricks they used to help crush Lotus 1-2-3 in favor of Excel (memory management), and drive Word over Wordperfect (printer drivers), and so on. It took freakin' court orders and years of legal wrangling to get them to tone this down.

Does that mean that Apple is going to get a court order too as I wanted to write a Wifi Scanner for the iPhone but they booted wifi scanners from the store as they were using a "private framework" that only Apple can apparently use. »wlanbook.com/iphone-wifi ··· by-apple

but I doubt its going to happen as for example the Novell claim that Microsoft was using undocumented api's giving it an unfair advantage (2004) was tossed by the US District Court in 2010, however in May 2011 Novell appealed that ruling so, but perhaps you know of a different court order?

»www.zdnet.com/blog/micro ··· yet/9357

from »www.proudlyserving.com/a ··· e_t.html
quote:
I first asked Mitch Kapor, founder of Lotus, and his quote was "I've heard the stories over the years, but I don't have any specific recollection that there was a devious silent break of the kind you mentioned. I also have a bad memory." Kapor was kind enough to put me in touch with some old Lotus people he knew. And they all corroborated the story: "It's an interesting myth, and one I've heard about in general terms, although I've never heard the specific quote before. However, I have no recollection of any instance of its actually happening with 1-2-3 or with any other product I've worked on." And, "My memory of the early days (1984-85) is that we would get early betas of DOS to test with 1-2-3 and any errors that we found were 'bugs' in DOS and fixed by Microsoft."
Blake
scross
join:2002-09-13
USA

1 edit

scross to CTMustang

Member

to CTMustang
Actually, folks, since you don't know your history, you probably ought to Google this stuff (my memory is not what it used to be). But in the case of 1-2-3 vs. Excel (that would be Windows, not DOS), IIRC Excel was shown to be using undocumented memory management APIs which allowed it to allocate/free memory in relatively large blocks vs. 1-2-3's use of the official documented APIs which restricted it to using much smaller blocks. One of the effects of this was that Excel performed much more smoothly than the Windows version of 1-2-3 did. I'm not saying that Excel wasn't or isn't a good product; in fact it's one of the few "Microsoft products" (that's in quotes because they probably acquired it more than they created it, which is something that people tend to forget) that I actually am fairly impressed with.

Apple (love them or hate them) is legally in a different position from Microsoft. Since they produce everything (hardware and software) in an integrated fashion, legally they are allowed to do things and control things in a way that Microsoft isn't. Plus, they have yet to be convicted of being an illegal monopoly - a situation which changes the entire game. In truth, though, any dirty deeds start early, well before anything ever makes it to court.

And at one time, the Undocumented Windows book was one of the best-selling technical books on the planet. This even after Microsoft swore up and down that there weren't any more undocumented APIs (they lied). This book was so popular, in fact, that internal Microsoft developers used it as their Bible, because the documentation provided internally by Microsoft (you know, for those APIs which didn't exist) was so closely guarded and incomplete - although this could be attributed in part to the so-called "Chinese Wall", I guess, which may or may not have ever actually existed.

Read the review of this book from 13 years ago; it pretty well sums up the situation:

»www.amazon.com/Undocumen ··· 01608340

Addendum: the documentation issue dragged out in Europe much longer than it did here. Here's something the popped up for me in Google which touches upon the situation; you're welcome to Google for more details yourself if you want to.

»blog.seattletimes.nwsour ··· ime.html

Mashiki
Balking The Enemy's Plans
join:2002-02-04
Woodstock, ON

Mashiki to AVD

Member

to AVD
said by AVD:

sorry, not buying it.

Whether or not you buy it or not is irrelevant. You can go either skim through some av vendor threads or go look on /. there's some technical stuff there. But what zbot does, like generating code at runtime, and address reallocation after decompression for updates are similar to what chrome does.

What surprises me is that more browsers especially webkit browsers don't get nailed. Because they all do that.

fatness
subtle

join:2000-11-17
fishing

1 recommendation

fatness to FFH5

to FFH5
said by FFH5:

Microsoft owns up to problem:
»www.geekwire.com/2011/mi ··· -malware

Thank you.

Link Logger
MVM
join:2001-03-29
Calgary, AB

1 recommendation

Link Logger to scross

MVM

to scross
said by scross:

Actually, folks, since you don't know your history, you probably ought to Google this stuff (my memory is not what it used to be). But in the case of 1-2-3 vs. Excel (that would be Windows, not DOS), IIRC Excel was shown to be using undocumented memory management APIs which allowed it to allocate/free memory in relatively large blocks vs. 1-2-3's use of the official documented APIs which restricted it to using much smaller blocks. One of the effects of this was that Excel performed much more smoothly than the Windows version of 1-2-3 did. I'm not saying that Excel wasn't or isn't a good product; in fact it's one of the few "Microsoft products" (that's in quotes because they probably acquired it more than they created it, which is something that people tend to forget) that I actually am fairly impressed with.

Apparently Googles memory isn't that good either as »www.google.ca/#q=undocum ··· &bih=894 doesn't return much. On the second page there is some mention of an undocumented memory call CFixecAlloc but it was deprecated in later versions, so if Microsoft was using that they had to change their code as well.
said by scross:

Apple (love them or hate them) is legally in a different position from Microsoft. Since they produce everything (hardware and software) in an integrated fashion, legally they are allowed to do things and control things in a way that Microsoft isn't. Plus, they have yet to be convicted of being an illegal monopoly - a situation which changes the entire game. In truth, though, any dirty deeds start early, well before anything ever makes it to court.

I guess the iPad or iPhone hasn't reached monopoly market share yet, otherwise how are they different then Microsoft (to use a popular phase here I'm not buying that making the hardware gives them special benefit when telling software authors what is or isn't acceptable).
said by scross:

And at one time, the Undocumented Windows book was one of the best-selling technical books on the planet. This even after Microsoft swore up and down that there weren't any more undocumented APIs (they lied). This book was so popular, in fact, that internal Microsoft developers used it as their Bible, because the documentation provided internally by Microsoft (you know, for those APIs which didn't exist) was so closely guarded and incomplete - although this could be attributed in part to the so-called "Chinese Wall", I guess, which may or may not have ever actually existed.

Read the review of this book from 13 years ago; it pretty well sums up the situation:

»www.amazon.com/Undocumen ··· 01608340

Bought it, read it and still might even have it, but it didn't set my code on fire. Given Andrew Schulman was making a living doing Software Litigation Consulting & Patent Analysis I figured it was just hype for his profession »andrewschulman.homestead.com/ note he is is now a full blown lawyer »members.calbar.ca.gov/fa ··· l/269412

What other OS company supports developers like Microsoft, not only with support, tools, and early releases of new OS's etc, but with training etc? Sound like they love and support developers far more then any other OS vendor.

Lotus 1-2-3 blew up its own ship when it failed to grasp the importance of the Windows GUI and figured they could continue with the DOS interface.
quote:
The rise of Microsoft Windows in the personal computer market was accompanied by the rise in Microsoft's competing spreadsheet, Excel, which gradually surpassed the position of 1-2-3. Lotus initially planned a complete rewrite of the product to overtake Excel, but this project dissolved. 1-2-3 for Windows is still simply a graphical wrapper around the original product. Additionally, several versions of 1-2-3 had different functionalities and slightly different interfaces.

1-2-3's intended successor, Lotus Symphony, was Lotus's entry into the anticipated "integrated software" market. It intended to expand the rudimentary all-in-one 1-2-3 into a fully-fledged spreadsheet, graph, database and word processor for DOS, but none of the integrated packages ever really succeeded. 1-2-3 migrated to the Windows platform, where it remains available as part of Lotus SmartSuite. By release 9 of Lotus SmartCenter, 1-2-3 had matched the capabilities of Excel
»en.wikipedia.org/wiki/Lo ··· us_1-2-3

Blake
scross
join:2002-09-13
USA

scross

Member

Sorry, I keep forgetting that folks today have really crappy Google skills, as recent research has shown. And Google itself tends to get really crappy once you get past the third or fourth search term. But having lived through all of this, I have the advantage of knowing that InfoWorld covered it in some detail at the time (this was back before they became a paid Microsoft sycophant, so their coverage was still quite objective). Google "undocumented windows infoworld" and click the link dated "Nov 16, 1992", for example. The article there mentions Excel several times.

The hardware/software integration thing isn't something that you have the luxury of "I'm not buying". It is legal precedent that was established back during IBM's et. al legal troubles (if not earlier), which started well before most of us had even heard of Microsoft or Apple (IBM still came under certain legal sanctions for their behavior, though). I don't remember all of the details, but a lot of this stuff was rehashed during Microsoft's troubles, too. In fact, the integration "escape clause" is probably the main reason why the XBox even exists, as it was Microsoft's first foray into "integrated systems" territory.

I'll agree with one thing, though - Microsoft bribes developers and others out the yin-yang. And when I go to meetings and such which are sponsored by Microsoft, they always have the best door prizes, which come directly from Microsoft itself.

About the "Windows" thing: people tend to forget that while Microsoft was working on Windows products internally, they were telling the outside world (software vendors and such) that OS/2 was "the future", so that's where many software vendors were putting their efforts. (OS/2 had to be very well-documented, BTW, due to consent decrees that IBM was operating under at the time.) So when Microsoft did a U-turn and started pushing Windows instead, these vendors had to scramble to divert resources to it, and then had to deal with the whole undocumented APIs quagmire.