An update to Microsoft anti-spyware incorrectly labeled two versions of Symantec's anti-virus software as Trojan horse malware last week. Users of Windows AntiSpyware beta 1 were mistakenly warned that Symantec AntiVirus Corporate Edition and Symantec Client Security packages were a password stealing Trojan called Bancos-A (http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.html).

PC users were prompted to remove registry keys, advice that if followed would have disabled Symantec's software, the Washington Post reports (http://blog.washingtonpost.com/securityfix/2006/02/microsoft_antispyware_deleting.html). The snafu happened because of a problem with a Windows AntiSpyware beta 1 issued on Thursday. Microsoft has issued new signature files that avoid the same mistake.

Symantec is working with affected customers, the number of which is expected to be small, because the mislabeling error only happens when a combination of enterprise software and consumer test software are used together. Users of Symantec's consumer security products were not affected by the issue, which was in any case limited to Windows AntiSpyware beta 1 and not its later Windows Defender beta 2 product.

It's not the first time the trial version of Microsoft's anti-spyware software has provoked complaints about false alerts. Soon after the release of the product in January 2005, Romanian anti-virus firm BitDefender cried foul after Microsoft's package wrongly detected a BitDefender ScanOnline object as a piece of spyware called "Brilliant Digital (http://www.pestpatrol.com/pestinfo/b/brilliantdigital_com.asp)".

Problems with false alerts are far from confined to Microsoft's security software and crop up from time to time even with established security products (examples here (http://www.theregister.co.uk/2004/09/07/mcafee_false_alarm) and here (http://www.theregister.co.uk/2004/09/16/symantec_relabels_freegate)). ®

Related stories

Yahoo! Messenger! Trojan! false alarm! (13 June 2008)
http://www.channelregister.co.uk/2008/06/13/yahoo_trojan_false_alarm/
Symantec Endpoint Security throws out error bugs (20 February 2008)
http://www.channelregister.co.uk/2008/02/20/symantec_enpoint_security_error_bug/
CA issues false warning on JavaScript apps (31 December 2007)
http://www.channelregister.co.uk/2007/12/31/ca_dodgy_update/
AVG cries wolf at Adobe Reader (31 August 2007)
http://www.theregister.co.uk/2007/08/31/avg_adobe_false_update/
False positives run amok in Vista anti-virus tests (3 August 2007)
http://www.channelregister.co.uk/2007/08/03/64bitvista_av_tests/
Norton labels Nasa app as adware (17 July 2007)
http://www.channelregister.co.uk/2007/07/17/norton_nasa_false_positive/
Dodgy anti-virus update bunfight goes to court (9 July 2007)
http://www.channelregister.co.uk/2007/07/09/kaspersky_rising_tech_av_bunfight/
Chinese user sues Symantec over dodgy updates (5 June 2007)
http://www.channelregister.co.uk/2007/06/05/chinese_av_lawsuit_symantec/
Norton's firewall not fiery enough (21 May 2007)
http://www.channelregister.co.uk/2007/05/21/norton_bugs/
Yahoo! false! alert! drama! (1 March 2007)
http://www.channelregister.co.uk/2007/03/01/symantec_yahoo_false_alarm/
OneCare slaps viral warning on Gmail (14 November 2006)
http://www.channelregister.co.uk/2006/11/14/onecare_gmail_false_alert/
Faulty CA update crashes Win 2003 servers (6 September 2006)
http://www.channelregister.co.uk/2006/09/06/faulty_ca_update/
Iran president's weblog spews malware - false (15 August 2006)
http://www.channelregister.co.uk/2006/08/15/iran_pres_weblog_alert_flap/
Norton smites ecclesiastical app (4 August 2006)
http://www.channelregister.co.uk/2006/08/04/norton_unholy_false_alarm/
Symantec coughs to security hole in its AV software (26 May 2006)
http://www.channelregister.co.uk/2006/05/26/symantec_av_flaw/
Warning over rogue anti-spyware app (7 April 2006)
http://www.channelregister.co.uk/2006/04/07/unspypc/
S'kiddies get into spyware for just $15 (27 March 2006)
http://www.channelregister.co.uk/2006/03/27/spyware_diy/
McAfee ate my system (14 March 2006)
http://www.channelregister.co.uk/2006/03/14/mcafee_av_false_positive/
US man faces IRC Trojan charges (6 March 2006)
http://www.channelregister.co.uk/2006/03/06/irc_trojan_charges/
'Keylogger text' spooks Symantec (3 March 2006)
http://www.channelregister.co.uk/2006/03/03/symantec_security_glitch/
Microsoft promises Passport redux with ‘InfoCards’ (14 February 2006)
http://www.channelregister.co.uk/2006/02/14/gates_rsa_infocard/
Security products 'riddled' with bugs (20 June 2005)
http://www.channelregister.co.uk/2005/06/20/yankee_security_product_risks/
MS AntiSpyware bites BitDefender (21 January 2005)
http://www.theregister.co.uk/2005/01/21/ms_antispyware_glitch/
McAfee in BitDefender virus slur spat (1 October 2004)
http://www.theregister.co.uk/2004/10/01/mcafee_bitdefender_spat/