Antivirus Software Hamstrings Windows

September 11th, 2006: Software vendor Computer Associates (CA) was left red faced last week when a buggy overnight update to its popular eTrust antivirus software confused an important Windows process with a virus and promptly deleted it.

The software update picked out the Lsass.exe, a Windows security process, and incorrectly flagged it as the Win32/Lassrv.B virus. From here, anyone who had set their eTrust preferences to automatically delete would find their machine unstable, and unbootable at the next restart.

The SANS Internet Storm Center picked up the problem shortly after it appeared, reporting that it showed up in the overnight 30.3.3054 update. CA fixed the problem in under seven hours with the follow up 30.3.3056 update.

While it is unknown how exactly how many eTrust customers were affected, the chief research officer at SANS, Johannes Ullrich, says that number is not large.

Anyone still experiencing issues relating to the problem can find help on CA’s website.

Comment on this story