Microsoft security tools nuking Chrome browser

On September 30th, 2011, an incorrect detection for PWS:Win32/Zbot was identified. On September 30th, 2011, Microsoft released an update that addresses the issue. Signature versions 1.113.672.0 and higher include this update. <a href="http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=PWS:Win32/Zbot&#38;threatid=2147598479" rel="nofollow">http://www.microsoft.com/security/portal/Threat/Encyclopedia...</a>

The sad reality is that a modern app like Chrome does look a lot like malware. It does a bunch of crazy things you might not expect a regular piece of software to do - manipulating file permissions and spawning large groups of processes, installing into a rather obscure part of the user's appdata folder instead of into program files, downloading arbitrary payloads from the internet and then using those payloads to modify executables on the user's machine...<p>It's always unpleasant when you get flagged by a virus scanner. Antivirus vendors basically ignore you unless enough of your customers complain to get their signature database updated. Hopefully in this case, since it's a high-profile application (Chrome), Microsoft will address the problem quickly.

How do these malware-signature-matching mechanisms work? What are the odds that Chrome produces the same matchable-characteristics as Zeus malware? I don't want to leap to the conclusion that something fishy is going on here.

Doesn't code signing give any advantage to Chrome? If an executable and all its dependent libraries are signed by trusted party MSE ought to be able to lower its aggression level a bit. How likely is that a Google signed Chrome exe could be injected or rewritten with malicious code without invalidating the signature? That coupled with some white listing and these type of things should never happen.

That should be "nuked", the issue was fixed in under an hour this morning.

This happened to me today. MSE does give the choice of what action to take, I figured better safe than sorry. I'll reinstall once it gets straightened out.

Oh dear. No matter what the reality of the situation Microsoft ends up looking really terrible here.

It's the same problem with iTunes on the windows platform. When you sync your iOS device to your computer it requires so much personal information (e.g music, movies, photos, contacts) that this process looks fishy. Windows is rarely ever ok with this. Seems no different with Chrome.

When you have a list of constantly-updated virus signatures being matched against a set of constantly-updated program binaries, this sort of thing seems like only a matter of time...

I just reinstalled Windows 7 with Chrome on my desktop PC last night. It will be interesting to see what happens when I get home today.