Sometime yesterday morning, Microsoft issued a flawed security update to its free Microsoft Security Essentials (MSE) product. MSE, often considered to outperform rivals that charge a fee for their products, works to protect Windows users from viruses, trojans, and other such malware. As we learned yesterday, however, sometimes it can make mistakes.
Security software, like Microsoft’s product, works on a set of definitions. These definitions tell the program what to scan for and are updated on a regular basis – generally, daily or multiple times per day. Unfortunately for Microsoft, one of these sets of definitions was flawed, and flagged the Google Chrome browser as part of a trojan (trojans are rogue programs that provide “backdoor” access, or remote controls to criminals somewhere else on the Internet) known as PWS:Win32/Zbot.
Soon after updating their Security Essentials definitions, MSE users who scanned would get a flag that Chrome was actually this trojan program, and should be cleaned or removed from the computer immediately. Understandably, many worried computer users gave MSE permission to take care of the problem; those who rebooted found that Chrome was gone, its Chrome.exe executable vanished.
The first response from many was to attempt a reinstall of the popular browser; it was to no avail, however, as Microsoft Security Essentials was already on the lookout and blocked the installations. After just a few hours, the Redmond-based software giant was clued in to the fact that something was wrong, and issued the following statement on its website:
Information about incorrect detection of Google Chrome as PWS:Win32Zbot
On September 30th, 2011, an incorrect detection for PWS:Win32/Zbot was identified and as a result, Google Chrome was inadvertently blocked and in some cases removed. Within a few hours, Microsoft released an update that addresses the issue. Signature versions 1.113.672.0 and higher include this update. Affected customers should manually update Microsoft Security Essentials (MSE) with the latest signatures. After updating the definitions, reinstall Google Chrome. We apologize for the inconvenience this may have caused our customers.
To get the latest definitions, simply launch MSE, go to the update tab and click the Update button. The definitions can be updated manually by visiting the following Microsoft Knowledge Base article: http://support.microsoft.com/kb/971606
PWS:Win32/Zbot is a password-stealing trojan that monitors for visits to certain websites. It allows limited backdoor access and control and may terminate certain security-related processes.
Microsoft claims that only some 3000 people were affected, but due to the way these installations are rolled out, the number could be substantially higher. Regardless of whether MSE users also browse the web with Chrome, the updated definitions should be installed immediately in order to reduce the possibility of future complications.