Computers running Microsoft‘s antivirus and security software may be flagging google.com — the world’s most-visited Web site — as malicious, apparently due to a faulty Valentine’s Day security update shipped by Microsoft.
Not long after Microsoft released software security updates on Tuesday, the company’s Technet support forums lit up with complaints about Internet Explorer sounding the malware alarm when users visited google.com.
The alerts appear to be the result of a “false positive” detection shipped to users of Microsoft’s antivirus and security products, most notably its Forefront technology and free “Security Essentials” antivirus software.
I first learned of this bug from a reader, and promptly updated a Windows XP system I have that runs Microsoft Security Essentials. Upon reboot, Internet Explorer told me that my homepage — google.com — was serving up a “severe” threat – Exploit:JS/Blacole.BW. For whatever reason, Microsoft’s security software thought Google’s homepage was infected with a Blackhole Exploit Kit.
I could be wrong, but it doesn’t appear that Google is in fact infected or serving up exploits. Fortunately, clicking the default “remove” action prompted by Microsoft’s antivirus technology did virtually nothing that I could tell; the program reported that it was unable to find the threat (psst, Microsoft…that’s because there isn’t one). Judging from the responses in the Microsoft forum, the company appears to be aware of and responding to the bogus alerts.
False positives happen to every antivirus vendor, and this one was fairly innocuous as these things go: It’s not like it deleted or quarantined essential operating system files, rendering host computers useless, as faulty updates from other vendors have in the past. But Microsoft is probably smarting from this episode: The company is expected to ship a version of its antivirus technology with Windows 8, the next version of Windows due to be released later this year.