When Good AntiVirus Goes Bad
Yesterday, I started getting a bunch of warnings from the anti-virus program I’ve got installed on my Mac – F-Secure Mac Protection Technology Preview. Since I wasn’t doing anything out of the ordinary or perform any “suspicious” behavior, this was a surprise to me. (Especially considering I had only received one virus alert from the software in the last 3 months.) The below is a screenshot I grabbed shortly after this began.
Every time I loaded a web page in my browser, a bunch of files would be detected and be automatically removed by the software. If I restarted the Google Chrome browser, the anti-virus deleted a critical enough file to cause Chrome to crash. Within about 20 minutes I had disabled the software and then set about trying to report it as a problem. (Notably this software does not have an option in the user interface to disable the anti-virus capability. You must run a very obscure command: sudo launchctl unload -w /Library/LaunchDaemons/com.f-secure.fsavd.plist
)
What happened in this case is that the F-Secure beta software had a false-positive error, causing most if not all files to be flagged as having a virus. The F-Secure software automatically sends files to the trash when a virus is encountered and only provides the above notification window. There is no quarantine, and there is no way to restore files that are deleted.
What is notable is that I didn’t follow standard procedure. Normally when a user encounters a virus warning, the first thing they do is to scan all their files. Since I immediately had a hunch that it was just broken, and I disabled it, I saved myself a lot of trouble. Take a look at the pain being experienced by some of the folks in the forum posts:
I scanned my whole system and now I’ve got 90 000 files in the trash. I’m really waiting for an automated solution for this… To me this is a critical situation.
As one of the forum members noted, this is the worst possible scenario for an anti-virus software maker. While F-Secure has posted a fix along with an apology they have not yet answered my fairly critical question in the forum – how do I tell the fix has been applied? They also don’t yet have any capability to help users restore their files accidentally deleted by this error. Based on my experience, I don’t think I’ll be able to give this software a second chance. Can you suggest alternatives?
3 thoughts on “When Good AntiVirus Goes Bad”
Note: they have just released a tool for restoring your files, and also containing instructions on how to tell if you have an affected version. http://www.f-secure.com/en_EMEA-Labs/beta-programs/home-users-beta/fsmac/FSMACTP-01/
This is clearly a troll post. Everyone knows that Macs don’t need antivirus software because Macs don’t get viruses, they Just Work(tm).
Looks like the “troll” HTML tags got removed in the previous post – an obvious self-mockery of the unfortunate Apple-user mentality that AV software is not required.
(Good on you for filtering the potentially malicious elements, but I guess it just marks the end of an era when I can’t denote blatant trolling with HTML, lest someone read it and think that I was being in any way serious.)
Comments are closed.