December 21, 2007 6:04 AM PST

Kaspersky inadvertently quarantines Windows Explorer

Kaspersky inadvertently quarantines Windows Explorer
Related Stories

Microsoft flags Gmail as a virus

November 13, 2006

AOL offers free antivirus software

August 7, 2006

Flaw found in Kaspersky antivirus

October 3, 2005

McAfee's Trojan horse error gets developer's goat

September 10, 2004
Related Blogs

Antiviral marketing: Kaspersky and me


October 10, 2007

Kaspersky's secret to success


August 21, 2007
Windows Explorer, one of the most crucial components of Microsoft's operating system, was quarantined earlier this week after being falsely identified as malicious code by an antivirus company.

Users of Kaspersky Lab's antivirus products noticed the issue, which Kaspersky claimed lasted two hours, on Wednesday night.

The security company's systems had decided that a virus called Huhk-C was present in the explorer.exe file, leading to its confinement or, in some cases, deletion. As Windows Explorer is the graphical user interface (GUI) for Windows' file system, this made it difficult to perform many common tasks within the operating system, such as finding files.

David Emm, a senior technology consultant at Kaspersky Lab, told ZDNet UK on Friday that the company was still examining its checklist to find out why the false positive "slipped through the net."

"This is classic false-alarm territory," Emm said. "We will check through our systems and see if we can tighten them up so we don't run into this problem in the future. No antivirus company, including ourselves, can say they have never had a false alarm, (but) on all fronts, we do what we can to minimize any potential risk for our customers."

Emm pointed out that Kaspersky adds about 3,000 records per week to its database, demonstrating the "scale of the issue, in terms of testing procedures."

The "offending signature" went out at around 7 p.m. on Wednesday, according to Emm, who claimed that it was pulled two hours later in a "makeshift" attempt to limit the damage while Kaspersky examined the signature.

"We proactively went out to our enterprise customers to make them aware there was this potential issue," Emm said. "Only one corporate customer (in the U.K.) encountered this problem, as well as a handful of home users." He added that users who have not changed their default settings would have found explorer.exe to be only quarantined, rather than deleted.

In March of this year, Kaspersky criticized Microsoft's consumer antivirus product, OneCare, for incorrectly quarantining and, in some cases, deleting Microsoft Outlook files.

David Meyer of ZDNet UK reported from London.

See more CNET content tagged:
Kaspersky Lab, antivirus company, Microsoft Windows Explorer, antivirus, Microsoft Corp.

20 comments

Join the conversation!
Add your comment
Not necessarily a false positive
Considering there are newly released malicious codes that inject
directly into the Windows Explorer memory space, Kaspersky's
deetction is neither invalid or a false positive. At that point
Windows Explorer is a malicious process that needs to be
mitigated. Note that it is not replacing explorer.exe as many
previous virii have attempted. It is mangling the legitimate copy
as it is running to achieve it's ends.

One example:
<a class="jive-link-external" href="http://www.symantec.com/enterprise/security_response/weblog" target="_newWindow">http://www.symantec.com/enterprise/security_response/weblog</a>
/2007/08/the_new_peacomm_infection_tech.html
Posted by pinowudi (1 comment )
Reply Link Flag
Explorer.exe *IS* malicious code. They were right
Explorer.exe and IExplorer.exe are the two things that let everything bad into a windows system. Therefore by definition it IS malicious. Delete it and replace with a real OS and you'll be much safer.
Posted by Anon-Y-mous (124 comments )
Reply Link Flag
ugh
When Linux and/or Apple come out with a viable OS that allows me to play my games (without a dual boot), I'll gladly jump ship.
Posted by chonnom (88 comments )
Link Flag
Windows IS the OS of choice. Everything else is a wannabe.

The ONLY reason ANY other OS could even be considered safer is because very few "baddies" are interested in attacking their minuscule population. Merely half-way educate yourself and practice good internet safety and Windows is perfectly fine for the majority of the population.

Put Linux on 90% of the computers in the world and it would be pounded as well.

Put Mac OS on 90% of the computers in the world and it would be pounded as well.

Put ????? on 90% of the computers in the world and it would be pounded as well.

Microsoft is doing a great job for it's system.
Posted by LetsReason (17 comments )
Link Flag
Kapsersky Maybe Right
In general, this false positive ironically agrees with a positive on windows explorer executable in continuous use as an "undefined process" (and thus never wholly safe) by Microsoft Corp. MSFT enterprise security as well as retail security products, while not outright banning or quaranteening explorer both keep in a suspended state of being a "dangerous process."
Posted by i_made_this (302 comments )
Reply Link Flag
Thumbs Up Kaspersky
Now if Kaspersky could just find a way to quarantine IE from the net the world would be a better place. Untold amounts of money and time would be saved coding standards compliant websites. The general health and well being of webdesigners all over the planet would improve resulting in a slight decrease in health care costs. Web users could breath a sigh of relief that the web would at least be a slightly safer place. Ahhh one can at least dream can't they?
Posted by jeffgtr60 (35 comments )
Reply Link Flag
Shouldn't that be "iexplore.exe"?
"explorer.exe" is the main 'doze file browser, and the taskbar (among a ton of other services) rely on it.

"iexplore.exe" is the bug-ridden, standards-hating, lock-in-generating web broswer thingy. ;)

/P
Posted by Penguinisto (5042 comments )
Reply Link Flag
Ah - ne'ermind.
I'd read elsewhere that the quarantine walled-off the web browser... my goof.

/P
Posted by Penguinisto (5042 comments )
Link Flag
I would love to have explorer quarantined!
With as many problems over the years with explorer windows freezing up or just plain not working, maybe it should be quarantined. It is not as if Microsoft will correct the problems within Windows.
Posted by sktuarim (19 comments )
Reply Link Flag
I've also heard of
McAfee on a Vista machine flagging (and trying to remove) msconfig/System Configuration Utility. Unfortunately, I wasn't able to do much more analyzing with it.
Posted by hawkeyeaz1 (569 comments )
Reply Link Flag
what a blunder....
it was supposed to quarantine Windows Vista....(ALL FILES). :-). Sorry MSFT, Vista suuuuuuxxxxxxx......
Posted by ncftech (14 comments )
Reply Link Flag
Take the Norton Challenge
For those of you who have not considered Norton lately: Maybe it's time to take the Norton Challenge and see how we have improved! Check  this out --  <a class="jive-link-external" href="http://www.takethenortonchallenge.com/ See" target="_newWindow">http://www.takethenortonchallenge.com/ See</a> how we have enhanced our performance. And just give it a try, there's a money back guarantee!
Posted by mytetteh (1 comment )
Reply Link Flag
Sorry,
you had your chance. You guys lost out to free ware, no less. Maybe someone else will play your games but not me.
Posted by suyts2 (152 comments )
Link Flag
Kaspersky quarantines-Windows-Explorer?
Perhaps they see Windows as a virus? I do.
Posted by as901 (105 comments )
Reply Link Flag
You need to place this in the computer humor section
&gt;&gt;&gt;Windows Explorer, one of the most crucial components of Microsoft's operating system&lt;&lt;&lt;

That lead line just about sums up a whole bunch of Microsoft's security problems!

If IE is one of the most crucial components of Microsoft's OS, then they're doomed to fail one of these days.

IE is the most insecure browser in the world... and Microsoft freely opens it's OS innards up to IE in a way that no other manufacturer's application could do because they use so many secret built-in holes to get IE to do the insecure things the way it does!

If Microsoft ever opened up all their secrets about IE, you'd find 90% or more of Microsoft security woes wrapped up in this one nutshell!

Walt
Posted by wbenton (522 comments )
Reply Link Flag
Your confusing
Windows explorer with Internet explorer. Two very different GUIs.
Posted by suyts2 (152 comments )
Link Flag
Windows Explorer is not Internet Explorer
You fail to realize that Internet Explorer is not Windows Explorer. Windows Explorer is the actual GUI of the operating system. Internet Explorer, although very tied in with the OS and yes is a common way to compromise a computer, is only the browser and was not affected by the Kaspersky bug.

So you can see why it would've been kinda hard to fix that problem if Kaspersky deleted a part of your OS?
Posted by dapickle126 (1 comment )
Link Flag
This is just another example of the fact that the most vocal people (like these responding with "down with Microsoft"-types of remarks) are the ignorant people.

You should pay attention to what you read. And besides, Internet Explorer is a great web browser. When you are the web browser of likely more than 75%+ of the world's web users, you are going to be the focus of criminals and scoundrels to defeat. Considering probably 90%+ of the attention of web criminals and scoundrels focus on IE, they do a d@mn good job.

I've used FireFox 3, Flock and other Mozilla-based browsers intermittently for months and CONSTANTLY hit sites that require IE to operate properly. Sounds like, despite the vocal minority, most people look to IE to do their web-browsing...successfully.

With the VAST majority of the baddies in the world attacking Microsoft, salute to Microsoft for the success they have had in defending.

Robert
Posted by LetsReason (17 comments )
Link Flag
Robert,

Shame on sites that require IE, or any other specific browser, to operate properly. That said, IE's lack of adherence to standards imposes considerable complexity to portable web development.

Sounds like most people are forced to turn to IE to do their web browsing for the above reasons. Inded I have been forced to keep a Windows installation in one of my computers just to access my bank's web site. If it wasn't for other financial reasons I'd have long closed my account with that bank. It's just ridiculous.
Posted by aguizar (2 comments )
Reply Link Flag
I'm a gamer and work as a security protocol technician for a large firm. I'm familiar with several different os's but I primarily use Vista 64 (hey, it works for my games ;~} ). As was stated earlier the reason Windows gets slammed on a continual basis, and you don't even have to install virus software on a Mac, is b/c of it's popularity. Not to mention the fact that the every day end-user walking down the street is using Windows and their lack of knowledge coupled with an abundance of complacency makes them the "easiest" targets. Don't blame Micro$oft and don't deify OSX or Linux. They all have strong points and weak points, trust me. Some are just more readily touted than others. Personally ,I don't like IE (Internet Explorer). Not because it's a bad browser, but because it's a bad browser for Windows(haha). I use FireFox with SSL Blacklist (www.codefromtheseventies.org), along with a couple more add-on's and never have a problem. Well, this is too wordy. GG.
Posted by R370ad (1 comment )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.