Do All Signatures Come From Kaspersky?
You might think there exists a huge number of anti-malware programs out there. If so, you’d be right but you might be surprised to find out how many use the same anti-virus engine and signature files.My mailbox was flooded yesterday with a number of freaked out WinPatrol users who had our software removed by Kaspersky Internet Security Suite. It seems Kaspersky was identifying WinPatrol as “pornware not-a-virus:Porn-Dialer.Win32.Agent.aw“.
I was pleased that most folks knew this must be some kind of false-positive error, but I also had my share of users in a panic blaming me for infecting their systems.By evening, I did hear back from Kaspersky Virus Analyst, Yury Nesmachny who apologized and said,
According to tests today with VirusTotal.com, Kaspersky has corrected this error.
“Sorry, it's false alarm. Its detection will be deleted in the next update. Thank you for your help.”
It wasn’t long before I received notices that Zone Alarm Security Suite was reporting WinPatrol as a porn dialer. This was followed by a couple F-Secure Internet Security users and a few who use AOL’s Active Virus Shield.
I had created a standard reply for Kaspersky users but as the day continued it got worse. Apparently, a significant number of other products use signature files from Kaspersky for their products.
This isn’t the first time this error has occurred. Last December Panda Software tried to tell users WinPatrol was a porn dialer. Panda was pretty responsive and I appreciate the quick action from Kaspersky which hopefully, will be deployed quickly to all their partners. I’ve also been told WinPatrol isn’t alone. AdobeUpdaterInstallMgr, Quicken and many other popular applications were mis-identified.
Update: Thanks to Don Pelotas who pointed me to this list of Kaspersky partners.