• silicon.com
• Technology
• Security

By Kristyn Maslog-Levis, 13 September 2004 09:05

NEWS An Australian software developer is considering suing McAfee after the antivirus company wrongly identified his internet setup program as a Trojan horse in a recent virus definition update.

Mark Griffiths of Brisbane said he is "not ruling out" filing a lawsuit against McAfee even after the antivirus company released an update last week to its DAT virus definition file that fixes the false positive.

Griffiths sells the internet setup program, ISPWizard, to internet service providers in more than 20 countries. McAfee antivirus software on ISP customers' computers labeled ISPWizard as the BackDoor-AKZ Trojan horse. Because the McAfee software automatically eliminates the program from the users' system, many were not able to connect to their ISP.

Griffiths said he was first notified about the mistake on 2 September by ISPs in the US. They had been alerted by their customers, who had not been able to access their internet services. Immediately after being notified, Griffiths sent an email to McAfee but did not hear back from the antivirus vendor until Monday last week.

Griffiths estimated a loss in revenue of at least 50 per cent for this month because the program was labelled a Trojan. He added that one of his customers lost $3,000 after the provider's customers shifted to another ISP as a result of the McAfee difficulties.

Allan Bell, McAfee marketing director for the Asia-Pacific region, said the company released a new DAT file last Thursday including changes that addressed Griffiths' problem. Bell explained that the software identifies Trojan horses based on a signature or a pattern. Because of this, he said, "there is always a danger of a false positive," meaning the DAT file matches a program that is not a virus.

Bell said McAfee provides a procedure for developers to ensure their software is tested. He added that developers can submit their program for testing, free of charge, by calling the McAfee support department. The program is then matched to the 30 million files of known good code to make sure there are no false positives.

"We do have a large database of known good files and programs that we scan against to make sure that there are no false positives. False positives happen in very rare occasions, and so we want to encourage developers to talk to our support department about testing their programs," Bell said.

However, Griffiths said that even after McAfee sent out the changes to the DAT files, some customers who have not updated their personal computers will still not be able to access their ISPs. He added that the changes to the antivirus software will not affect his decision whether to file a lawsuit against McAfee.

"If there is going to be a lawsuit, it wouldn't be affected by the release of the software fix because it took so long for them to do it and how they handled the problem was not satisfactory," Griffiths said.

Bell refused to comment about the possibility of a lawsuit.

Kristyn Maslog-Levis writes for ZDNet Australia