Symantec cries wolf on Nimda

A bug has been discovered in Symantec's anti-virus software that fires an alarm after 'detecting' a non-existent Nimda attack.

Symantec's Norton anti-virus software is susceptible to the so-called "false alarm syndrome", which occurs when an application mistakenly detects the presence of a virus in a file when in reality it is infection-free.

The error can occur when a scanned file contains characters similar to a bona fide infected file.

This has outraged rival anti-virus vendor F-Prot - mainly because Symantec's software triggered a false alarm on its customers' PCs which made it look like F-Prot's software was infected.

The bug was detected when F-Prot customers who use InstallShield were alerted of the non-existent virus. InstallShield is a program designed to help users install software and which has Norton anti-virus software bundled with it.

In a statement, F-Prot said: "The false positive [alarm] was due to what appears to be a lack of quality assurance on their [Symantec's] part. F-Prot anti-virus for Windows is not infected with W32.Nimda.enc or any other virus nor will it ever be. By distributing faulty virus definition files Symantec has now put our good reputation at risk."

Graham Clueley, technical consultant from rival anti-virus firm Sophos, said it's not the first time Symantec has issued a false alarm.

"Symantec had another false alarm under a month ago which just goes to show the lack of testing in their software," he told silicon.com.

A spokesman from Symantec advised users to update their anti-virus software to make sure the false alarm problem is removed.

He added: "There was something in our virus definition set that resulted in the false positive. It's a rare occurrence and was removed immediately."