Show me any piece of security technology on this planet and tell me it's bullet-proof and I'll call you a liar. No matter how good the product, glitches happen. So it's sad when vendors try to downplay their own glitches.
Feeling as I do, I wanted to take a moment and give Sophos credit for doing it right.
Earlier this week, Sophos customers reported detections of Shh/Updater-B, indicating an attack was under way. Sophos issues a fix, then did something more: Admitted the problem in a headline in its Naked Security blog.
"Sophos would like to reassure users that these are false positives and are not a malware outbreak, and apologizes for any inconvenience," the company said in its post.
More background on the glitch was reported by my colleagues at Network World:
Although Sophos issued a corrective update, the security firm said today it's conducting a "full investigation" to determine how this all happened and to ensure it doesn't happen again, and expects to provide more information shortly about the issue. In its advisory, Sophos notes that "symptoms" of the effects of the faulty update on customer endpoints would include a number of things, such as:
- Any virus detections of the malware 'Shh'
- Sophos Autoupdate not updating correctly
Sophos added that other product update mechanisms may not be functioning correctly as well, and visually it may appear that the "Sophos Shield may disappear."
Another impact would be that the console for the Sophos anti-virus software may be issuing reports on malware called Shh/Update-B. But this represents a false positive and is not an actual outbreak, Sophos states.
This is a good example of how a vendor should handle incident response. Sophos isn't the only vendor to do it this way. But since some vendors downplay their own problems, I like to highlight the folks who get it right.