Virus Definition Update Rings False Alarm On Nimda

A recent virus definition update for Norton AntiVirus software led to false alarms about the presence of the Nimda virus in InstallShield, a software installation tool.

Specifically, virus definition updates, provided by Symantec Corp., were incorrectly identifying the InstallShield Professional 6.31 script engine (ikernel.exe) as being infected by the W32.Nimda.enc(dr) virus. The problem occurred during the weekend, and Symantec corrected it by updating the virus definition, which can be accessed at Symantec's Web site.

Norton AntiVirus false alarms aren't common, says Darnell Washington, a security engineer with Securexperts Inc. in Atlanta. But an increase in self-propagating viruses has required the company to make more frequent updates in recent months, increasing the odds of errors occurring. When false alarms do occur, they can cause considerable problems. "Norton AntiVirus' reputation for identifying viruses is solid, but its release of patches, fixes, and updates has proven to be problematic in some larger organizations" when it leads to false alarms, says Washington, who works primarily with large financial companies.

When antivirus auto-updates occur, and users experience false alarms, it creates a time drain on network administrators, who must resolve those reports. But perhaps the most detrimental effect of false alarms is the resulting confidence drain. False alarms, Washington says, "lower the confidence in the reliability of applying patches and fixes, and that's the thing the world needs most now--confidence in delivery of appropriate patches and fixes."