https://news.wiseeyesent.com/enContents © 2026 <a href="mailto:admin@wiseeyesent.com">Admin</a> <a href="/LICENSE.txt">Koplyleft- Some rights reversed</a>Sat, 03 Jan 2026 19:12:22 GMTNikola (getnikola.com)http://blogs.law.harvard.edu/tech/rsshttps://news.wiseeyesent.com/posts/2017/04/check-yo-sigs.htmlAdmin<p>Received an <a class="reference external" href="https://arstechnica.com/security/2017/04/av-provider-webroot-melts-down-as-update-nukes-hundreds-of-legit-files/">interesting report</a> from a colleague today. Apparently <a class="reference external" href="https://www.webroot.com/">WebRoot</a> released a <a class="reference external" href="https://community.webroot.com/t5/Announcements/W32-Trojan-Gen-False-Positive-Fix-April-24/td-p/290198">false positive signature</a> which totally borked Windows and legitimate applications in a substantial volume. I haven't used their software in a while as I've been on <a class="reference external" href="https://www.avast.com/">Avast</a> for the last decade or so.</p> <p>Malware scanning itself is something highly selective and rather difficult to perform, particularly due to the usually randomized nature of the malware itself. When I was working in security, I performed a significant number of application level cleanings and found that RegEx was usually the most beneficial, coupled with selective file searching based on ctime &amp; OS reported file type (got a JPEG reported as an ASCII text file? May wanna take a look at it). The DHS <a class="reference external" href="https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf">Grizzly Steppe report</a> also includes a sample signature of theirs on page 5. Worth a read if you haven't looked at it.</p>antivirusavastgrizzly steppeinternetmalwarenewsoutagewebroothttps://news.wiseeyesent.com/posts/2017/04/check-yo-sigs.htmlTue, 25 Apr 2017 14:55:57 GMT