Antivirus makers are having a particularly difficult time protecting users using the 64-bit version of Microsoft's latest operating system, Vista. According to the Virus Bulletin security certification body, 35% of the twenty products tested on Vista x64 failed to meet VB's latest test criteria. McAfee Virusscan, Symantec Antivirus, and Microsoft Forefront were three of several major vendors who managed to pass the test. Among those who failed were Computer Associate's eTrust, which comes with improper default settings instructing the application to ignore many file formats, and all three of TrendMicro's submissions, which mistook a Microsoft development tool as malware. John Hawes, technical consultant at Virus Bulletin, explained that "a false positive can cause as much disruption as a virus infection. False warnings often lead end-users to delete valid files in the belief that they are some form of attack and the resultant damage can be significant."
The root of the problem seems to be a struggle by AV makers to adapt to Microsoft's PatchGuard technology, which prevents applications from accessing the OS's kernel. As developers explore new approaches to protecting the user in light of PatchGuard, teething problems are to be expected. Virus Bulletin's certification is particularly stringent: one false positive or one failed detection results in a failing grade.