World of Warcraft detected as malware by Symantec

Symantec admitted recently that their Norton Internet Security Suite labels files associated with World of Warcraft as malicious. The security suite deleted the files it thought were malware, causing the game to stop working.

Product Manager Kevin Haley told Computer Active their software suffers "ten to forty" false positives per month. These errors are reviewed monthly at a vice presidential level in the company. Haley told the press, "We had a false positive on World of Warcraft. A human analyst looked at it ... they made a mistake, they looked at it in isolation." The updated World of Warcraft file was analysing the system which made it appear to be a suspicious file. Symantec was alerted to the error on its online forum and fixed the problem very quickly.

Haley went on to say "We test [updates] on 393 Windows platforms, and test with 1.26 million Microsoft operating system files. Including one called svchost.exe." The scvhost.exe was a jab at McAfee whose own security suite caused systems to crash due to a false positive in April. The false positive deleted the svchost.exe file from the computer which caused it to crash on while booting.

Symantec claims that though it may accidentally delete application files due to a false positive from its software it will never delete critical system files. "If we see this file, and how there's malware on it, and we decide at some stage to remove the file, there's a failsafe in the product that says: this is a critical system file, do not remove."

Report a problem with article
Previous Story

Critical vulnerability found in Adobe Flash and Acrobat

Next Story

Apple's Magic Trackpad leaked

67 Comments

Commenting is disabled on this article.

@ Dessimat0r

yes i know how online games work [sortoff]
as iv said i dont play much so didnt realize its just a online game.
but thing is an antivirus software should not do this,
and everybody who says norton is getting better, should search and see the top 10 list of test that they do each year and see how good norton is.
norton i was talking about is end point protection, thats the one corporates use and man it skipped few viruses

PeterTHX said,
Well, there goes Symantec's South Korean market...

thats Starcraft 2, not WoW. all korean games in probably all got heart attacks after Blizzard announced no lan.

Raa said,
People still use this? LOL.

+1
however... YOU DONT SEE WHATS WRONG WITH THIS?!?!?
WoW DOWNTIME OUTSIDE MAINTENANCE WINDOW?!?!
AAAAAAAAA *PULLS HAIR
not to mention the pain of reinstalling wow with those massive patches.
I stopped using norton bloatware back in 2003...

LaP said,
There's still individual using Norton ?

:shocked:


There are still people who are stuck in the past and complain of software that has improved tremendously since its troublesome days a few years ago? :not_at_all_shocked:

LaP said,
There's still individual using Norton ?

:shocked:

Lots and Lots of major companies use Symantec Enterprise..... what's the problem?

neufuse said,

Lots and Lots of major companies use Symantec Enterprise..... what's the problem?

Since when company = individual ?

Did it actually delete the file or move it to quarantine?

IMO no AV should just delete files with no user interaction (quarantine yes) as we all know that fp`s are quite common no matter what the company. If it`s just quarantined it can at least be restored and little harm done.
The Symantec PR team must be having a busy day

Warden does have an awful lot in common with malware and it most certainly behaves like something nasty.

It's amazing that so many people pay to play that game monthly yet don't even realize what they are unleashing on their machines in regards to Warden. It's quite invasive and it has been flagged as malware before.

But it acts like malware and that's what most security applications are looking for these days.

Warden does gather data about your machine, what's on it, and how it's being used and then calls home to Blizzard...well except that it's far more invasive than that and it is constantly transmitting data so it isn't really calling home and then hanging up but rather staying on the line the entire time you are playing the game.

Warden behaves like malware therefore it keeps getting flagged as such. Warden doesn't just behave like some trojan though. It is most closely related to a rootkit if anything and that should frighten people.

The game itself is great but Warden is a nasty invasive beast sitting happily on millions of machines worldwide. Even if you do trust Blizzard with that kind of power over your data do you trust their partner company Activision with such things? Now that's scary.

Aahz said,
But it acts like malware and that's what most security applications are looking for these days.

Warden does gather data about your machine, what's on it, and how it's being used and then calls home to Blizzard...well except that it's far more invasive than that and it is constantly transmitting data so it isn't really calling home and then hanging up but rather staying on the line the entire time you are playing the game.

Warden behaves like malware therefore it keeps getting flagged as such. Warden doesn't just behave like some trojan though. It is most closely related to a rootkit if anything and that should frighten people.

The game itself is great but Warden is a nasty invasive beast sitting happily on millions of machines worldwide. Even if you do trust Blizzard with that kind of power over your data do you trust their partner company Activision with such things? Now that's scary.

Not really - I have nothing to hide, and my personal/private information is on another drive, another computer entirely. Accessing that information is done via RDP, so they aren't seeing anything more than what is allowed. Yes, Warden is a concern, but there are always ways around it for those that want to go around it, and for the rest, well, they are not the conspiracy theorist driven type of gamer.

Amodin said,

Not really - I have nothing to hide, and my personal/private information is on another drive, another computer entirely. Accessing that information is done via RDP, so they aren't seeing anything more than what is allowed. Yes, Warden is a concern, but there are always ways around it for those that want to go around it, and for the rest, well, they are not the conspiracy theorist driven type of gamer.

You do not have to be a conspiracy theorist to understand the importance of privacy and protecting your personal information.

What I don't understand is how the majority of people here think this is no big deal just because it is a game you play or care about? How self centered are you? The mere fact that an anti-virus flags something and henceforth deletes is absolutely a big deal regardless of what content. Get your heads our of your ass.

Xenosion said,
What I don't understand is how the majority of people here think this is no big deal just because it is a game you play or care about? How self centered are you? The mere fact that an anti-virus flags something and henceforth deletes is absolutely a big deal regardless of what content. Get your heads our of your ass.

They're making fun of WoW players never going outside.... It goes over their heads that they're sitting inside making fun of game players... At least WoW customers are doing something.

This is my main gripe with Norton or Mcaffee. They will delete files without even confirming with you. Avast had an a similar issue with Power DVD sometime back but it would at least ask you first.

Sadelwo said,
This is my main gripe with Norton or Mcaffee. They will delete files without even confirming with you. Avast had an a similar issue with Power DVD sometime back but it would at least ask you first.

If a file is present on a system, it can cause further damage. Shoot first, ask questions later

vanx said,

If a file is present on a system, it can cause further damage. Shoot first, ask questions later

I've never liked that. I've had security software do quite alot of damage like that before. Norton doesn't have a way to report false positives or provide a means to improve their software that is easily accessable. When I moved up the chain they still couldn't tell me how it was done. The software is set to delete "High Risk" software upon detection with a so called setting but couldn't find it anywhere.

jporter said,
Predictable comments
Ugh, that avatar of yours in quite... no, not quite; EXTREMELY annoying. Especially on the Darkside theme.

I have worked in Blizzard Support, and i can assure you that it's an issue, atleast for Blizzard ;-)

This has happened before, and Blizzard Support get's hammered when it happens, and it does take much more than 10 minutes to install and patch since it's so long since the last Expansion was released.

Thirteen said,

Don't think Symantec does antivirus software for Mac.

If they do then,

OSX.NoLife.WoW-v1 ?

Symantec Endpoint 11.0.6 has a Mac client.

Northgrove said,
Unprofessional of them to bring up McAffee's mistake to take the attention from their own.
Yes, but McAfee's mistake was quite a big blunder. They should maintain a list of critical system filenames and their locations. If they had such a list, they never would have deleted a file named c:\windows\System32\svchost.exe , that's just an amateur mistake and should never have happened.

Symantec's WoW mistake though is understandable.. I doubt any of the researcher's computers had WoW installed.

TCLN Ryster said,
Yes, but McAfee's mistake was quite a big blunder. They should maintain a list of critical system filenames and their locations. If they had such a list, they never would have deleted a file named c:\windows\System32\svchost.exe , that's just an amateur mistake and should never have happened.
Symantec's WoW mistake though is understandable.. I doubt any of the researcher's computers had WoW installed.

Oh and I had the pleasure of fixing one of them over the phone too. What fun for McAfee. At least if WoW is crashed you can still reinstall it and not lose everything.

As with any false positive, it shouldn't happen. Since WoW is quite widespread (11.5 million-ish active players) this is quite a big mistake.

LynxMukka said,
Looks like a slow news day to me..

I disagree. Surely the biggest AV provider incorrectly detecting the biggest MMO as a virus is a pretty serious issue? Yet again we see anti-virus vendors significantly inconveniencing users, while viruses continue to slip through. Unfortunately even NOD32 has had similar issues with games on Steam. Very inconvenient.

Now that they own the VeriSign Security Branch just wait until they accidently flag some SSL certificates as malware...

IT'S THE LIGHT THAT BURNS US! :-) Sorry, couldn't resist. I do play, but very casually. I don't see any issue here either. It takes 10 minutes to re-install the game, or remove said files from quarantine. Nothing to see here, please disperse.

HoochieMamma said,
I don't see an issue here?

Exactly what I thought, seems fine to me. Deleting things to make it stop working might get the players to go OUTSIDE? Or will the sunlight kill them?

Chasethebase said,

Exactly what I thought, seems fine to me. Deleting things to make it stop working might get the players to go OUTSIDE? Or will the sunlight kill them?

+1

Chasethebase said,

Exactly what I thought, seems fine to me. Deleting things to make it stop working might get the players to go OUTSIDE? Or will the sunlight kill them?


Get off Neowin! Now! Or will the sunlight kill you?

Chasethebase said,

Exactly what I thought, seems fine to me. Deleting things to make it stop working might get the players to go OUTSIDE? Or will the sunlight kill them?

They'd probably developed a sensitivity to UV..

Chasethebase said,

Exactly what I thought, seems fine to me. Deleting things to make it stop working might get the players to go OUTSIDE? Or will the sunlight kill them?

What zone is this 'OUTSIDE' you speak of? I might not be high enough level to survive out there.

Chasethebase said,

Exactly what I thought, seems fine to me. Deleting things to make it stop working might get the players to go OUTSIDE? Or will the sunlight kill them?

Says the person who is sitting on their computer typing forum comments instead of, you know, going OUTSIDE? Also, some guy from Norton says, basically "well maybe our false positives make your games crash, but at least we don't crash your system (yet) like McAfee LOL." Lame.

Edited by Intimidator, Jun 7 2010, 4:18pm :

AJC. said,

+1

I hope all of you realize people that play games (not all of them) DO go outside often. I myself do not play WoW, never could get into it. I do play games though. I am active as well.