Sophos: Recovering From A Screw-Up The Right Way

Screwing up is a sad fact of life. Its not a case of if you’ll do it; its a question of when, and how you’ll respond when you do.

When you are involved in business the consequences of mistakes can be huge and the way you respond to an issue is of paramount importance, especially to your customers. Get it wrong and they’ll likely leave, tell all their friends and never come back. Get it right and you’ll retain a degree of trust and integrity that could actually prove beneficial in the long-run.


Last night saw Sophos, a business orientated security company, thrust themselves into the limelight for the wrong reasons. They released an update that then subsequently flagged itself and other update utilities as a virus. This led to enterprise computers (lots of them) incorrectly reporting an infection – SSH/Updater-B. Worse still, many corporate networks and endpoints then found that they were then unable to update themselves. I can imagine many system administrators are feeling rather peeved right now, to say the least.

Of course Sophos aren’t the first security company to have an embarrassing moment and they certainly won’t be the last. The question is, though, how did they respond?

In a business world where hiding, covering up and ignoring customers seems to be an all too common occurrence, Sophos have actually been very open and quick to both admit the issue and start to offer advice to their customers on how to move forward. This, like BlueToad‘s last week, is surely the right move and it is good to see.

What to do if you’ve been affected by the SHH/Updater-B false positive

If you head over to the Naked Security blog you’ll find a post which will give you all the pertinent information including links to the knowledge base as well as a link to the @SophosSupport Twitter account which seems to be extremely active in helping many who are currently experiencing problems.

I’d also strongly recommend following Graham Cluley on Twitter too as he is highly likely to post updates as soon as he has them.

Additionally, there is the Sophos community where many affected people are communicating and you may be able to get answers or at least ask questions there, though some are not convinced by the information they are receiving –

e: Is any one else seing this alert – Shh/Updater-B False positives [ Edited ]
Thu 20-Sep-2012 10:04 – edited Thu 20-Sep-2012 10:19

As per the Sophos KB for the supposed fix for this incident (…

To suggest that customers effectively TURN OFF THE ANTIVIRUS on the end-points, roll out the update, and then turn it back on again is such a terrible solution! – Yeah, why not give the real malware a chance to have some fun! We haven’t got anything else to do!

Overall though I’d say Sophos have responded in a highly professional way. Do you agree and are you affected by this false positive issue?

post idea via @dozykraut – thanks Bernhard!

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Speak Your Mind