Some of you may have noticed that Windows OneCare Live has recently been flagging StopSign as malware. This is a false positive! This happens sometimes among Internet security software providers. We’ve been in contact with Microsoft’s team, they’ve acknowledged that it’s a false positive, and they’re working on a resolution.
Here’s a quote from an email by our lead software developer regarding this issue:
I’ve just received an email from Microsoft stating that they believe that they have
correctly fixed the false positive problem, and the fix will be included in the updated set
of definitions, which should be published in the next day or so.
When the update is released publicly we’ll make an update to this post, so please check back if you’d like to know when the fix to this false positive is live.
UPDATE (01/22/2010): The Microsoft Malware Protection Center has confirmed the false positive and fixed the original bug. Here is an excerpt from their email confirmation:
Thank you for your recent inquiry about StopSign Internet Security and the issue you reported. The definition library for Microsoft Windows Defender has been updated to version 1.71.2391.0. We believe this new definition library contains the updates necessary to address the issue that you raised. This new definition library is now available for users who subscribe to the automatic definition update mechanism, as well as users who choose to manually update their definition library.
However, you may have noticed I wrote “…the original bug.” It looks like they have a new false positive in the safe file affected last time, and we have a new update request in to them. More details as we get them.
UPDATE (03/03/2010): The Microsoft Malware Protection Center has released a new signature to fix the false positive (“Adware:Win32/Exact“) addressed in this post. This should close out the false positive.