Official Statement from CA re: Win32/Amalum False Positive

[colja11]

We apologize to our Internet security customers for the recent false positive detection of Win32/Amalum. We detected the errant file quickly and worked to resolve the issue as fast as possible to minimize its effect to our customers.

Historically, CA has a very low rate of false positive detections. We have stringent processes in place to make sure we are delivering the most comprehensive detection of malware. When we inspect a program for malware, our practice is to take all necessary steps to protect the customer rather than risk subjecting their systems and infrastructure to a security breach. Unfortunately, as malware has increased exponentially this has brought with it the increased possibility for false positives from all vendors.

We take this incident seriously and will learn from it to further improve our processes to prevent this from happening in the future. We will also continue to improve our detections and protect our customers while continuing to maintain the best quality possible.

Thank you,

James Collins
Sr. Product Manager
CA Internet Security

[spud]

Well this pleases me greatly and I sincerely thank you for your response, on behalf of CA, over this this issue.

I hope that we, as customers, will have more communication form the CA staff in all future correspondence which will help to consolidate the our relationship.

[John12345]

Thank you!

[keithgh]

James Collins
Sr. Product Manager
CA Internet Security

Thank you very much for that reply after last night I think I went to bed with fried brains. Being a relatively new Mod and having the same problem there was not much I could do other than telling posters that a fix was on the way but when ???

During those hours I personally dont think if you had come on and explained what had happened and what was being done to fix the problem some posters would not read it and just wanted to complain for the sake of complaining.

I hope that when I down load the latest updates every thing will be working correctly

Again thank you for your posting.

Keith

[Erebus]

I have sent a message to Mr Collins requesting that CA look into the possibilty of making the 17 or so affected files available for download from the CA site somewhere for those users who have inadvertently deleted them as a result of the false positives yesterday. Many user's PCs have been rendered useless as a result of this issue. Their CA logs should show them which files have been deleted and from where and then if they had easy access to get those missing files again, individually, it might be a lot easier than some of the other fixes, which really aren't suitable for novices. It's a longshot and just an idea, but it might be possible.

[CPM]

Quote:

Originally Posted by colja11

We apologize to our Internet security customers for the recent false positive detection of Win32/Amalum. We detected the errant file quickly and worked to resolve the issue as fast as possible to minimize its effect to our customers.

Historically, CA has a very low rate of false positive detections. We have stringent processes in place to make sure we are delivering the most comprehensive detection of malware. When we inspect a program for malware, our practice is to take all necessary steps to protect the customer rather than risk subjecting their systems and infrastructure to a security breach. Unfortunately, as malware has increased exponentially this has brought with it the increased possibility for false positives from all vendors.

We take this incident seriously and will learn from it to further improve our processes to prevent this from happening in the future. We will also continue to improve our detections and protect our customers while continuing to maintain the best quality possible.

Thank you,

James Collins
Sr. Product Manager
CA Internet Security

You are posting this today at 3:00 PM. Why didn't you or other CA people post some information yesterday when affected customers were panicking not knowing what was happening?

Secondly, if CA had done the simple quality check of testing the culprit update release first on a CA computer, all this could have been avoided. What this tells me is that CA has no proper quality check program before release to the public.

I have been a long-time CA customer and have recommended your product a whole bunch of my friends and family over the years. Now, I feel like a fool.

I would like for someone at the Senior VP level or the CEO himself come online here and explain why this happened and what steps he is taking to fix it so it will not happen in the future. Apparenlty, there is a serious organizational issue at CA.

[spud]

CRM

Although I am in agreement with many aspects of your post lets bear in mind that CA have finally come on the forums to offer admittance to their mistake which is a massive start as it is extremely hard to get any form of responce from them. Lets not rock this boat and encourage them to actually provide more feedback and conrtributions to this forum rather than scare them off with what they should/shouldn't have done. It's in all our interests to have them here.

Mr. Collins took the initiative and spoke for CA. He didn't have to do this as he could have remained silent on the issue, as CA have previously done. By Flaming him you will not get him to return offering further statements or advice which we would all prefer.

[CPM]

Quote:

Originally Posted by spud

CRM

Although I am in agreement with many aspects of your post lets bear in mind that CA have finally come on the forums to offer admittance to their mistake which is a massive start as it is extremely hard to get any form of responce from them. Lets not rock this boat and encourage them to actually provide more feedback and conrtributions to this forum rather than scare them off with what they should/shouldn't have done. It's in all our interests to have them here.

Mr. Collins took the initiative and spoke for CA. He didn't have to do this as he could have remained silent on the issue, as CA have previously done. By Flaming him you will not get him to return offering further statements or advice which we would all prefer.

You are sounding like CA is doing us a favor! If they really cared about their customers shouldn't they take the initiative to post a message here on the forum or issue an official newsletter on their site at the earliest sign of trouble? While I appreciate Mr. Collins coming on this forum to take responsibility, I don't see that as a favor to us. It is his duty as CA is accountable and responsible for support of their product especially when they screw up thousands of users. Why didn't they issue a statement early on the 8th itself when users were panicking? Why do the customers/users have to assume the responsibility to help each other in that panic moment? I really feel for the people who deleted the system files in panic and thus got their computers totally screwed up.

I don't buy the explanation that it was just a simple false positive situation. Apparently, there was a huge screwup at CA that allowed some trojan or virus to infect their update file that they passed on to the unsuspecting users without proper procedural checks. I am very upset because I have got so many of my friends and family to switch to CA over the years. Now, I feel a sense of responsibility for screwing up their computers. I spent countless hours trying to help them recover from this mess. I don't even work for CA!!!

[oldhounder]

I am glad that James Collins did appear, although earlier would have been better.

Right now it is more important to me that my computer is healthy. I still have the message saying that several files were changed and that I should reinstall XP SP 3. Is that what I should do? Could a Mr Collins type offer some advice on this issue?

[spud]

Quote:

Originally Posted by CPM

You are sounding like CA is doing us a favor! I don't even work for CA!!!

I disagree with you on this. Regardless of when CA could have notified people and how they could have informed us is a matter for them to address so that this doesn't occur again n the future. My point was that I (and others) have been requesting their attendance and contributions (management that is) to the forum for what seems like an eternity without success. Now they have shown their face, I would like this to continue and see regular or at least some contribution on a weekly/monthly basis. This would benefit the community greatly.

And I don't work for them either yet I have also sold the products on my reccomendation too yet you don't see me crying about it. I or you have not let them down, CA did. Besides think of how some of them could have been affected had you pointed them to alternate software and it screwed the system up completely without a false positive doing that! This does happen. Friends do have understanding too and wont generally hold you responsible for the mess someone else caused.