Sophos coughs to false positive problem

Customers who rely on anti-virus products from security vendor Sophos to protect their systems may have found themselves with more than they bargained for, with the company admitting that a false positive blocked the Google Analytics service earlier today.

Google Analytics is a JavaScript-based add-on for websites that allows webmasters to quickly track the performance of their sites and see how users browse around the pages. It's in common use in some of the biggest websites in the world, and - beyond a few privacy concerns - causes no real problems for anyone.

A miscued update to Sophos Live Protection, the company's background virus scanner product, left some users thinking Google was up to no good, however. The update caused the 'ga.js' JavaScript file used by Google Analytics to be detected as an HTML-borne malware package.

Affected users will have experienced a warning message stating: "High risk website blocked: access has been blocked to 'www.google-analytics.com/ga.js' as 'Mal/HTMLGen-A' has been found at this website.

Users who blocked the content will have found the message repeating as they visited more sites that use Google Analytics. Short of disabling the anti-virus software, there appeared to be no way to fix the problem.

"It's never fun to admit when you've made a mistake, but we made one," admitted Sophos's Graham Cluley in a statement earlier today. "What's worse is that it affected some of our customers.

"We would like to apologise for any inconvenience caused by this false positive, and reassure customers that an investigation is taking place and steps have already been taken to prevent it from happening again. Even though no other web content was blocked, and it should not have impacted normal browsing by users, we recognise that the warning message can be disruptive."

The erroneous virus definition has now been corrected, and an update is being rolled out to Sophos customers automatically. For now, however, users are asked to sit back and wait for the update to appear.

More information on the problem can be found over on Sophos's knowledgebase article.