Sophos Compensation for Shh/Updater-B false positive update debacle.

After reading the report what I find particularly disturbing is that the test phase for false positives is run on a Linux environment!  Which is  abit odd as the software mainly runs on a windows one! School boy error to say the least!

"False positive tests. In parallel to the IDE test, Sophos conducts a false positive test on any IDE release candidate. The false positive test environment (or "rig") consists of a very large number of parallel systems. These systems use our most recently released threat detection engine and rules, with the release candidate IDE added, to scan more than 10 million "good" files and terabytes of data. The set of test files is regularly updated and includes all Microsoft operating system files, many popular applications (such as Java, Adobe, and Google Maps), a large number of business applications, and all current and previous releases of Sophos products.

The threat detection engine is compiled on and supported on multiple platforms including Windows and many Linux/UNIX variants. Because the test is designed to be comprehensive and because there is such a huge data set, the false positive tests are executed on Linux servers. The vast majority of Sophos rules and identities are designed to be cross-platform and run identically across multiple operating systems, including Linux, Windows, Mac OS, and UNIX. The core purpose of the false positive test was to identify false positives, not to confirm cross-platform operability of the IDE. This rule was a rare example of one that was written by the analyst to operate only in Windows environments. Since the false positive rig operates only on Linux servers, the tests did not flag the Shh/ false positives because the rule with the underlying error was specifically flagged for.

Kerry 

After reading the report what I find particularly disturbing is that the test phase for false positives is run on a Linux environment!  Which is  abit odd as the software mainly runs on a windows one! School boy error to say the least!

"False positive tests. In parallel to the IDE test, Sophos conducts a false positive test on any IDE release candidate. The false positive test environment (or "rig") consists of a very large number of parallel systems. These systems use our most recently released threat detection engine and rules, with the release candidate IDE added, to scan more than 10 million "good" files and terabytes of data. The set of test files is regularly updated and includes all Microsoft operating system files, many popular applications (such as Java, Adobe, and Google Maps), a large number of business applications, and all current and previous releases of Sophos products.

The threat detection engine is compiled on and supported on multiple platforms including Windows and many Linux/UNIX variants. Because the test is designed to be comprehensive and because there is such a huge data set, the false positive tests are executed on Linux servers. The vast majority of Sophos rules and identities are designed to be cross-platform and run identically across multiple operating systems, including Linux, Windows, Mac OS, and UNIX. The core purpose of the false positive test was to identify false positives, not to confirm cross-platform operability of the IDE. This rule was a rare example of one that was written by the analyst to operate only in Windows environments. Since the false positive rig operates only on Linux servers, the tests did not flag the Shh/ false positives because the rule with the underlying error was specifically flagged for.

Kerry