back to article Sophos update borks systems at London NHS trust

An anti-malware update from Sophos caused borked systems at University College London Hospitals (UCLH) on Thursday. Sophos confirmed the problem in a brief statement, adding that it was working with the NHS Trust to get to the bottom of the issue. Sophos can confirm that the Trust raised a support case yesterday regarding an …

  1. AMBxx Silver badge

    Poor NHS

    I don't normally have much sympathy for the NHS as so much is self-inflicted, but feeling sorry for anyone working in IT in the NHS after the last few weeks.

    1. Anonymous Coward
      Anonymous Coward

      Re: Poor NHS

      It's the contractors doing the work while the in house IT staff do nothing I feel sorry for.

      I worked for a company that contracted to a West London NHS trust and I was absolutely dumbfounded when I turned up to do some SQL server maintenance. They had 12 or so internal tech staff. Most of which were playing Quake 3.

      1. AMBxx Silver badge

        Re: Poor NHS

        I did a project for them not so long ago. The internal NHS IT project staff were great, but working within the dreadful bureaucracy. Only went wrong when it was handed to the operational team of NHS lifers. Never heard from them again and it looks like it was never rolled out properly.

      2. AMBxx Silver badge

        Most of which were playing Quake 3

        Even the games they play in the NHS are out of date!

    2. Mark 65

      Re: Poor NHS

      Presumably they tested this update on a suitable standalone SOE or test lab before general deployment? Personally I wouldn't take 3rd party anti-malware to a shit-fight.

  2. Anonymous Coward
    Anonymous Coward

    "False positives are a well-known prat-fall of all anti-malware packages"

    Unfortunately Sophos seems to get them more than most and seems to have the biggest, meanest of all, often meaning a complete bork.

    It was why in 2012 when they took out most of our systems we moved away and have never looked back. The reason for the false positives? They went through 5 layers of testing without realising that it detected itself as a virus (and loads of other programs)

    1. razorfishsl

      Obviously you aint been involved with "AVAST"

    2. tr1ck5t3r

      So how do you know these were false positives and not some really really good worm which has so far gone undetected? Stuxnet took over a year to just be reversed engineered and classified as a virus!

      I'm always intrigued by these False Positives, because what it boils down to is believing someone or something else and not your anti virus software because the truth appears to be too uncomfortable!

      Put it like this, when your AV software flags itself up, how do you know its not been infected?

      Do you, like any good scientist have anything else to back up your position/opinion like a hash sum of the file in question compared to a known offline good copy for example?

      Do MS even provide a list of their files & version numbers with a variety of hash sums, for people to use to verify and trust their Windows files independent of AV software analysis?

      How do you know the Spooks are not redirecting your DNS lookup's or intercepting your network connections (MITM) to a hypothetical web link to MS which lists the hash sums of their own files?

      Some people don't appear to have thought things through properly.

      1. Anonymous Coward
        Anonymous Coward

        Okay, you could be trolling. But, just in case you are serious. Generally when AV maker apologizes profusely and then reverses the update is a good sign they screwed up.

  3. Anonymous Coward
    Anonymous Coward

    Wouldn't want to be in the QA department in the morning

    if they even have one ?

  4. John Smith 19 Gold badge

    scan for application vulnerabilities just once a year

    Icon says it all.

  5. Anonymous Coward
    Anonymous Coward

    From time to time I'd comment that

    {NHS IT person} had a clue.

    None of them remained in post for as long as 3 months after that.

  6. Anonymous Coward
    Anonymous Coward

    It wasn't a False Positive

    Look at the update:

    Updated on Monday 10.00 UTC to add: Sophos has been in touch to say: “Sophos can confirm that the Trust raised a support case yesterday regarding an issue they experienced during a planned software upgrade. We worked quickly with them to resolve the issue and we continue to work with the customer on root cause analysis. Our investigation into the case has confirmed this is not a false positive.”

    So this wasn't a false positive and just a planned software upgrade. So this article is totally wrong as the issue has nothing to do with a false positive.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like