Smashing Security podcast #018: Windows is a virus. True or False?

Three security industry veterans, chatting about computer security and online privacy.

Smashing Security #018: Windows is a virus. True or False?

Security firm Webroot drops a clanger when it declared Windows was malicious and borked customers’ PCs, millennials are streaming a lot of movies illegally, and blackmailers are targeting members of the Ashley Madison cheating site again.

All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by special guest Michael Hucks from PC Matic.

Smashing Security #018: 'Windows is a virus. True or False?'

Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...

Show notes:

Sponsor: Recorded Future

This episode of Smashing Security is made possible by the generous support of Recorded Future – the real-time threat intelligence company whose patented machine learning technology continuously analyzes technical, open, and dark web sources to give organizations unmatched insight into emerging threats.

Sign up for free daily threat intelligence updates at

Thanks to Recorded Future for their support.

Hope you enjoy the show, and tell us what you think. You can follow the Smashing Security team at @SmashinSecurity on Twitter.

Remember: Subscribe on iTunes to catch all of the episodes as they go live. Thanks for listening!

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

3 comments on “Smashing Security podcast #018: Windows is a virus. True or False?”

  1. drsolly

    I hadn't known about the Great Sophos Disaster.

    How did they recover from a situation where they can't push out an update? And how did they fail to scan their own software?

    Because of the scanning method that DSAV-Findvirus used (single point), I don't think we ever had a false alarm.

    1. Graham CluleyGraham Cluley · in reply to drsolly

      Here is how The Register reported the Sophos foul-up:

      If I recall correctly, the first fix was a manual one – on every computer that had had its Sophos Anti-Virus update feature borked by umm.. Sophos Anti-Virus.

      Later there might have been a tool produced that could be rolled out across the network as users logged in, but that's lost in the mists of time for me.

      Regarding "how did they fail to scan their own software"? My understanding is that the false detection was spotted during testing…. and then human error meant that someone overrode the warning and pushed out the update anyway…

      But it's five or so years ago now, so that may not be right.

    2. Graham CluleyGraham Cluley · in reply to drsolly

      I seem to recall there may have been occasional false alarms (but nothing like what McAfee and others suffered from) when it came to file compressors, Dmitry's heuristics, etc. But they were pretty rare. David Emm probably remembers better than me.

      BTW, it's 20 years since we put out this press release. Time files…

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.