McAfee Kidnaps Giant Pooch; Screws It

McAfee is a good security company with great security products. But its staple product is its VirusScan product which, once installed on your system will update itself automatically with software written by McAfee. Those would be the DAT files, which are supposed to be new virus definition files, but every once in a while, the file is bad or does something unintended. Yesterday a bad DAT file crippled millions of PC’s running Windows XP Service Pack 3.

From NetWork World Here:

Many companies and people on Thursday were fixing thousands of Windows PCs that went haywire as a result of a seriously flawed software update sent by antivirus vendor McAfee.

The update distributed at 3 a.m. Eastern time Wednesday misclassified a critical Windows XP system file, called svchost.exe, as a malicious program. As a result, McAfee’s AV software was instructed to detect and remove the threat, sending affected PCs into fits of rebooting that made the machines useless.

Hours after the blunder, Barry McPherson, executive VP of technical support at McAfee, said the company believed the snafu “impacted less than one half of 1% of our enterprise accounts globally and a fraction of that within the consumer base.” However, media reports and Twitter postings indicated the problem was bigger.

Steve Shillingford, chief executive of tech forensics firm Solera Networks, told USA Today that one large U.S. multinational company saw 50,000 PCs go into a reboot frenzy as a result of the destructive update. Solera was in the process of helping the client clean up the mess, which could only be corrected manually by a technician at each PC.

Meanwhile, the Associated Press reported that a third of the hospitals in Rhode Island were forced to suspend treatment of non-trauma patients in emergency rooms. In Kentucky, state police officers had to shut down computers in their patrol cars while technicians tried to correct the problem.

McAfee’s comment page were packed with PC owners blasting the antivirus vendor in what will likely become a public relations nightmare for McAfee.

“Your company deserves to fail. Your ‘protection’ is far worse than any virus you’re supposed to protect us against,” an angry customer said.

There are so many aspects of this story that are important. First of all, Antivirus products don’t work against modern threats. Most attacks occur now because you open something in email and get infected with a trojan horse or you visit a website and get compromised via a weakness in your browser or helper plugin application. AV doesn’t stop those, and in fact, once infected, most new bots or trojans turn off your Antivirus programs and prevent them from restarting.

Second of all, given that this sort of thing happens time and time and time and time again, why would you allow a company to stream files to your system that could result in the potential of a massive system failure? Malware protection needs to be moved to the gateway and out of the desktop.

Thirdly, Solera is doing helpdesk work patching broken systems crippled by bad DAT files instead of selling network forensic equipment? That is a hilarious piece of news.

And lastly, don’t throw McAfee under the bus because of this and think that if you switch to Symantec you will get a better product. All of those links above to bad AV stories were about Symantec. They are far far worse. In my past I have seen bad DAT files come from McAfee. I once had several servers crippled by a routine update when I was at a Government organization. But they got us back up and running with great customer service.

Yet judging by the comments at McAfee’s blog, it is going to take some stellar customer service to make these guys happy:

Rudy April 21st, 2010 at 8:14 pm
Serious?! Why not just admit the f’up and say you’re sorry? You jacked up untold hundreds of thousands if not million of computers. That sucked. At least man up! Oh yeah, there’s that little guy wearing the power stripe from legal standing over shoulder telling you how much little culpabililty you have in all this. Jeez!

Win XP SP3 machine now non-functional – No way to get to a “start” menu or a command line, (tool bar at bottom of screen no longer there) Consequently the other things suggested in the fixes and workarounds can not be implemeted. Attempts to get to a DOS window to put the .EXE file back in could not be done either.

Wade Johnson April 21st, 2010 at 9:25 pm
My company alone had thousands of computers completely inoperative. Don’t pull a Toyota on this and grossly understate the problem. Admit the error, remediate, apologize and do the best you can. Obfuscate, cover up and distort, and you guys will be ruined.

frank April 21st, 2010 at 9:27 pm
i just paid $200 for a pc repair shop to fix my PC when it was an error?????? absolutely ridiculous and mcafee needs to reimburse its customers for gross incompetence.

R Derby April 21st, 2010 at 9:31 pm
This update has erased my network, and made most of my software inoperable. Mcafee’s fix includes another update, but the Mcafee program no longer runs on my computer. I’m pissed!