IT admins across the globe are letting out a collective groan after servers and PCs running McAfee VirusScan were brought down when the anti-virus program attacked their core system files. In some cases, this caused the machines to display the dreaded blue screen of death. Details are still coming in, but forums here and here …
How long does it take some people to learn?
McAffee has been a terrible product for many years. Any professional IT support person should have learned that years ago. Any professional IT support people using McAffee products in business should be fired for incompetence.
Worse than the disease!
Great, what a truly epic fail. You run AntiVirus software to protect your computer, and it does the exact opposite. We've successfully created a giant monoculture (with Windows) and now we're creating them with single choices of AntiVirus. I guess the logical (though damn annoying) conclusion is: "don't put the same AntiVirus on all your machines".
Of course, you could probably extend this advice to applications...
Maybe scatter a few Macs here and there?
"I guess the logical (though damn annoying) conclusion is: "don't put the same AntiVirus on all your machines"."
Nah. The real answer is to turn off automatic updates. The IT staff should test anything that goes onto corporate computers BEFORE rolling it out to the masses. Home users with a clue (yeah, yeah, yeah, I know, no need to yell!) should check IT news before updating.
That's not to excuse McAfee from proper testing before rolling out av.dat updates.
And of course, the real answer is to run secure-by-design software in corporate environments. Home users are on their own, by definition.
Agree on scattering a few Macs here & there. Maybe more than a few.
There are alternatives to Microsoft...
the obvious one is Ubuntu, but PC-BSD is great as is DesktopBSD. The latter needs more programmers on board to keep it alive and it is a very worthwhile product.
It's sad that one OS can be so dominant that problems like this are just accepted. You have to have an AV to run on a "professionaly" written OS and the apps for it are so bloated as to be barely functional under any load and require new hardware every, what?, 3 years just to remain functional.
The IT community can do little as it's management that decide what is purchased.
Thumbs up for McAffee helping to prove that Windows OS is unsustainable.
Anonymous because I may have to work with that crap OS server side.
very happy to hear this
I am tired of people switching to open source because of the "economic climate". I keep telling them cost is only the third reason to switch to Linux etc., and that security and reliability are the first two reasons.
So this feels good. "Schadenfreude" is too mild to describe what I'm feeling Maybe "gleeful". Even "gloating" :-) I hope this happens in larger enterprises, and I hope it somehow magically doesn't happen when they test in the IT department before pushing it out to 20,000 desktops :-)
And @Henry9: you may well be right but the real problem is the need for AV in the first place. Ask yourself where that came from
...was McAfee's response -- just take a look at user pk02137's post at the McAfee support forums:
Pretty good story there; over 8,000 desktops and 150 servers. Ouch. These things do happen, but McAfee's response could have had been better. Much better.
Strikes again! And when it isn't destroying your system, it's setting the Guinness Book Of Records fastest time for getting compromised by a rootkit and/or trojan. It's sole benefit is ... er... none really.
"Any professional IT support people using McAffee products in business should be fired for incompetence."
I agree... Goldman Sachs uses it globally, so there you go. The Indian phone helpdesk insisted my flatmate download it onto my... MY laptop when she rang them up for remote access. They didn't bother asking whose machine it was, of course. And GS does use the older engine too (cheap bastards), so it would've shoncked my laptop into the BSOD. Lucky I stopped her in time otherwise...
Cybersecurity - Diversity
The are massive risks of catastrophic failure with any system monoculture. Those leading the cybersecurity initiatives recently announced by the US and UK governments are well advised to reflect on this.
A level of diversity in hardware/software platforms and security solutions must be encouraged and preserved. In a cyberwar, system diversity will limit the effects of friendly fire and vastly reduce the weak opponent's chances of carrying out a "cyberspace spectacular".
Black Helicopter: because it's cyber-relevant. A complete formation of black helicopters would be more appropriate.
5301 engine doing just fine on boxen with DAT 5664
Apparently this is only affecting folks on the 5100 engine. Official support has ended for 5100.
Could McAfee have bothered to test the DAT 5664 with a few boxen running the 5100 engine before forcing it out the door as a sort of a quality assurance initiative? If, and when, they found *something bad*, perhaps a delay in the release whilst sending out stern reminders? For the sake of their own CYA for instance.
That sort of fluff markets to the paying masses better than crippling the systems of anyone who hasn't had a chance to roll out the new engine due to the labors of change control scheduling.
Unfortunately, it appears that lots of folks were running 5100, and on *big* *important* servers no less.
We need a horror story thread here, methinks.
Not their first epic fail, either
I remember when VirusScan Enterprise false-positived on excel.exe back in 2006, and deleted everyone's Excel executables on our fleet. Fortunately, Office had been installed from an Administrative Installation Point, so it repaired itself on-the-fly.
Day off for everyone else while the IT department gets its rear handed to it on a platter for choosing the product.
"Any professional IT support people using McAffee products in business should be fired for incompetence."
If the "professional IT support people" made the choice to use it yes. But I've had to deal with crap software bought by some pointy haired boss because it came with a free plasma TV (delivered to his house). When word somehow leaked there was a major shit storm. Not over wasting a pile of cash on software that didn't work, but over who should get the TV...
McAfee should be held accountable
If you're going to sell a product, you should be held accountable for damage inflicted by a defective product. That applies to McAfee, Microsucks and everyone else.
FWIW, McAfee does sell some anti-software to support O/Ss that other companies such as Symantec/Norton do not support, so system admins may be using McAfee because there is little other option.
Windows PCs should be able to perform a System Restore via booting from a Windows install CD. This should undo the actions of the anti-virus program and may even reverse updates to the virus definitions.
@ Max Watson
Last time I did a system restore from a windows boot disk it rolled back SP3, 2, 1 and all the security updates. It took a couple of days to get the machine anything like working safely.
I own two paid-for backup systems that will make a bootable recovery disk from the current image. Because of anti-piracy both require the windows boot disk to be inserted before they start. On my older machines they reject it as counterfeit.
I have been using Suse since 8.2, and am currently migrating everything to either Suse 11 or Ubuntu and will never, ever, build or buy another windows computer.
So Linux as usual is the answer to all problems - Not
I can see from several comments, that this would never happen to a open-source machine
Opps! talk about shooting your own foot.
Ah, the good old days!
I can remember the time when a 20Mb hard disk was huge and McAcfee was the virus hunter of choice in the DOS world.
For the last ten years and most probably the foreseeable future my belief has been that I wouldn't touch it with a barge pole. I say sack those responsible for allowing this horrendous creature on unfortunate victims PCs. How many times does this have to happen?
But computers running windows are cheap, eh? Anyone know whether these massive productivity losses happening about once a year are factored into the total cost of ownership of a device?
Boy, that would give Linux and Macs a boost..
"Any professional IT support people using McAffee products in business should be fired for incompetence."
I have to agree with the previous poster.
It isn't the IT staff who choose crapware like this. It's some moronic manager who hasn't got the faintest clue.
However, it *is* the IT staff who have to take the brunt of it when it fails.
Ubuntu may have other problems
But certainly not this one. Happy to write this from my Acer Aspire A150 running Ubuntu 9.04
And yes, I completely agree with the poster about diversity. At work everything we have is Windows, and while we are not running McAfee, we're standardized on a single AV vendor on something like 12000 workstations and 1500 servers.
A snafu of this caliber will literally stop the company on its knees. But everybody is happy with this situation.
AVG seems to have developed an allergy to a two-year-old exe for NetStat this morning. I guess the signature method of identifying trojans is reaching its sell-by date. Too many trojans = too many signatures = too high a chance of matching legitimate binaries.
Back to drawing board please.
"I can see from several comments, that this would never happen to a open-source machine"
Uh ... no. FOSS isn't inherently secure.
However, this would never happen to a secure-by-design system.
Learn the difference. It's kind of important.
AC 07:03 concatenating history?
"I can remember the time when a 20Mb hard disk was huge and McAcfee was the virus hunter of choice in the DOS world."
Somehow, my version of history doesn't match yours. Maybe it's me ...
Sounds like some disgruntled employee's last day at McAfee and they turned it trojan! I use a Mac and it hosts any virtualised XP sessions I need to run.
"Windows PCs should be able to perform a System Restore via booting from a Windows install CD."
Whilst that may be true can you imagine the hassle and expense that will cause an organisation like the one above with 8,000 affected machines going into a holiday weekend (in the USA)?
Heads should roll at McAfee over this cock-up.
/Gates, coz it's all his fault really
All AV is worse than the disease.
Money invested in training, mail servers that eat executables, decent firewalls and email clients that won't load remote images, activeX or remote HTML or run java etc.. Block all emails with executables.
RE: There are alternatives to Microsoft...
"It's sad that one OS can be so dominant that problems like this are just accepted. You have to have an AV to run on a "professionaly" written OS"
Take the sort of windows users who need antivirus every day to save them. Running as root, opening and running email attachments from strangers, accepting and running any file that supposedly comes from a friends message client and absolutely clueless about source code. Do you really believe they will be any better off with *nix? Under those conditions, I fail to see how nix could perform any better. It might actually do worse, as certain people who should know better tell nix noobs that they don't need antivirus and other stuff.
Replacing the entire operating system to solve an issue with one app for little to no other benefit is not professionalism, it's just fanaticism.
PS. The "IT community" you mention includes windows professionals. It isn't just made up of nix fanboys. There is not even a consensus that anything should "be done" about windows
Never their fault...
McAffee is getting the bad news now.
When was it that AVG 8 was crapping over systems?
Have fun trying to get your money back when you're a paying customer suffering from this dreck.
AVG Free is a competent solution for the home user, but it is not licensed for any other than home use. Even if it was, the networked editions (Network, SBS, etc.) are MUCH better for an IT environment. Additionally, the paid version offers better overall protection and update propagation than the Free Edition, not to mention you get support.
Disclaimer: I am an AVG Gold Reseller, and became one back with v6 after watching McAfee eat a couple of machines right before my eyes and Norton become a beached whale, and just being generally impressed with AVG. I have to say I am quite proud to be, and to have been, a part of AVG as the product continues to mature.
As for the engine vs. DAT file, while McAfee ended support for the 5100 engine, you would think the system could be coded in such a way as to recognize when an engine becomes dated. Maybe a notice distributed in the DAT to upgrade the engine would be nice. No AV vendor is immune from mistakes, but some of them are just forehead-slappers.
Paris, the paid version offers support.
McAfee not that bad.
At least it rightfully targeted "Files belonging to Microsoft Internet Explorer" which should be the default behaviour.
McAfee is pooh as is Norton, AVG might be free but is still a pain, Clamwin does the trick for me as it does not continuously grind in the HDD in the background.
McAfee - the choice of the ignorant.
McAfee are now, and always have been the AV vendor that will crash your computer. I have been uninstalling McAfee since windows 98, and every time the machine ran faster, BSOD's became a freak occurrence. Any sys-admin who willing runs McAfee obviously lied on his CV.
If a machine has Sophos installed then it isn't open source ;)
I blame El Reg.
..Since the Reg has put a # sign after every comment title, obviously all us lusers/commentards are now root, and are free to knacker our systems with impunity.
I remember when Dr Solomon's was the best AV.
Then McAfee bought it (or someone else did and bought McAfee)
No insight on this particular SNAFU, but, as the other half works for a very large US insurance company, I can say that the trend for these people is to push out now what should be left to next week.. BUT 4th of July means that they cut back on the testing, in an attempt to clear the next build window.
My advice, after waiting at home with a three year old, wondering why her mums working late is, DON'T FUCKING PUSH UNTESTED CRAP OUT.
For God's sake, if you have a release near a holiday, delay it until after.. you'll do less damage.
Twats. My three year old agrees.
Remember that TCO story?
You see, THIS is the kind of crap you need to add to Windows TCO cost calculations. The never ending absorption of bandwidth, the incessant mothering of systems so they stay more or less up, the endless streatm of security problems, the ceaseless interruptions be[Windows would like to reboot, Yes/no]cause updates need it (apps, OS, Java, anti-virus) - it goes on and on. A Windows based platform appears to spend more time coming up with excuses to interrupt people than to do any work, and this is called "enhancing" productivity?
Add to that the compulsory change of user interface with every release with the promise (but never delivery) of better productivity and it becomes really, really hard to defend not switching.
Retraining? What exactly did you have to do switching Vista? Office 2007? How much time did your tech staff spend looking what new devils they had to fight now? Have you found the "insert field" function in Word yet (hint: it's not in the ribbon)? Only in select cases has the upgrade been justified (Excel acquired some decent tools - if you can find them, and when you realise that you may need to switch them off again).
New equipment? Well, no, not for "that Linux thing" - those people don't code with the assumption that crappy, inefficient code is masked by throwing new hardware at it. And they have heard of async coding and real multitasking so .. the .. ma.. ch .. in .. e.. doesn't sl..ow down because you opened another app.
Security? Segregation is part of it's heritage, not imported later. No, it's not perfect either but you have a much longer run up time before it gains prominence as a platform to hack (it's also harder). What do you think you could do with, say, a year of uninterrupted staff productivity?
So there. With a honest TCO calc the picture may look bleak for the continued use of MS products. Aren't you glad nobody does them?
So soon after the OS X AV software article. This reflects many of the comments there, mainly to say "if it ain't broke, don't fix it".
Paris, on much the same basis.
My users are always complaining about this or that problem with McAfee, which is our company mandated av product (and it's still not as bad as Norton). So far, no one has noticed that neither myself or the IT manager will have it on our machines - I run Comodo (with only the core av functions enabled, and heuristics off). If this affects us, I suspect I'll need to go into hiding for a while.
Like the previous poster I remember Dr Solomon's. McAffee bought it out with the sole intention of removing it from the market. I've never touched any of their software since.
I used to use AVG until I ran into a few (admittedly minor) problems with it. Switched to a product called Avira. Like AVG it's free for the home user. Never had a problem with its auto update, don't have a problem with its nag screen (this only appears once a day, not every time you switch the machine on) and it has provided me with completely adequate protection. If you're a home user I'd recommend having a test run with it.
(Disclaimer....I don't work for them, don't know anyone who does work for them, don't have shares in them, etc.)
Rough draft - I thought it was obvious ...
I'm not sure if this is going to show up as Henry 9 but I am he who posted the first comment.
YES YES YES I agree that THE PEOPLE RESPONSIBLE FOR CHOOSING THE PRODUCT ARE THE ONLY PEOPLE WHO SHOULD SUFFER FOR MAKING THE POOR CHOICE OF PRODUCT.
Hey. The problem with this type of comment platform is that we are all posting rough drafts of our ideas. Had I taken a few hours to put the comment aside and review it later, as one would do with a business proposal or a school essay, I might have fleshed it out a bit more. On the other hand it seems obvious to me that the only people who should suffer the consequences of a bad decision are the people who were authorized to make that decision.
Once again ... DUH!
So? What's Your Point?
They're a corporation trying to:
1. Grow the company.
2. Increase the bottom line.
3. Increase stockholder equity.
Everything else is secondary, if not tertiary or lower, so the push is to get the product on the street to get/keep the revenues flowing.
That's their nature.
Yes, people have rootkitted lnuxes. There have been a few stories of infection.
But there are dozens of distros, there is Solaris, BSD, and perhaps if a few years time HP will rediscover unix.
A diverse ecosystem is always going to have higher natural immunity than a monovarietal monoculture.
fun with a bad AV package
More fun with an AV package that needs to be binned. The amount of times I've had people bring brand new laptops to me that are running dog slow and I uninstall macafee or norton and put a decent AV package on and see the machine run so much better. That alone should be enough to flag up their poor QA testing, then this comes along and just makes me laugh.
I've already talked to several customer's today all having problems caused by this bug, I've recommended they install the package peruse a refund and bill the computer engineer bill's to fix their broken systems to mcafee. They may not choose to pay it but id love to see these cases goto the small claims court and see what comes of it from there.
On the point of people going on about operating systems that don't need AV, no operating system doesn't need AV, mac's have AV and even apple recommend you have it. Just because windows is the platform of choice for most vx'ers does not mean your safe if ignore basic system protection.
Doesn't McAffee do this every couple of years or so?
If memory serves, isn't this at least the third time McAffee has released a pattern file that causes the AV to clobber Windows in some way? I remember about 4 years ago, doing contract work, when we had to rejoin almost EVERY machine to the domain after a McAffee update. Was a lot of fun trying to walk some users that barely understood English through the process of disjoining the machine, rebooting, using an admin pw (which we had to give out) to rejoin these to the domain, then rebooting again.
The same AVG I swore by up till the beginning of the year?
The same AVG that suddenly got a serious case of bloat and started crippling slower PCs? "mutter mutter mutter LINK SCANNER mutter mutter"
The Same AVG that in fact, did exactly the same as this and made the same screwup a few months back?
re: How long does it take some people to learn? #
"McAffee has been a terrible product for many years", Henry 9
What doesn't it do different than the others apart from scanning files for known patterns ?
- Breaking Fad 4K-ing excellent TV is on its way ... in its own sweet time, natch
- Top Gear Tigers and Bingo Boilers: Farewell then, Phones4U
- First Irish boy band U2. Now Apple pushes ANOTHER thing into iPhones, iPods, iPads
- Updated iOS 8 Healthkit gets a bug SO Apple KILLS it. That's real healthcare!
- Hey, Scots. Microsoft's Bing thinks you'll vote NO to independence