McAfee splats bug that knocked punters offline
Antivirus maker McAfee has fixed a problem that cut off punters' internet connections earlier this week. The snafu, caused by a dodgy update for the Intel-owned malware whack-a-mole product, also knackered enterprise versions although it didn't send users offline. For both the consumer and business builds, the error was traced …
This topic is closed for new posts.
So why are we still using scanners?
Misfiring definition updates are a well-known Achilles' Heel of security scanners, akin to punctures in pneumatic tyres, and all vendors experience problems in this area from time to time.
Apologist much?
Why are we still using virus scanners? Why aren't anti-virus vendors affected by viruses?
Re: So why are we still using scanners?
VMyths articles from 2004? It's like the other day, when I looked up the "Ural Mountains Nuclear Disaster" so-called, and the first Google result was a page that sounded perfectly reasonable for the first couple of paragraphs, and then started talking about how the Space People had to intervene to save seventeen million lives.
Because it's been a problem since 2004 and earlier, actually
The bloody 'iLoveYou' virus from 2000, Code Red and ilk from 2001, and so on highlighted grave weaknesses in scanners that have existed to this very day. Never mind 2004.
You can blame McAfee for spearheading that, even back in 1999:
The market for profile-based detectors dried up ... because software reviewers recommended signature-based scanning to the exclusion of all else. That's right: journalists with no expertise told everybody to use insufficient virus detection methods.
Profile-based utilities shriveled when John McAfee released a signature scanner called VirusScan. [...] Signature methodologies complement profile methodologies, and vice versa — but McAfee told the media his scanner superceded generic detection. Reporters wrote countless stories saying we needed only one product: VirusScan.
McAfee set themselves up for this failure at least thirteen years ago.
Re: @Aaron
Cheers for that, absolutely marvelous. I had to add "Space People" to find it (maybe google have these forums plugged into the page ranking algorithms). Never came across the aetherius society before, looks like scientology but with the suggestion that they have not had their sense of humour removed.
Ah, so that explains it
I was asked to help with a friend's computer, I couldn't work it out - I could ping the router and a WAN IP, but all tcp/udp traffic was dropped. I tried disabling McAffee's firewall, to no avail, so in the end I just removed it - it's shit anyway.
Re: Ah, so that explains it
I couldn't even get my friends to ping it's default gateway, but Windows update traffic was fine... McAfee kept bleating about missing DLL's every time I tried to start it and disabling the services had no effect.
More trouble than any virus
Seriously - I've seen more problems caused by McAffee over the years than I've ever seen caused by viruses on non-protected machines - they range from blocking email collected over SSL, dropping random internet traffic (this update isn't the first one to do this) and generally slowing the machine down to a crawl even when they're working 'correctly'.
Not just more trouble...
...McAfee is a virus.
I mean, let's look at it honestly: It's a program that, once installed, fucks up your computer, and then demands money to get rid of the problems you didn't have before it started running. The only part of the "scareware" definition that it misses is that it doesn't install itself when you load a dodgy Flash ad -- but, then, that's what their social-engineering, oops I mean sales, department is for!
try
using MSE as a last resort before giving up and going pinguin shaped
I tore McAffee out of the non-internet laptop at work because the nag screens saying it could'nt connect popped up all the time.. usually in the middle of a complex CAD model.
Someone did a system restore on it though when the battery went flat........ argghh bloody McAffee bollox windows popping up again in the middle of my CAD models again
You don't need a penguin
You just need a bit of good sense -- Firefox + Adblock Plus + Flashblock does the job just fine for me, to the extent where I don't even bother running a virus scanner. Been doing it this way for almost a decade, and I've yet to encounter a problem.
Re: More trouble than any virus
Lets not forget the dog egg that is NAV too!!!!!!!
Possibly the two most fucked up anti-anti-virus programs it has ever been my displeasure to encounter...
Re: More trouble than any virus
Urg, we're forced to have this on our desktops at work, and it sludges up the machines to no end. Opening firefox or thunderbird can take minutes, and if you open task manager, you can guarantee it'll have mcshield.exe stuck at 25% cpu, with more page faults than there are atoms in the universe. Trying to save a file or attach one, if you accidentally browse back to the root of My Documents it'll decide it needs to scan everything in there, and lock your machine up for another couple minutes. So much wasted time dealing with the bollocks that is mcaffee...
Ah good glad that one is fixed. I mean, it's only the fourth (or more?) times that McAfee have released an update thats broken a PC. Anyone recall the definition file that required an engine upgrade? If you didn't upgrade the engine the definition file would trash McAfee and cause PC problems.
Or the Engine update that tanked the PC
or the definition update that broke the application
and so on. McAfee are a joke now.
Bah
"...either left without a functioning internet connection or unable to perform any actions in the McAfee Security Center console..."
So, how is an affected user supposed to download or apply the update that fixes it?
[abandoned McAfee years ago]
Thank You
Ta for this, Reg. You prevented me hurling my computer out of the window in a fit of 'why won't this f***ing thing connect to the Internet' pique.
Funny how McAfee can get 'please buy more from us' emails out but not 'we have screwed your computer'.
Still, to be fair, once you had pointed me in the right direction, the fix was quick and painless.
Re: hurling my computer out of the window
Couple of months ago I found a Dell tower, lcd and keyboard in the cardboard recycling bin at work. Much to my surprise all are working, though XP would not boot at first. It was some problem with either Norton or McAfee, which I solved by removing it. Tower is going to a workmate who needs a better computer, after I put in a bit more ram.
Imagine trying to run even XP on 512Mb of ram (as shipped by Dell) and either of those boated AV's. No wonder it went into the bin, aside from the boot issue.
Re: hurling my computer out of the window
No imagination necessary. I was consulting at a client with just that - 512 MB Dell laptops + Norton.
Every morning, sure as the sun rises in the east, NAV would take 45 minutes to scan everything and use 200MB of those measly 512 to do so. Couldn't really expect to really start working before 10 as a result.
Us contractors had actually proposed buying the effin RAM for the customer, on our dime. Just to skip the aggravation. Dell being Dell however, the RAM was long since discontinued. Neither did the customer's accounting department fully grasp the difficult concept of 50% efficiency loss x 0.75 hours x $100/hour x 200 days was far more than the RAM would have cost.
NAV and McAfee are far more destructive of productivity than any virus can realistically dream of being.
Typo in article:
"Misfiring definition updates are a well-known Achilles' Heel of McAfee, akin to having your tyres slashed by the local Kwik Fit, and all versions brick your PC from time to time."
There, much better.
Thanks to McAfee
I recently shifted to IS from more general network and desktop admin work. I am quite happy about this as problems of this nature actually increase my job security. From a purely cynical perspective, riding herd on dodgy software equates to bigger paychecks.
On a more practical note, delaying the implementation of DAT files across your enterprise by a day or two will prevent this crap from happening to you. Treat DAT files like any other change to your environment: test first, then deploy to the field.
Utter Muppets
McCrappy have a history of this clueless stuff. Had to use this terrible software for 7 years in an Enterprise Environment and all the problems we have had caused by McCrappy DAT updates not tested before they send them out. Beggars belief. When it actually works it fails to deal with infections.
Re: Utter Muppets
Why didn't you stagger the releases, epo can do that and so can Symantec etc...
Although not my preferred choice of AV (Eset) ePo was very easy, the only problem I found was every support contract renewal a feature included suddenly became seperate and meant having to buy an add-on. In the end was forced to go with our group's choice Symantec.
It isn't just the operation that's bad
Its the design.
Why not distribute updates over http so you can use proxies to ease the load on your main servers and wan links?
A major corp I worked at had issues a few years ago when the update client didn't shut down network connections as expected. Thousands of hosts tried to connect at around the same time and DOS'ed the firewall (I know, don't get me started on that config...) which took out LOB services too (and there's another thing not to get me started on).
If McCrapAfee actually TESTED their software......
...... these problems would not arise.
But then, I no longer have these problems because after years of suffering McCrapAfee, I now use AVG.
END OF PROBLEMSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS.
Re: If McCrapAfee actually TESTED their software......
Start of BUY NOW
You can't use this feature
Why didn't it block that virus
When will signature scanning end?
I've posted this idea before, but will signature based scanning ever end? It's trivial to get around now; 'whack a mole' characterizes it perfectly. The question is, what's the answer? White listing/digital signatures? Heuristics?
This topic is closed for new posts.
