How many times does this have to happen
FAIL....
And for those who can't reboot to apply the new file?
McAfee false positive bricks enterprise PCs worldwide
Enterprise customers of a widely used McAfee anti-virus product were in a world of hurt on Wednesday after an update caused large swaths of their machines to become completely inoperable. The problem started around 2 pm GMT when McAfee pushed out DAT 5958 to users of VirusScan Enterprise. The virus definition falsely identifies …
-
Wednesday 21st April 2010 19:55 GMT foop
Hours of fun
We've been bitten by this. The immediate response of our IT people was to tell everyone to start yanking network cables - fair enough, as it looked like a day-0 worm spreading like wildfire across all our sites.
Ironically, it's only people not at their desks or bloody-minded enough to ignore IT that have survived, because their machines were still on the network for the virus definition rollback. There are hundreds of PCs that are going to require a bit of TLC to fix because they don't boot far enough to be fixed remotely.
Me? I'm a smug Mac/Linux admin.
-
-
-
-
Thursday 22nd April 2010 09:23 GMT Anonymous Coward
If only...
You have a trade off between the potential of the AV updates to cause problems and the potential of not releasing the updates to allow a new virus to spread through the network.
To test every DAT file quickly enough you pretty much have to have someone dedicated to doing that on a daily basis. It has to be tested on every variation of machine you have, every OS, every OS level, every critical app. We quarantine engine and product updates, but not DAT files, we simply don't have the resources to test them and get them out quickly enough to avoid the potential risks of un-patched machines.
We could of course use the "previous" branch in ePO to update, then we'd have time to delete the DAT's from current if problems are reported. But again the problem then is that if a new virus gets into the network and we don't have the latest DAT's it can cause far worse problems.
On the plus side, at least now I have more fuel to use in my recommendation that it's time to ditch McAfee.
-
-
-
Thursday 22nd April 2010 14:33 GMT Marvin the Martian
Not really a solution
(1) what is a "safe" waiting time?
(2) if you delay reports of disasters, isn't the overall population in the same spot?
(To wit: now EPO users less likely to be hit, others more likely; so everybody else installs EPO with same values; so population ends up as initially, just slightly longer infective for viruses due to delayed definition install).
-
-
-
Thursday 22nd April 2010 00:43 GMT Homard
Yeah it's a Piece of shit !
Doug fully agree with you !
My wife's machine has died tonight of the same ailment. Might be able to get it back but really not hopeful !
What you really have is POS security/antivirus running on POS o/s. True recipe for disaster.
The lesson to be learnt ? Don't use m$ shitware in the first place for mission critical services. That way you don't have to rely on retards like mc-crappy to fuck things up even further for you !
Enough said.
-
-
Wednesday 21st April 2010 19:55 GMT Anonymous Coward
an afternoon of fun
yep. the day was going well until about 14.25. then it all went Pete Tong. been a rather interesting
last few hours at work. we took multiple steps to stop windows systems from getting the DAT file without just pulling the internet plug. sort of worked...we estimate just 400 machines need sorting out - better than the c. 8000 it could have been.
-
Wednesday 21st April 2010 19:55 GMT Sureo
Tough Luck...
False positives forced me to abandon McAfee for Avira years ago. Once identified, the module would go into quarantine with no way to use it except to turn McAfee off completely. McAfee had no mechanism for me to report a false positive, instead telling me to boot a repair disk and scan the system again, fruitlessly. Avira lets you ignore a false positive and continue to use the module, and allows you to submit the module for analysis which, once found to be false, is fixed in a day or two. What a difference!
-
Wednesday 21st April 2010 19:55 GMT DaveShaw
Not the best
I managed to get mine out of the reboot cycle and back up and working by disabling all McAfee services via Safe Mode and registry editing (Network Polices prevents the Service Manager from doing it).
Some other guys in the office reported svchost.exe was deleted by it (ouch) and were less lucky.
Why won't our sys admins get avast :(.
-
Wednesday 21st April 2010 20:07 GMT Anonymous Coward
Stand and deliver...
I pity the poor IT dept that has to use that load of rubbish. It's bad enough at home having that ransomware on your machine, with pop-ups appearing all the time saying "pay up or your computer gets it!". Isn't there a more grown-up anti-virus that enterprise users can take advantage of?
-
Wednesday 21st April 2010 20:40 GMT pooch
GOOD JOB MCAFEE
MCAFEE basically sent a virus out to their entire customer base! MORONS! If i had the decision power behind our software selection for antivirus, i would DUMP THIS PROGRAM!
Where is their CHANGE MANAGEMENT process? Where is there IMPLEMENTATION REVIEW process?
I would not be surprised if MCAFEE loses a crap load of customers over this. Their stock is already down .20 cents today. not enough if you ask me. but this is my opinion.
-
-
-
Thursday 22nd April 2010 14:33 GMT A J Stiles
Best alternative
Best alternative to McAfee?
How about an Operating System where little things like privilege separation and non-executable files are baked in, rather than crude hacks bolted on from the outside.
And a culture where Source Code is passed around, shared and re-used; as opposed to treated as though it were allergic to daylight, with the consequence that everybody is forced to rewrite common functions from scratch, occasionally missing an awkward edge case.
-
Wednesday 21st April 2010 21:20 GMT Eddie Johnson
Evolution at Work
Old dinosaur companies that are too slow to respond to years of failure by McAfee are now being removed from the breeding pool. Why do people keep buying this crap? Its not even like its bought and paid for, you have to ante up every year.
Ever since AVG 8 turned my computer into a POS I've been surfing naked. I've never had a virus scanner find an actual virus since the days of the STONED virus that spread on floppy in the early 90's.
A nice lightweight, properly configured firewall to minimize exposure area and a browser without flash and Javascript keeps things humming right along. If you want a virus scanner get the lightest, least intrusive one possible and forget about all that prefetch, link scanning crap. It will always be a day late anyhoo.
-
Thursday 22nd April 2010 14:01 GMT Anonymous Coward
RE: Evolution at Work
I know I shouldn't feed the troll, but here goes anyway...
I ain't McAfee's biggest fan - truth be told I ain't a fan of them at all - so I'm not trying to defend them nor any of their competitors, but if you're not using any AV software then how do you know you've not been infected?
I think user education is more important than any software solution, and I do agree with your recommendation of using a firewaa to minimise exposure, but I'd not rely on the firewall and a Flash-free browser alone to ensure I was virus free.
Not that I really care as I don't use Windows on my own PCs anyway, but I do have to use this abomination of an OS in the workplace.
-
-
Wednesday 21st April 2010 22:08 GMT Daniel B.
McAfee?
I ceased to use McAffee in 1994, when it successfully destroyed NATAS. .. only to curl up and die because of an "unknown" virus. That "unknown" was DIR II.
I reverted to MS Antivirus back then (remember CPAV? MS bought them!), and later to Norton. I'm currently using avast!, though I had a brush with ZoneAlarm/Checkpoint... until they also brought upon me a bad false positive. Whoops!
-
Wednesday 21st April 2010 23:21 GMT LPF
Well that was an afternoon wasted
At first we thought a virus had hit our Domain controller and pused out to all the boxes. So everyone assumed the best way to avoid it was to update Mcfee..FAIL
I feel sorry for the IT bods, they will be having to manually fix a couple of hundred network PC's over the next couple of days ! :S
-
Wednesday 21st April 2010 23:21 GMT Anonymous Coward
Someone please sue them....
I fail to see how they could defend any legal action.
It would appear even the most basic testing should have picked up it canning a windows system file.
Go on someone please take them to court for your costs caused by this update. That way they might actually do their job properly.
Personally I stopped using their software quite a few years ago (having been a fan for quite a few before) as I started having problems with it.
I've used AVG ever since, never had any issues with their software or any infections.
-
Wednesday 21st April 2010 23:21 GMT Tom 54
bahhh
Yay.. what fun. So I've stopped the reboots... and now somehow sound does not work and various programs just gave up. It was crazy to come into the office today and have everyone gone.. guess they just gave up and said hey nice weather... wish I could have done that.. but being the drudgen that I am.. I cannot.
-
Thursday 22nd April 2010 00:43 GMT Christopher Martin
Brick?
"Bricking" reduces the utility of a computing device to that of a brick. It happens to game consoles and shitty phones that are so locked down that software bugs can render them unusable. But how the hell do you brick an average computer? Okay, maybe this means that you can't boot your primary OS. Does it not still boot from other partitions or devices?
Call me pedantic, but I don't think a device is a brick if you can have it mostly recovered, by yourself, by the end of the day.
-
Thursday 22nd April 2010 14:12 GMT g e
When is a brick not a brick
As most electronic devices have a flashable bios of some sort it's likely that most devices, e.g. PSP, etc, could have the chip removed, reflashed good and replaced. Or just replaced.
Hence also not a brick. Depends on the lengths to which you wanna go.
It is a brick until it is not a brick.
-
Thursday 22nd April 2010 14:44 GMT gollux
Concur...
I've bricked a system before, not a happy experience. These are not bricked, a quick BIOS change and a Knoppix CD gets you out of most continuous reboot sequences. And allows you to mangle McAfee so it won't start... And allows you to replace svchost.exe... Or whatever else file McAfee decides to eat for lunch that day.
Besides, I thought everyone had shut off that "Reboot on serious error" cruft that Windows XP ships with after the first bad XP patch got pushed out.
-
This topic is closed for new posts.
Biting the hand that feeds IT
