back to article McAfee false-positive glitch fells PCs worldwide

IT admins across the globe are letting out a collective groan after servers and PCs running McAfee VirusScan were brought down when the anti-virus program attacked their core system files. In some cases, this caused the machines to display the dreaded blue screen of death. Details are still coming in, but forums here and here …

COMMENTS

This topic is closed for new posts.
Linux

insert free adveret for msOffice .. :)

re: Not their first epic fail, either

"Fortunately, Office had been installed from an Administrative Installation Point, so it repaired itself on-the-fly", mechBgon

0
0
RW

Cybersecurity - Diversity: you left out Standards

If you have a truly diverse network with machines running a variety of OSes and a number of versions of each OS, it's also important that they all adhere strictly to standards. Otherwise data exchange becomes a nightmare.

The conflicts and inconsistencies between Wurd for Windows and Wurd for Mac are a legendary example of the evils of proprietary standards - especially when MS doesn't seem know how to write software adhering to their very own! (The truth is probably that even within MS, there is in fact no single, documented standard for the format of a Wurd file. Didn't some MS honcho say within the last couple of years that Windows comprises billions of lines of code, much of it ancient legacy code that no one understands anymore?)

Inconsistencies between web browsers (mainly between IE on the one hand and the rest of the world on the other) are another famous, ongoing failure to honor standards.

Someone tell me: Sun nailed MS in court for "extending" Java; do other organizations that set standards stipulate that "extensions" invalidate any system's claim to adhere to whatever standard is involved?

0
0
Terminator

@Alan W. Rateliff, II

I use the AVG on my traveling lapdog, and McAfee on my home pc that the missus uses. When I bought the lapdog, it came with AVG free. When it expired I reloaded it and checked the box to say I would participate in development, so far, so good. It has been 4 months and counting and this thing has not been any trouble at all.

As far as large networked environments go, it is obvious that paying for the right to use comes with much needed support.

As far as the DAT update spitting up a dialog box saying "Your version of the Engine is out of date, and this DAT update is about to destroy your machine, continue, Yes/No?" Is likely something they could have done had they tested it before releasing it.

Terminator, obviously the machines and their programmers are to blame.

0
0
Stop

McAfee not to blame here, lusers that never update ever are...

This issue only affects people running the 5100 engine. McAfee stopped supporting the 5100 engine way back at the beginning of 2008. Even it's replacement, the 5200 engine is no longer supported. No longer supported means that they no longer test their daily dat releases against it to check for false positives.

Do people expect them to go on checking the 10,000 new detections added to the Dats every day against every single version of their product ever released, despite making very clear statements and giving very clear notice regarding end of support dates?

0
0
Grenade

I wouldn't touch McAfee if you paid me

Or Norton, come to that. Sophos *maybe*, but McCrapy?

Get real.

There are free AV products for the PC out there that are just as effective, and frankly better managed, than McCrapy will ever be.

Also - can anyone answer this one - why has practically no-one mentioned another part of system protection - take REGULAR backups of your system? That's most definitely a major part of protecting your system from screwups, and I'm very surprised that more haven't mentioned that!

Grenade, as without adequate PC protection routines, you're playing with one without a pin!

0
0
FAIL

Oh dear...

Icon says it all.

0
0
Troll

No AV, no hassle.

I'll probably get shouted down for this, but I've given up running anti-virus software completely in the home. I DON'T advise this if you're the sort of user that clicks any exe you see in your email, (or uses IE as your main browser).

However if you're the sort of person with a clue (and you read The Register, so you probably are), then relying on your own common sense and a GOOD firewall (one that notifies you of unauthorised outgoing connections) will protect you just as well as relying on some dubious AV software.

0
0
Linux

Whats antivirus?

Before I learned-the hard way- I used to use an odd piece of software that helped to slow the response of my pc to something of 10 years older, and still would not protect my files.

Then after learning, after all the cost, after all the b.s. from the software supplier I simply switched to Ubuntu: 2 years of NO antivirus, and NO problems! Lesson learned. Just accept the facts and move on.

0
0
Coffee/keyboard

A bowser full of schadenfreude

I wonder whether my last company has had a problem with this - I shall have to find out from my friends who still work there.

Why? Because my old boss used to start doing things about 5 minutes after it became critical (Proactive is that funny yoghurt stuff his wife eats) and although he used to claim he documented everything, it was handwritten in an A4 pad. There were a stack of these in the office and even he couldn't find anything when he needed it so no one else had a chance.

The antivirus he had bought many years before was McAfee and although the DAT files were constantly updated the main program itself was very old. Even when the company was making a lot of money the AV wasn't updated despite the anti-spam addon often crashing the exchange server.

And 50% of the users work remotely around the entire country. Most of these have worked their way up from the shop floor so IT is something they don't like dealing with but know they have to. If their machines are blue screening they will be turning the air just as blue as they are fighting for survival in an industry heavily affected by the recession.

I am so glad I hit the escape key...

0
0
Thumb Up

Sophos AV

I've been using Sophos AV for years on various client sites with none of these problems.....it itsn't the cheapest AV around but there seems to be a reason for that.....because it's bloody good!

Can't see why people use the failure of McAfee to start bashing Widnows.....it's just the AV vendor being a tit and nothing to do with the Windows OS........get over it!

0
0

It got us too.

It took down our BES server and our server team is still working on it. This isn't the first problem McAfee has caused, so I have no idea why the server team is still using it.

Of course, it's their problem to fix too, so what do I care?

0
0
Thumb Up

Anyone thinking of ditching AV completely on Windows

You can find all you need to know here:

http://blogs.msdn.com/aaron_margosis/pages/TOC.aspx

Summary: Running as Limited Users most of the time and only using an Admin account to install software/drivers will make your XP-and-onwards system very secure. I've been happily running XP for over 2 years this way without infection. It takes about 20 minutes to set up and is a helluva lot easier than installing and getting used to a Linux distro.

0
0
Anonymous Coward

Again?

Didn't they do this a few years ago as well?

0
0
FAIL

Sighs

Im with you Henry 9. What I want to know is why is it that Norton and McAfee who USED to be the best at what they did (when all they really focused on was the AV package) decided to put their collective heads up their asses all for the sake of a dollar? The trend I notice is that it seems that the more these AV companies start looking out for the shareholder. Problem with this concept is that the more crap like this happens the more that people will start to shy away from them and the only way they can keep their names in front of people is to make deals with the manufactures to have their software preinstalled. Oh well hope some more people learn from these things as they continue to happen.

/Can someone explain to me why when journalists call someplace they always expect an immediate response and if they dont get one you tend to see this "A McAfee representative in the US didn't immediately respond to phone calls seeking comment." in the article? Mainly curious as it seems like the PR people or whoever is called should be at their beck and call....never understood it. Thanks

0
0
(Written by Reg staff)

@James O'Brien

Hey James,

Not sure if your question is just bait. Assuming it isn't, here's the answer:

In journalism, as in many other aspects of life, there are real-time deadlines. So what to do when it's time to hit to publish button and you still haven't gotten an answer to your question? Do you:

a) lay out the fact that you indeed asked the company for their side of the story and didn't get a response by press time (i.e. an "immediate response")? or

b) not mention it at all and let readers wonder if you bothered to email the company at all?

No, companies aren't at journalists' beck and call. But they have a right to have their voice heard in stories that directly concern them. I was only trying to make sure it was clear I tried to give them that opportunity and for whatever reason had not gotten a response by press time.

The reason we say didn't "immediately respond" is to make it clear that there wasn't a whole lot of time between the time we asked and the time the story was published. In the case of this story, it was about 2 and a half hours.

Make sense?

0
0

agreed

"This issue only affects people running the 5100 engine. McAfee stopped supporting the 5100 engine way back at the beginning of 2008. Even it's replacement, the 5200 engine is no longer supported. No longer supported means that they no longer test their daily dat releases against it to check for false positives."

I totally agree with you. I quite don't get so many angry users. You should keep your AV software up to date as well. I remember people patching XP with Win2000 files because they saw similar bug going on ... at the same time it's easy to be critical without knowing $0 budgets some IT folks have to deal with ....

McAffee was great product back in the MS DOS age after they acquired pretty amazing Dr Solomon's Antivirus (I loved that tool back in MS DOS 3.0 age)

ahhh the old days

0
0
FAIL

How many more times?

I can remember at least three similar incidents where McAfee FPs on some critical Windows DLL and auto-bricks a gazillion PCs.

0
0
Silver badge
Thumb Up

Re: Tim Brown 1

>'ll probably get shouted down for this, but I've given up running anti-virus software completely in the home.

Actually you would be correct about the general technical level on the site probably, but no antivirus for many or most in here would be a no go. The reason is most of us are savy enough to not have to pay for software (haha anybody preaching ethics is either a hypocrite or owns software company stock). One risk of being a pirate is dodgy websites and executables. Without piracy and porn no way the internet is worth more than a few dollars a month.

0
0
Badgers

@Mage

"Block all emails with executables."

In a perfect world this would work.

Unfortunately too many people want HTML email and documents that can contain scripts. Plus you never know when the next bright idea is going to come out of Redmond for including "active" capability inside some otherwise safe format.

Badgers because.. I can.

0
0
Anonymous Coward

McAfee should do better

Yes system admins should be running current McAfee software and doing regular updates, but it's irresponsible and unacceptable to crash systems using year old software. I mean come on McAfee and every other software and O/S supplier most definitely has a responsibility to support their product for year(s). I'll bet there are some lawsuits over this deal.

0
0

Why do McAfee allow updates to unsupported software?

I don't get this, if McAfee are no longer testing the updates on older versions of the software then the older versions of the software shouldn't allow the updates to be applied.

Also why isn't the AV engine updated along with the Virus updates?

To the people saying that all updates should be tested before being pushed out, I agree with this for updates to applications or drivers but AV updates can happen several times a day you have to trust your AV supplier that their updates will work correctly with their software. If you don't, then you're using the wrong AV program.

0
0
Linux

@Jake: RE: AC 07:03 concatenating history?

> "I can remember the time when a 20Mb hard disk was huge and McAcfee was the virus hunter

> of choice in the DOS world."

>

> Somehow, my version of history doesn't match yours. Maybe it's me ...

It's you. I can remember when 10MB hard was big deal and certainly then McAfee was the av of choice. You could catch a virus off those 5 1/4 inch floppies back then. Praise the gods for the arrival of Linux! A proud user since before Windows 3.2!

0
0
Silver badge
WTF?

Abject fail on the part of McAfee

If the engine is no longer supported, why is it still downloading updates?

If the engine is known to download updates, why are these updates not tested against it?

Sorry, but the excuse "Oh, that engine isn't supported" is complete and total rubbish. If it's not supported, IT MUST NOT DOWNLOAD AND OPEN A FILE THAT IT DOESN'T UNDERSTAND.

Even if you aren't going to support everything you ever made, you still have a duty not to break it.

It is *trivial* to do version checking at the top of a file. Are McAfee saying that they don't know how?

AVG does that - a while after the 7.0 engine went obsolete, it stopped downloading new updates and told me so.

0
0
Thumb Down

I don't use anti-virus crap at all

I've never had a problem in 8 years now.

Why bother?

0
0
Linux

Yea stay away from free anti-virus

Poetic justice, coming just after they dissed free anti-virus users.

0
0

Never Update Over A Weekend!

Never update over a weekend -- especially a holiday or 3 day weekend. This has been the rule of IT for decades. Any company that does a major pushes on a Fridays should be seriously reconsidered. No excuse for this one.

0
0
Grenade

Consultant??

So this IT guru correctly diagnoses the problem: an AV update is trashing every machine it touches. So he celebrates by switching on his laptop and letting it connect to the internet?

To put it as politely as possible - I can think of better tactics...

0
0
N2
FAIL

House of cards

Just beggars belief that McAfee could cause such a problem, do they test their updates?

But where do you put the blame, McAfee for its update or Microsoft for its continuing to deploy technologies riddled with exploits?

0
0
Terminator

Monday is just round the corner...

...and we shall see what the fallout is like. Luckily my work used the v8.5i engine, so we haven't got any BSOD's.

This sort of thing is not good - because you'll never know when those sons of fun will decide to target v8.5i and higher with their pranks...

Going to suggest to damagement that we look at alternatives ASAP.

Terminator - terminating dumb software.

0
0
N2
Thumb Down

@ Max Watson

Dont make me fucking piss myself,

When in Gods name has any self respecting virus ever not managed to rip right through everything in its path and install to the system restore directory? something to do with raw socket access or what but every decent virus writes straight to it, when you are denied access until you change permissions.

How utterly hopeless is that?

& as for 'system restore ' it seldom works anyway.

0
0
Anonymous Coward

IT Support

Pity they all got fired due to cutbacks.

0
0
Coffee/keyboard

OFFF

The Lusers and sysadmins having all the nightmares are the ones running an old engine. So old that it's actually 2 versions too old. That's like compalining when your seatbelt pre-tensioners and airbag fail to work when you've ignored both recall notices saying that they must be replaced or you're going to go through the windscreen when you have an accident.

0
0
FAIL

@James O'Brien

"Mainly curious as it seems like the PR people or whoever is called should be at their beck and call....never understood it. Thanks"

Actually James, that"s *exactly* what the Public Relations department is for - answering questions from the Media. Not the Engineering Dpt, not the Publicity Dpt (though they may want to put a spin on it), but the *Public* *Relations* Dpt. This is their Raison D'etres.

The fact they didn't answer tells me they were caught with their trousers at half mast and hadn't even planned a canned response in case of emergencies. (How hard can it be to state "We are aware of this problem and are working to rectify it"?).

Sack the person whose job it was to hold the store at the time - s/he obviously cannot do the job satisfactorily.

0
0

It must've been sabotage

The only way this can be explained is that someone working for McAfee must've sabotaged this update.

The change that a virus would have the same "fingerprint" as a system file is minimal and the chance that McAfee would just roll out the update without testing is tiny. That leaves only one logical explanation.

0
0

@N2

I wasn't suggesting a restore would remove a virus. Just undo the modifications to the system files that McAfee has done so you can boot your system properly again.

0
0
Gates Horns

@Aaron 6

"no operating system doesn't need AV"

Er, wrong.

Please. Do yourself a favour and find out what the differences between Windows and Linux/OSX are BEFORE you post mindless rubbish like that.

The ONLY reason to run AV on either OSX or Linux is as a courtesy to any Windows users you may (unintentionally) pass infected forwarded emails onto.

Privilege escalation using buffer overflow vulnerabilities are not viruses, they are exploitations.

To infect a Linux/OSX box would require running code in order to install. This requires deceiving the user into installing it in the first place. Cus guess what? Linux distros aren't so fucking stupid as to allow remote sites to install to the root file system.

Seeing as Windows boxes are rarely set up correctly and are almost always left with an unexplained Administrator Account as default, Microsoft are completely and totally 100% responsible for this current mess.

They've had umpteen iterations of Windows now and they refuse pointblank to use a decent Unix-like model for security, choosing instead to repeat the same retarded mistake over and over again.

Sympathy?

Absolutely none at all.

0
0
Silver badge

@AC 09:37

I tried to reply. Apparently being polite isn't acceptable.

0
0
Stop

@Never Update over a Weekend

It's an old IT project management mantra as well - never launch anything on a Friday - unless you want to spend all weekend trying to fix it.

0
0
Happy

Finally!

Someone at McAfee has decided to try to fix the root of the problem.

0
0
Bronze badge

@Alan W. Rateliff, II #

"Disclaimer: I am an AVG Gold Reseller,"

... Then you will know that last week AVG identified Visual Studio 6 as a virus?

0
0

This post has been deleted by a moderator

Joke

Whiney Comments

Top 5 whiney comments from this thread.

1. Ohhh my linux box is safe, join us. We love you. Please?

2. IT guys must test things before releasing it. Agreed, but AV updates can be daily. Not all companies are big enough to have staff assigned to testing only.

3. It's Windows's fault.

4. Don't release an update before I go on holiday. (Selfish a**hole?)

5. I'm not running any AV and i'm fine

0
0

@N2

Sir, you are a potty mouth. Sit on the naughty step until you learn to speak properly (and until you can actually name a piece of Malware which can "rip right through everything in its path and install to the system restore directory").

0
0

This post has been deleted by its author

Troll

IT Support

who is this anonymous coward person? he contradicts himself (or herself) all the way down the page.

FWIW - any IT Support person running out of support AV software should be sacked.

and don't worry - the DATS won't install on 5100 or 5200 after 31/12/2009.

0
0
Gold badge

@ Neoc

"Sack the person whose job it was to hold the store at the time - s/he obviously cannot do the job satisfactorily."

I think you're forgetting the fact that it was weekend, most PR shops don't open 24/7. El Reg did the right thing (and McAfee still have right of reply as well).

In this case the issue is with McAfee emergency management procedures which appear not to include external communication (I'm still assuming they have emergency handling processes to start with). It thus appears they may need to talk to us about disaster planning as theirs appears to suffer deficiencies.. Just putting out a canned statement isn't enough, you need to follow up with some facts or report status.

Bottom line: PR is important, but don't assume the company isn't dealing with the problem because they forgot to manage the press coverage. I would prefer them concentrating on solving the issue..

0
0
WTF?

Less of the hyperbole please

To everyone who says the best solution is to just not use antivirus: You clearly don't work in an organisation with any actual users.

As for McAfee, this incident was definitely a massive fail on their part but I do think lazy sys admins should take the blame for not updating their engine even though it hasn't been supported for quite some time.

Furthermore, while McAfee is definitely a pain in the arse sometimes (for example, we've discovered a problem here on 'older' machines where performing DAT updates takes up 100% CPU and absolutely kills a machine for 5 minutes every day - McAfee have told me this is normal behaviour) but I have it on good authority that their management/deployment solution (epo) is pretty much unmatched by it's rivals.

Lastly, I just want to point out that in my experience people (users mainly, but IT people as well) have a tendency to blame every problem that arises on McAfee (or whatever AntiVirus product is installed) even if it is completely obviously unrelated.

0
0
FAIL

@ matt 83

"If a machine has Sophos installed then it isn't open source ;)"

This is incorrect.

Sophos provide CID downloads for Linux, Solaris, HP-UX, Netware, FreeBSD, AIX, Mac OSX and Various Windows systems...

While the product may not be open source, the OS can be.

0
0

McAfee did it on purpose, I reckon

What is the latest version of AV that can be installed without corporate secure download access, unpatched 5100.

A gentle kick in the ribs for any accounts not paying their McAfee update fees perhaps?

Hmm, I wonder

0
0
Silver badge
FAIL

Alternative antivirus

I used to use AVG Free, but that seems to have gone the way of the bloatware over the past year. Now I use Avast! Antivirus on my home PC, also free. I would recommend it - it seems to have a smallish footprint and not require the constant attention that AVG now seems to need.

We use McAfee at work. It is a well known fact that we won't get much done on a Friday afternoon, when the weekly scan kicks off, and the best thing to do after turning your machine on in the morning, is to go and make a cup of tea...

0
0
This topic is closed for new posts.

Forums

Biting the hand that feeds IT © 1998–2018