back to article McAfee false positive bricks enterprise PCs worldwide

Enterprise customers of a widely used McAfee anti-virus product were in a world of hurt on Wednesday after an update caused large swaths of their machines to become completely inoperable. The problem started around 2 pm GMT when McAfee pushed out DAT 5958 to users of VirusScan Enterprise. The virus definition falsely identifies …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    FAIL

    How many times does this have to happen

    FAIL....

    And for those who can't reboot to apply the new file?

  2. foop

    Hours of fun

    We've been bitten by this. The immediate response of our IT people was to tell everyone to start yanking network cables - fair enough, as it looked like a day-0 worm spreading like wildfire across all our sites.

    Ironically, it's only people not at their desks or bloody-minded enough to ignore IT that have survived, because their machines were still on the network for the virus definition rollback. There are hundreds of PCs that are going to require a bit of TLC to fix because they don't boot far enough to be fixed remotely.

    Me? I'm a smug Mac/Linux admin.

  3. Andy Enderby 1
    FAIL

    I would have thought that.....

    Best practice would be to be professionally paranoid and quarantine all patches for critical software like O/S and core apps until it has emerged that there are no show stopping gotchas or the patches have been tested. Still wtf do I know.

  4. Doug Glass
    Go

    Again!!!

    Frakk!! When are those of you using this going to stop paying for this POS?

  5. Anonymous Coward
    Anonymous Coward

    Macafee Again

    It seems like every other month that you are writing about one cock up or another concerning this anti virus software why do people still use it?

  6. Anonymous Coward
    FAIL

    an afternoon of fun

    yep. the day was going well until about 14.25. then it all went Pete Tong. been a rather interesting

    last few hours at work. we took multiple steps to stop windows systems from getting the DAT file without just pulling the internet plug. sort of worked...we estimate just 400 machines need sorting out - better than the c. 8000 it could have been.

  7. fishman

    McAfee is a virus

    Several times over the last couple of years I've had to get the BOFHs at work to fix McAfee inflicted damage on the pc in my office that runs windows. I wouldn't be surprised if there were other times where McAfee screwed up but the BOFHs fixed it before I found out.

  8. Sureo
    FAIL

    Tough Luck...

    False positives forced me to abandon McAfee for Avira years ago. Once identified, the module would go into quarantine with no way to use it except to turn McAfee off completely. McAfee had no mechanism for me to report a false positive, instead telling me to boot a repair disk and scan the system again, fruitlessly. Avira lets you ignore a false positive and continue to use the module, and allows you to submit the module for analysis which, once found to be false, is fixed in a day or two. What a difference!

  9. DaveShaw
    FAIL

    Not the best

    I managed to get mine out of the reboot cycle and back up and working by disabling all McAfee services via Safe Mode and registry editing (Network Polices prevents the Service Manager from doing it).

    Some other guys in the office reported svchost.exe was deleted by it (ouch) and were less lucky.

    Why won't our sys admins get avast :(.

  10. Matt B
    Pint

    Great...

    Looks like tomorrow could be a fun day at work! Lets hope my AV server has some how managed to not download this update and fire it around the network.

    Where's my hip flask...

    1. Sillyfellow

      you're correct.

      ahem.. companies using mcafee should be using a Mcafee EPO (e-policy orchestrator) server. with this you can delay mcafee updates being served to the client machines, which is safe practice.. because it's not the first time such a thing has happened..

    2. Anonymous Coward
      Anonymous Coward

      How to fix if you can't get update from server

      Okay, download the McAfee update DAT from McAfee site, then log onto the machine with the problem and put the file into C:\Program Files\Common Files\McAfee\Engine. Reboot machine. All should be good again :)

      1. DaveShaw
        IT Angle

        You missed a bit

        "with this" [Any Half Competent BOFH] "can delay..."

        Our company uses EPO and still got hit :( .

        1. Anonymous Coward
          Anonymous Coward

          If only...

          You have a trade off between the potential of the AV updates to cause problems and the potential of not releasing the updates to allow a new virus to spread through the network.

          To test every DAT file quickly enough you pretty much have to have someone dedicated to doing that on a daily basis. It has to be tested on every variation of machine you have, every OS, every OS level, every critical app. We quarantine engine and product updates, but not DAT files, we simply don't have the resources to test them and get them out quickly enough to avoid the potential risks of un-patched machines.

          We could of course use the "previous" branch in ePO to update, then we'd have time to delete the DAT's from current if problems are reported. But again the problem then is that if a new virus gets into the network and we don't have the latest DAT's it can cause far worse problems.

          On the plus side, at least now I have more fuel to use in my recommendation that it's time to ditch McAfee.

      2. Cliff

        Nonbooting?

        If the machines cannot boot, having had svchost removed from their OSes, how would you boot far enough to install that file? If you had 5000 desks, that would be pretty rotten having to do each one manually - this is a pretty bad f*ck-up, it could massively wound McAfee :-(

        1. chuffmonkey
          Thumb Down

          wound it? need a mercy killing

          'it could massively wound McAfee :-('

          lets hope it kills the ugly beast; nearly as useless as Norton FFS

      3. Anonymous Coward
        Thumb Down

        How about the millions of home users now with NO Net access

        So, how are the millions of home users with XP and McAfee that now don't have ANY Net access going to be able to download the updated Dat file? Will McAffee identify them all from their subscription data and post the file to them ???

      4. Anonymous Coward
        Flame

        That's great but...

        I only got an email from McAfee at 9:30pm last night informing me of the problem, which of course had already affected a lot of our machines.

    3. Homard
      FAIL

      Yeah it's a Piece of shit !

      Doug fully agree with you !

      My wife's machine has died tonight of the same ailment. Might be able to get it back but really not hopeful !

      What you really have is POS security/antivirus running on POS o/s. True recipe for disaster.

      The lesson to be learnt ? Don't use m$ shitware in the first place for mission critical services. That way you don't have to rely on retards like mc-crappy to fuck things up even further for you !

      Enough said.

      1. Anonymous Coward
        Anonymous Coward

        Stop using it?

        ...as soon as management lets us buy something else. ;-)

    4. Marvin the Martian
      Stop

      Not really a solution

      (1) what is a "safe" waiting time?

      (2) if you delay reports of disasters, isn't the overall population in the same spot?

      (To wit: now EPO users less likely to be hit, others more likely; so everybody else installs EPO with same values; so population ends up as initially, just slightly longer infective for viruses due to delayed definition install).

      1. Andy Enderby 1

        @Marvin

        I think you misunderstood me. I was talking about this from the point of view of a sysadmin setting policy for the rolling out of such potentially troublesome patches across an enterprise, rather than, in this case from the point of view of McAfee.

  11. Anonymous Coward
    Happy

    Stand and deliver...

    I pity the poor IT dept that has to use that load of rubbish. It's bad enough at home having that ransomware on your machine, with pop-ups appearing all the time saying "pay up or your computer gets it!". Isn't there a more grown-up anti-virus that enterprise users can take advantage of?

  12. Jim Carter
    FAIL

    That would explain

    Why our internet proxy server went the way of Simon then. Should be fun at work tomorrow as all the computers go *foop*.

  13. John Doe 1
    FAIL

    Think someone at McAfee is getting MSCE soon

    ...if only just so they can realistically determine which files are critical Windows system files.

  14. Bunglebear
    Thumb Down

    Bugger

    After leaving work at 7.30pm with still lots of machines down and critical deadlines approaching, I think I can join in the movement to hang McAfee from the nearest tree. If it was free, or even cheap, it could be forgiven. But its not. Bugger them all to hell.

  15. pooch
    FAIL

    GOOD JOB MCAFEE

    MCAFEE basically sent a virus out to their entire customer base! MORONS! If i had the decision power behind our software selection for antivirus, i would DUMP THIS PROGRAM!

    Where is their CHANGE MANAGEMENT process? Where is there IMPLEMENTATION REVIEW process?

    I would not be surprised if MCAFEE loses a crap load of customers over this. Their stock is already down .20 cents today. not enough if you ask me. but this is my opinion.

  16. aver
    Flame

    Removal procedures

    Um, we had this impact 20+ machines before we worked out what was wrong.

    I wrote up some removal instructions here:

    http://www.adfrad.com/2010/04/fixing-mcafee-w32wecorla-false-alerts.html

    Good luck eveyone!

  17. theLightCosine
    Thumb Up

    Fix for the 5958 DAT problems

    There is an easy fix for these problems once the machine has been 'bricked'

    Details are available over on my blog:

    http://cosine-security.blogspot.com/2010/04/mcafee-dat-5958-fix.html

    1. Tom 54
      Pint

      20 cents.. not far enough!

      Yeah... .5%... big whoop.. about 50% of my day was crap! Might have to seriously investigate Linux

  18. Anonymous Coward
    FAIL

    O NOES! Is ePolicyOrchestrator...

    ...poised like the Sword of Damocles over every naughty Windows system file in your network?

    http://icanhascheezburger.com/2007/03/28/do-not-want-3/

  19. Mintimperial
    Pint

    Secret of timing is comedy!

    Always nice to make InfoSec a little more... sporting, eh?

    Good work Fellas! :P

  20. DaveTheRave

    What is the best alternative to McAfee?

    Had enough of this shit

  21. Eddie Johnson
    Coffee/keyboard

    Evolution at Work

    Old dinosaur companies that are too slow to respond to years of failure by McAfee are now being removed from the breeding pool. Why do people keep buying this crap? Its not even like its bought and paid for, you have to ante up every year.

    Ever since AVG 8 turned my computer into a POS I've been surfing naked. I've never had a virus scanner find an actual virus since the days of the STONED virus that spread on floppy in the early 90's.

    A nice lightweight, properly configured firewall to minimize exposure area and a browser without flash and Javascript keeps things humming right along. If you want a virus scanner get the lightest, least intrusive one possible and forget about all that prefetch, link scanning crap. It will always be a day late anyhoo.

    1. Anonymous Coward
      Joke

      Alternative

      "What is the best alternative to McAfee?"

      Linux.

      (or a mac before I get really flamed)

    2. Anonymous Coward
      WTF?

      RE: Evolution at Work

      I know I shouldn't feed the troll, but here goes anyway...

      I ain't McAfee's biggest fan - truth be told I ain't a fan of them at all - so I'm not trying to defend them nor any of their competitors, but if you're not using any AV software then how do you know you've not been infected?

      I think user education is more important than any software solution, and I do agree with your recommendation of using a firewaa to minimise exposure, but I'd not rely on the firewall and a Flash-free browser alone to ensure I was virus free.

      Not that I really care as I don't use Windows on my own PCs anyway, but I do have to use this abomination of an OS in the workplace.

    3. Jimbo 6

      Surfing naked ?

      Please, please, please... put some duct tape over your webcam then.

    4. Kevin Bailey

      PLease check out Ubuntu

      If unprotected your machine will get infected - and it's then used to attack our servers. This is why many sysadmins are really p***** off with MS.

      You'll find Ubuntu to be all that's needed.

    5. A J Stiles
      Linux

      Best alternative

      Best alternative to McAfee?

      How about an Operating System where little things like privilege separation and non-executable files are baked in, rather than crude hacks bolted on from the outside.

      And a culture where Source Code is passed around, shared and re-used; as opposed to treated as though it were allergic to daylight, with the consequence that everybody is forced to rewrite common functions from scratch, occasionally missing an awkward edge case.

    6. Lionel Baden
      Coat

      i find bit defender extremly good

      but meh some liek vanilla some like chocolate

      Never had a bug come through with bit defender .. yet

      *touches wood

      mines the one with the anti spam lining

  22. Daniel B.

    McAfee?

    I ceased to use McAffee in 1994, when it successfully destroyed NATAS. .. only to curl up and die because of an "unknown" virus. That "unknown" was DIR II.

    I reverted to MS Antivirus back then (remember CPAV? MS bought them!), and later to Norton. I'm currently using avast!, though I had a brush with ZoneAlarm/Checkpoint... until they also brought upon me a bad false positive. Whoops!

  23. Hi Wreck
    FAIL

    Remind me again

    Why people actually choose windows.

    Signed a happy solaris "downtime, what's that?" user.

  24. Anonymous Coward
    Linux

    What's all the fuss ?

    No problem with OpenSuse here.

    Begin Smugmode.

  25. LPF

    Well that was an afternoon wasted

    At first we thought a virus had hit our Domain controller and pused out to all the boxes. So everyone assumed the best way to avoid it was to update Mcfee..FAIL

    I feel sorry for the IT bods, they will be having to manually fix a couple of hundred network PC's over the next couple of days ! :S

  26. Anonymous Coward
    FAIL

    Someone please sue them....

    I fail to see how they could defend any legal action.

    It would appear even the most basic testing should have picked up it canning a windows system file.

    Go on someone please take them to court for your costs caused by this update. That way they might actually do their job properly.

    Personally I stopped using their software quite a few years ago (having been a fan for quite a few before) as I started having problems with it.

    I've used AVG ever since, never had any issues with their software or any infections.

  27. Tom 54
    WTF?

    bahhh

    Yay.. what fun. So I've stopped the reboots... and now somehow sound does not work and various programs just gave up. It was crazy to come into the office today and have everyone gone.. guess they just gave up and said hey nice weather... wish I could have done that.. but being the drudgen that I am.. I cannot.

    1. Elmer Phud Silver badge

      Smugmode2

      No problem with Windows, either, AVG-using freetard that I am.

      I am now thinking about all the people I know of that have told me they couldn't be botherd with changing thier anti-virus that came with the machine or who say they can only rely on the 'big boys'.

      SmeeeegHeeeeds

  28. Christopher Martin
    Grenade

    Brick?

    "Bricking" reduces the utility of a computing device to that of a brick. It happens to game consoles and shitty phones that are so locked down that software bugs can render them unusable. But how the hell do you brick an average computer? Okay, maybe this means that you can't boot your primary OS. Does it not still boot from other partitions or devices?

    Call me pedantic, but I don't think a device is a brick if you can have it mostly recovered, by yourself, by the end of the day.

  29. Anonymous Coward
    FAIL

    Downgrade to 5957

    tbh that infrastructure security head is the IT equivalent of a shrieker. I'm in a multinational bank with thousands of PCs affected. Boot in Safe Mode with Networking - downgrade using the 5957 superdat (use the /F switch to force the downgrade). If the PC is off the network do it from CD or any removable media but my experience was that 90% of pcs were still on the network. If the svchost.exe file was quarantined copy it back in to %systemroot% from CD also or from C:\Quarantine - it's the 14k file. Reboot and voila.

    Of course you want to stop the 5958 update being deployed too but that's a no-brainer.

    Well done NAI. You're making a habit of this - http://www.theregister.co.uk/2009/07/03/mcafee_false_positive_glitch/

  30. Anonymous Coward
    Grenade

    Where did you get that lovely petard,and 'ow much can it hoist?

    From the McAfee Blog:

    "The faulty update was quickly removed from all McAfee download servers, preventing any further impact on customers. We are not aware of significant impact on consumers. We believe that this incident has impacted less than one half of one percent of our consumer base and enterprise accounts globally."

    And from the McAfee Newsroom:

    "In most developed countries, critical infrastructure is connected to the Internet and can lack proper security functions, leaving these installations vulnerable to attacks. Without the appropriate protection combined with the current lack of preparedness, an attack on these infrastructures would be detrimental and will cause more destruction than any previous cyber attacks."

    Well there it is, by their own words no less.

    It is rumoured that they managed to pretty much take down Intel, and the NYT describes their stuff as 'beserk' :

    http://www.nytimes.com/aponline/2010/04/21/business/AP-US-TEC-McAfee-Antivirus-Flaw.html?_r=2&src=busln

    Is this a good time time for resignations? We have a "recognized authority on cybersecurity" who's company just launched an attack on the availability of every single properly patched copy of the worlds most popular OS that their AV product was installed on.

    Ironically enough, If you did have a machine running McAfee that was compromised by a 'retrovirus' you would have been spared this debacle.

    1. g e

      When is a brick not a brick

      As most electronic devices have a flashable bios of some sort it's likely that most devices, e.g. PSP, etc, could have the chip removed, reflashed good and replaced. Or just replaced.

      Hence also not a brick. Depends on the lengths to which you wanna go.

      It is a brick until it is not a brick.

    2. gollux
      Alert

      Concur...

      I've bricked a system before, not a happy experience. These are not bricked, a quick BIOS change and a Knoppix CD gets you out of most continuous reboot sequences. And allows you to mangle McAfee so it won't start... And allows you to replace svchost.exe... Or whatever else file McAfee decides to eat for lunch that day.

      Besides, I thought everyone had shut off that "Reboot on serious error" cruft that Windows XP ships with after the first bad XP patch got pushed out.

  31. Joe Greer
    Black Helicopters

    We had some systems at other offices damaged

    Our EPO server only gets updates once per day, so we were still distributing 5957, other sites were not so protected. Some admins have the EPO server getting updates every hour and distributing these to the machines every hour, useless.

    With EPO if you need a new dat you manually pull it down and push a new managed update job to all your machines to get the new dat for a critical 0 day.

    I agree McAfee needs to do some better testing and checksum the OS files that are NEVER rogue.

    They also need an option to quarantine/copy a file, so later IT can look at the file attributes to determine who and what downloaded it. Auto deleting viruses is bad. The user downloading the virus needs to be dealt with.

    Now I would like to see one of those comparisons on the TCO between Windows and Macs or Windows and Linux machines. :-)

    The Average Joe

  32. WorsleyNick

    Mcafee.Virus

    Well I have not had a virus in the last 15 years, until now. Now I have had the pleasure of dealing with the Mcafee virus. It affects not just the Enterprise packages, it also affects the Home packages as well. Run a tight ship and you get the Mcafee virus. It looked like I had a virus, so guess what I ran a scan. Bang lost all networking and was not able to run a restore. Now have the pleasure of running an install of the whole bloody operating system. Fortunately it was my netbook with no original data on it.

    How in heavens name did they manage to let that one through testing. It looks like any PC using Windows XP SP3 is affected and the signs of a problem show pretty quickly.

    I suspect that the numbers affected are bigger than Mcafee say, and the people most likely to be affected are those who keep their software up to date.

    1. Joe Riley
      Thumb Down

      Not able to report?

      The numbers of affected users are probably way under what McAfee have published, for the simple fact that those users dont have a functional PC to report the problem, as we speak...

  33. E 2
    Linux

    Hahah Windows lusers!

    Shoulda used *NIX!

    Oh, I forgot, you all benefit from the Windows ecosystems... NOT!

  34. P. Lee Silver badge
    Linux

    I guess this answers the question...

    Should all disks be encrypted?

  35. Andy Towler
    Grenade

    McAfee IS a virus

    If it looks like a duck, swims like a duck, and quacks like a duck...

    Home users: try Avast free version

    Business users: try NOD32.

    McAfee has been causing unnecessary stress in IT departments for well over 10 years. Why do people still buy this crap?

  36. rfc959
    Coat

    on trusting trust

    Why allow something to be installed on all yours computers with out at least sanity checking?

    Keep clicking on the OK button because you are busy, what can possibly go wrong...

    1. Jake Rialto 1
      Thumb Up

      Other free AV sotware suppliers are out there too

      I use Avira

      Good marks on independent AV tests, sits in the background and just ticks along. No fuss.

      http://www.free-av.com/en/download/index.html

    2. gollux
      Coat

      Yes...

      We definitely need to protect all our information, including OS files. You don't want someone coming in with a Knoppix disk and fixing it do you? The sheer horror of it all... ;^)

  37. Anonymous Coward
    FAIL

    Quickly?

    "The faulty update was quickly removed from all McAfee download servers" say Muckufee

    Errrm you might want to re-evaluate "quickly"...

    I am on the platinum support contact list... first I got was an email SEVEN HOURS after this all kicked off...

    Oh and this morning the latest status update email says:

    "Our initial investigation indicates that the error can result in moderate to significant performance issues on systems running Windows XP Service Pack 3."

    Moderate eh guys? Errrrm yeah.

  38. Penguin
    FAIL

    Justification is at hand.

    Ever since I was forced to use McAfee ePO 4.x I insisted that we always run -1 on the DAT. This is the third time that this approach has saved the companies bacon and do I get any thanks? Noooooooo, they still wax lyrical that we ‘aren’t up to date, the network is at risk.’

    Seriously though – I’m glad this has happened (My apologies to all the BOFHs out there cleaning this mess up) hopefully this will convince the company to ditch this POS when the contract is up. And I can go back to real work instead of babysitting 1 piece of software.

    McAfee, Thou art weighed in the balances, and art found wanting.

  39. Big-nosed Pengie
    Linux

    That wqould be Windows PCs.

    I suspect that my Linux PCs aren't affected.

    Let' be a little more accurate in future, eh?

    1. Andy Enderby 1
      Flame

      @ anon 0926hrs....

      Oh wow..... "moderate to significant" ? What constitutes critical ? Smoke and flames billowing from affected PCs ?

  40. fangster
    FAIL

    "Moderate performance issues"

    Er, it removes svchost.exe! That's a lot of vital windows services that stop working (and reboot your machine in some cases, i.e. RPC). My internet stopped working after the forced reboot so I was lucky I had a second PC to try and work out what was going on. I applied the mcafee hotfix suggested which worked for a while but then it quarantined svchost again! I tried to apply the new definition file in safe mode as suggested and it said "Error: No qualifying McAfee products found"! I now use AVG...

  41. TRT Silver badge
    WTF?

    Stop whining

    It's a relatively easy fix. I did the 20 affected machines on our floor in under an hour, on my own, with just a pen drive. OK, it caused all manner of panic when it hit, and I had everyone pull their cables (which stopped the not yet updated from getting the dodgy file) until I had gathered enough info from the support forums to produce a response. Don't let's go over the top here.

  42. Simon B
    Grenade

    Can't boot = a moderate to significant performance issue - WTF!!!

    In a statement, McAfee said the false positive "can result in moderate to significant performance issues"

    Not being able to boot is classed as a moderate to significant performance issue? I call it a complete lack of ANY performance issue due to the fact that if you can't bot your pc ou can't DO anything!

  43. Chris Priest
    FAIL

    Update

    It only seems to affect machines running the 8.7i engine and XP SP3.

    Fortunately we had not rolled out 8.7i to everyone yet, so only a small subset of our machines were affected.

    I found the easiest solution was to copy the dat files from a 8.5i machine with the 5957 dats and also take a copy of svchost.exe.

    Boot machine normally, when you get the DCOM is shutting down crap, open a command prompt and abort the shutdown, open viruscan console, turn off Access protection then go and shut down the Mcafee services.

    Copy the dats into C:\Program Files\Common Files\Mcafee\Engine.

    Copy svchost.exe to c:\Windows\System32

    Reboot, job done :)

  44. TeeCee Gold badge

    Bought a new machine the other day.

    It came with McAfee and one of the first things I did was rip it off with malice aforethought.

    The first thing that came up during the uninstall was a message saying: "You've got a year's subscription here, why would you want to do this?" to which I mentally answered "Because you're shit".

    Turns out that should have been: "Because you're shit and you know you are".

    Can we have a steaming turd icon please?

  45. Anonymous Coward
    FAIL

    Virus or AV

    I love how people arepaying McAfee to basically DOS their machines.

    This sort of impact is a virus writers wet dream and companies have handed over cash for the fun of having their networks taken down.

    Is there any way to reclaim lost earnings / costs of cleaning & restoring from McAfee over this? If not, I would say that there is no real benefit to having their service and you may as well use a freebie package. Even if McAfee only b0rk you once every two years, its still about as often as AVG will let a virus through. The virus risk isnt treated or transferred by using McAfee so why bother?

    Now we just need to stop every home PC coming with mountains of McAfee / Symantec rubish which is almost impossible to remove....

  46. Robert Carnegie Silver badge

    I agree with Joe Greer,

    How about this plan:

    When the tool is installed, the antivirus will securely checksum and store fingerprints of existing executable files, with date.

    When a system file is updated, it is checksummed again.

    A virus signature is given a "birth" date, before which the virus is presumed not to exist.

    If a virus is "detected" in a file whose contents have not changed since before the virus birth date, then it isn't a virus.

    Oh yeah - and they do this test BEFORE they publish the virus signatures to the world.

    Is it possible that somebody in the company was motivated - even paid - to make them look really, really bad?

  47. Velv Silver badge
    Flame

    Linux?

    Perhaps the reason we never hear about similar problems on Linux is that not enough real people run Linux, so when they do go down, nobody notices.

    1. Martin Owens
      FAIL

      Only a few million

      people use various distros and only a few thousand large enterprises.

      Try again.

    2. Chemist
      Linux

      Re : Linux ?

      NEVER happened to me and I've been using Linux, both at work and home since the mid 90s

      Talk about what you understand !

  48. Anonymous Coward
    Coat

    Seriously...

    This problem is really sorting the Sys Admin men from the boys.

    OK.. the error has quite severe symptoms, but the fixes available are all quite simple... even though in some cases you may need to touch every infected machine in the process.

    Though obviously - as already mentioned - anyone running business and enterprise networks should really be staggering untested updates at a bare minimum.

    Mines the one without the P45 in the pocket.

  49. nickel

    Mcafee pushing virus removal service - a conflict of interest ?

    Recently Mcafee on my PC stopped working for no reason. I got mesasges that my antivirus was not current and when I tried to get into the security center it would just hang. I called mcafee technical support and all they did was persistently push this professional service that could remove this so called virus (that only attacks Mcafee). I'm almost positive they pushed this bug to my machine in an update (although this would be hard to prove) and now they want $89.95 to fix it. I agree with another user that when you call tech support they are sales driven instead of customer support driven. Someone should investigate this new professional service they are offering, since they can easily drum up their own business using innocent customers like me. Think about it - download a problem in an update, and then charge customers to fix it. Easy money - don't think it doesn't happen

    1. Sandra Greer
      Happy

      Like what happened in Brooklyn...

      A windshield replacement joint had someone go around breaking windshields, to improve business...

  50. Lee T

    whatever happened to staggered application of updates?

    i'd have thought that the safest way to do things, *especially* in a uniform PC environment, would be to apply *any* updates - OS, AV, any software at all really - in batches, and to keep mirrors of a system every time you do.

  51. Anonymous Coward
    FAIL

    You have failed me for the last time.

    The real irony here is McAfee is rubbish at new detections - every time I upload a suspicious file that McAfee says is not a virus to virustotal.com McAfee is consistently not detecting anything. They have a potentially great solution called Artemis that does a DNS lookup of a hash of a file that, if it resolves, means it's possibly malware, the idea being the second their labs have a hash the whole planet can be aware, however it's crap and I have submitted files to their labs, had them positively identified, an extra.dat emailed to me, deployed it with GPO, and Artemis *still* says the file is clean.

    When I've logged support calls to pull them up about it I've been fobbed off with pathetic techno babble excuses; when pressed they have actually used the excuse that the system was undergoing 'quality control testing'. Well they do fail consistently I'll give them that.

    The double irony is Artemis was a Greek goddess that fought in the Trojan Wars. And lost. Fail.

    To quote Vader, You have failed me for the last time McAfee. When I get back to work I'm looking at F-Secure or Sophos.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019