McAfee downplays service pack fail
Virus update leaves PCs unbootable
A recent McAfee service pack led to systems being rendered unbootable, according to posts on the security giant's support forums.
The mandatory service pack for McAfee's corporate Virus scanning product, VSE 8.7, was designed to address minor security bugs but instead tagged windows system files as malware. The software update was issued on 27 May and pulled on 2 June, after problems occurred. Users were advised to keep the patch if they'd already installed it in a low-key announcement on McAfee's knowledge base.
Posts on McAfee's support forum paint a different picture of PCs and server left unbootable after the update had automatically deleted Windows systems files wrongly identified as potentially malign. Our source among the McAfee user community, who asked not to be named, described the incident as a "massive fail" by McAfee and reports that sysadmins are angry that a long awaited patch turned out to do more harm than good.
In a statement, McAfee acknowledged potential problems but said that these were rare. It said it planned to reissue the service pack once glitches with the software were ironed out.
McAfee removed Patch 1 for McAfee VirusScan Enterprise 8.7i from its download servers out of precaution after a potential issue with the update was discovered. A very small number of customers reported trouble with the patch on a limited number of computers.
Once the cause of the problem has been identified and the issue has been resolved, we will repost Patch 1. Customers should contact McAfee support if they have any questions regarding this issue, and check the McAfee ServicePortal for further updates.
Problems with anti-virus scanner definition updates that result in false alarms against harmless files are a well known Achilles' heel of security software. The issue causes more trouble in cases where system files are flagged as potentially malign. The problems with McAfee's enterprise security software are arguably even worse than that because they involve a service pack and not just regular definition updates.
McAfee users have every right to ask tough questions about the security giant's quality assurance and testing regime even if, as McAfee states, only a small percentage of users ran into problems. ®
This patch will kill your Lotus Notes
Have a few people who can't use Lotus Notes because the SP1 makes LN crash.
Pretty sad that they only offer a WORK AROUND and not a newer patch to patch the faulty patch.
@Toastan and all others running not running AV
Yes, running at reduced privileges is best practice and will help to reduce the possibility to get infected, HOWEVER this isn't a catch all and shouldn't be relied on as a means not to get hacked or infected.
I guess my question to you Toastan would be, how do you know you have been infected? If it is a small malware with a low imprint, or something that runs in memory, you'd never know without AV or something to detect it, unless you are constantly doing forensics on your system and memory.
Running at reduced rights does offer protection, but if someone gets a foot hold on your system with the rights as you, there are many many ways to elevate privileges.
Don't get me wrong, AV is not as useful as it once was, but security needs to be implemented in a layered approach if you are wanting to do it right.
As for white-listing apps. Good idea, and most AV vendors are starting to include some kind of white listing, issue there is having enough staff to constantly be updating the hash tables as updates and new software versions are released. What if my white-listed app has a buffer overflow or remote code execution vulnerability?
Until everyone starts writing secure code, and validating input, there will also be a exploit code and viruses.
How to run a Windows desktop without AV
Anecdotal evidence only, but me and most of my mates have been running XP like this for years without getting infected: