Feeds

McAfee downplays service pack fail

Virus update leaves PCs unbootable

Top three mobile application threats

A recent McAfee service pack led to systems being rendered unbootable, according to posts on the security giant's support forums.

The mandatory service pack for McAfee's corporate Virus scanning product, VSE 8.7, was designed to address minor security bugs but instead tagged windows system files as malware. The software update was issued on 27 May and pulled on 2 June, after problems occurred. Users were advised to keep the patch if they'd already installed it in a low-key announcement on McAfee's knowledge base.

Posts on McAfee's support forum paint a different picture of PCs and server left unbootable after the update had automatically deleted Windows systems files wrongly identified as potentially malign. Our source among the McAfee user community, who asked not to be named, described the incident as a "massive fail" by McAfee and reports that sysadmins are angry that a long awaited patch turned out to do more harm than good.

In a statement, McAfee acknowledged potential problems but said that these were rare. It said it planned to reissue the service pack once glitches with the software were ironed out.

McAfee removed Patch 1 for McAfee VirusScan Enterprise 8.7i from its download servers out of precaution after a potential issue with the update was discovered. A very small number of customers reported trouble with the patch on a limited number of computers.

Once the cause of the problem has been identified and the issue has been resolved, we will repost Patch 1. Customers should contact McAfee support if they have any questions regarding this issue, and check the McAfee ServicePortal for further updates.

Problems with anti-virus scanner definition updates that result in false alarms against harmless files are a well known Achilles' heel of security software. The issue causes more trouble in cases where system files are flagged as potentially malign. The problems with McAfee's enterprise security software are arguably even worse than that because they involve a service pack and not just regular definition updates.

McAfee users have every right to ask tough questions about the security giant's quality assurance and testing regime even if, as McAfee states, only a small percentage of users ran into problems. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
Burnt out on patches this month? Oracle's got 104 MORE fixes for you
Mass patch for issues across its software catalog
Reddit users discover iOS malware threat
'Unflod Baby Panda' looks to snatch Apple IDs
Oracle working on at least 13 Heartbleed fixes
Big Red's cloud is safe and Oracle Linux 6 has been patched, but Java has some issues
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.