The Register® — Biting the hand that feeds IT

Feeds

McAfee downplays service pack fail

Virus update leaves PCs unbootable

By John Leyden, 9th June 2009
  • print
  • alert

Agentless Backup is Not a Myth

A recent McAfee service pack led to systems being rendered unbootable, according to posts on the security giant's support forums.

The mandatory service pack for McAfee's corporate Virus scanning product, VSE 8.7, was designed to address minor security bugs but instead tagged windows system files as malware. The software update was issued on 27 May and pulled on 2 June, after problems occurred. Users were advised to keep the patch if they'd already installed it in a low-key announcement on McAfee's knowledge base.

Posts on McAfee's support forum paint a different picture of PCs and server left unbootable after the update had automatically deleted Windows systems files wrongly identified as potentially malign. Our source among the McAfee user community, who asked not to be named, described the incident as a "massive fail" by McAfee and reports that sysadmins are angry that a long awaited patch turned out to do more harm than good.

In a statement, McAfee acknowledged potential problems but said that these were rare. It said it planned to reissue the service pack once glitches with the software were ironed out.

McAfee removed Patch 1 for McAfee VirusScan Enterprise 8.7i from its download servers out of precaution after a potential issue with the update was discovered. A very small number of customers reported trouble with the patch on a limited number of computers.

Once the cause of the problem has been identified and the issue has been resolved, we will repost Patch 1. Customers should contact McAfee support if they have any questions regarding this issue, and check the McAfee ServicePortal for further updates.

Problems with anti-virus scanner definition updates that result in false alarms against harmless files are a well known Achilles' heel of security software. The issue causes more trouble in cases where system files are flagged as potentially malign. The problems with McAfee's enterprise security software are arguably even worse than that because they involve a service pack and not just regular definition updates.

McAfee users have every right to ask tough questions about the security giant's quality assurance and testing regime even if, as McAfee states, only a small percentage of users ran into problems. ®

Steps to Take Before Choosing a Business Continuity Partner

COMMENTS

House Rules Send Corrections
All Reader Comments (33)
Latest Comments
Inachu

This patch will kill your Lotus Notes

Have a few people who can't use Lotus Notes because the SP1 makes LN crash.

Pretty sad that they only offer a WORK AROUND and not a newer patch to patch the faulty patch.

0
0
Anonymous Coward

@Toastan and all others running not running AV

Yes, running at reduced privileges is best practice and will help to reduce the possibility to get infected, HOWEVER this isn't a catch all and shouldn't be relied on as a means not to get hacked or infected.

I guess my question to you Toastan would be, how do you know you have been infected? If it is a small malware with a low imprint, or something that runs in memory, you'd never know without AV or something to detect it, unless you are constantly doing forensics on your system and memory.

Running at reduced rights does offer protection, but if someone gets a foot hold on your system with the rights as you, there are many many ways to elevate privileges.

Don't get me wrong, AV is not as useful as it once was, but security needs to be implemented in a layered approach if you are wanting to do it right.

As for white-listing apps. Good idea, and most AV vendors are starting to include some kind of white listing, issue there is having enough staff to constantly be updating the hash tables as updates and new software versions are released. What if my white-listed app has a buffer overflow or remote code execution vulnerability?

Until everyone starts writing secure code, and validating input, there will also be a exploit code and viruses.

0
0
Toastan Buttar

How to run a Windows desktop without AV

Anecdotal evidence only, but me and most of my mates have been running XP like this for years without getting infected:

http://blogs.msdn.com/aaron_margosis/pages/TOC.aspx

0
0

More from The Register

breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
136
breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
Flash flaw potentially makes every webcam or laptop a PEEPHOLE
But it's a Google problem - Chrome only, insists Adobe
60
Internet fraud still stings suckers
Australians twice as gullible as Americans
36
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
breaking news
Yahoo! joins! rivals! in! PRISM! data! request! admission!
Keep calm and carry on using American tech firms, folks
41
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17