Feeds

McAfee downplays service pack fail

Virus update leaves PCs unbootable

SANS - Survey on application security programs

A recent McAfee service pack led to systems being rendered unbootable, according to posts on the security giant's support forums.

The mandatory service pack for McAfee's corporate Virus scanning product, VSE 8.7, was designed to address minor security bugs but instead tagged windows system files as malware. The software update was issued on 27 May and pulled on 2 June, after problems occurred. Users were advised to keep the patch if they'd already installed it in a low-key announcement on McAfee's knowledge base.

Posts on McAfee's support forum paint a different picture of PCs and server left unbootable after the update had automatically deleted Windows systems files wrongly identified as potentially malign. Our source among the McAfee user community, who asked not to be named, described the incident as a "massive fail" by McAfee and reports that sysadmins are angry that a long awaited patch turned out to do more harm than good.

In a statement, McAfee acknowledged potential problems but said that these were rare. It said it planned to reissue the service pack once glitches with the software were ironed out.

McAfee removed Patch 1 for McAfee VirusScan Enterprise 8.7i from its download servers out of precaution after a potential issue with the update was discovered. A very small number of customers reported trouble with the patch on a limited number of computers.

Once the cause of the problem has been identified and the issue has been resolved, we will repost Patch 1. Customers should contact McAfee support if they have any questions regarding this issue, and check the McAfee ServicePortal for further updates.

Problems with anti-virus scanner definition updates that result in false alarms against harmless files are a well known Achilles' heel of security software. The issue causes more trouble in cases where system files are flagged as potentially malign. The problems with McAfee's enterprise security software are arguably even worse than that because they involve a service pack and not just regular definition updates.

McAfee users have every right to ask tough questions about the security giant's quality assurance and testing regime even if, as McAfee states, only a small percentage of users ran into problems. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.