Faulty McAfee update burns IT execs
The security firm moves quickly to placate companies crippled by its flawed antivirus software.
Less than a week after the security vendor had pushed the flawed update to users, it offered affected business customers a free one-year subscription to its automated security assessment service, and reimbursement to consumers for any "reasonable expenses" related to the incident.
The faulty update, released on April 21, had corporate IT administrators scrambling when the new signatures quarantined a critical Windows system file, causing some computers running Windows XP Service Pack 3 to crash and reboot repeatedly.
McAfee said later that a small fraction of its corporate customers -- less than 0.5% -- were affected by the glitch. But those that were faced a time-consuming repair process. Virtually all of the affected PCs were unable to connect to a network, so corporate support personnel had to manually fix each machine impaired by the faulty update.
An Intel Corp. spokesman said an unknown number of the chip maker's systems were knocked offline by the bad update. He said the resulting problems had a "significant" impact on the company.
"There were quite a few clients, laptops and PCs [affected]," the spokesman said. "We were able to get it stopped fairly early on, but clearly not soon enough."
About 40% of machines used by the government of Washington's Snohomish County were affected by the problem, according to John Storbeck, the county's engineering services supervisor. In an e-mail, he called the incident "a nightmare."
In Iowa, a disaster response exercise was disrupted when the update caused 9-1-1 computer systems to crash, said Deb Hale, a security administrator at Long Lines, an Internet service provider in Sioux City. "Thanks to McAfee, we were forced to test our response to a disaster while in the midst of a real 'disaster,' " she wrote in a blog post on the SANS Institute's Internet Storm Center site.
"This is the worst glitch that I've ever had to deal with," said Ken Whittaker, a desktop support technician at a Michigan university where some 10,000 desktops were affected by the defect. He asked that the school not be identified.
It's not unheard of for antivirus vendors to mistakenly impair software with their updates. Criminals have become so good at switching up their code that companies like McAfee must now churn out millions of signatures in a cat-and-mouse game to identify malware that is in circulation. That leads to errors.
Still, the fact that McAfee allowed a major Windows component to be misidentified demonstrates "a failure in their quality control process," said Amrit Williams, chief technology officer at systems management software vendor BigFix Inc.
"You're not talking about some obscure file from a random third party; you're talking about a critical Windows file," said Williams, a former director of engineering at McAfee. "The fact that it wasn't found is extremely troubling."
McMillan is a reporter for the IDG News Service.
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Gartner Report: A Guide to Gartner's Enterprise Mobile Security Self-Assessment Gartner introduces a model and a Toolkit intended to help mobility and security IT leaders assess their enterprise mobility programs from a security...
- Gartner Report: Containing Mobile Security Risks With the 80/20 Rule IT planners can deliver better mobile protection with higher user satisfaction by segmenting users into risk groups before committing to specific management or...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts