Faulty McAfee update burns IT execs
The security firm moves quickly to placate companies crippled by its flawed antivirus software.
Less than a week after the security vendor had pushed the flawed update to users, it offered affected business customers a free one-year subscription to its automated security assessment service, and reimbursement to consumers for any "reasonable expenses" related to the incident.
The faulty update, released on April 21, had corporate IT administrators scrambling when the new signatures quarantined a critical Windows system file, causing some computers running Windows XP Service Pack 3 to crash and reboot repeatedly.
McAfee said later that a small fraction of its corporate customers -- less than 0.5% -- were affected by the glitch. But those that were faced a time-consuming repair process. Virtually all of the affected PCs were unable to connect to a network, so corporate support personnel had to manually fix each machine impaired by the faulty update.
An Intel Corp. spokesman said an unknown number of the chip maker's systems were knocked offline by the bad update. He said the resulting problems had a "significant" impact on the company.
"There were quite a few clients, laptops and PCs [affected]," the spokesman said. "We were able to get it stopped fairly early on, but clearly not soon enough."
About 40% of machines used by the government of Washington's Snohomish County were affected by the problem, according to John Storbeck, the county's engineering services supervisor. In an e-mail, he called the incident "a nightmare."
In Iowa, a disaster response exercise was disrupted when the update caused 9-1-1 computer systems to crash, said Deb Hale, a security administrator at Long Lines, an Internet service provider in Sioux City. "Thanks to McAfee, we were forced to test our response to a disaster while in the midst of a real 'disaster,' " she wrote in a blog post on the SANS Institute's Internet Storm Center site.
"This is the worst glitch that I've ever had to deal with," said Ken Whittaker, a desktop support technician at a Michigan university where some 10,000 desktops were affected by the defect. He asked that the school not be identified.
It's not unheard of for antivirus vendors to mistakenly impair software with their updates. Criminals have become so good at switching up their code that companies like McAfee must now churn out millions of signatures in a cat-and-mouse game to identify malware that is in circulation. That leads to errors.
Still, the fact that McAfee allowed a major Windows component to be misidentified demonstrates "a failure in their quality control process," said Amrit Williams, chief technology officer at systems management software vendor BigFix Inc.
"You're not talking about some obscure file from a random third party; you're talking about a critical Windows file," said Williams, a former director of engineering at McAfee. "The fact that it wasn't found is extremely troubling."
McMillan is a reporter for the IDG News Service.
Read more about Security in Computerworld's Security Topic Center.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!