McAfee update causes havoc among PC users

Anti-virus programme maker McAfee Inc. has admitted that its update for a number of virus-scanning products caused havoc Friday in corporate and consumer systems using the virus protection products when a virus definition file triggered the quarantine or deletion function for several executable files, including Microsoft's Excel.

Posted : Tue, 14 Mar 2006 10:12:00 GMT

Author : Roland Waite

Technology News | Home

NEW YORK: Anti-virus programme maker McAfee Inc. has admitted that its update for a number of virus-scanning products caused havoc Friday in corporate and consumer systems using the virus protection products when a virus definition file triggered the quarantine or deletion function for several executable files, including Microsoft's Excel.

The problem occurred when the company released its DAT file -- or virus definition file -- No 4715 as part of a daily updating routine and intended to refine McAfee anti-virus products' capability to catch the W95/CTX virus. In a matter of minutes, the company's customers started seeing an unusual number of files being quarantined or deleted by scans using the newly-released update.

While excel.exe was the most affected, the list of exe files released by McAfee as having affected by the update was of seven pages. Users complained that the anti-virus programme tried to remove files including Perl, Sysinternals' PcTools suite, various Oracle binaries, Dell OpenManage, Google Toolbar installer and programs that run Macromedia Flash Player, Sun's Java application and Adobe update manager.

The system either deleted the concerned files or removed them into a separate folder as per settings decided by the user. McAfee claimed the files were moved or deleted during scheduled or manual scans and not during background scanning.

The company said it had reports from some 100 customers and it immediately released an updated definition file, DAT 4716 and a tool designed to restore automatically all the wrongly quarantined files.

McAfee said the problem arose in updates for VirusScan Enterprise 8.0i, 7.1 and 7.0; Managed VirusScan 4.0 and 3.5; Virus Scan Online 11 and 10; Linux Shield; and VirusScan 7.03 (consumer). As a result of the error, the update identified the files as W95/CTX, a virus discovered in 2004.

McAfee's director of operations at its AVERT Labs Joe Telafici said the flawed update went out at 10.35 PST Friday and in about two hours, the company started getting reports of the malfunctioning. The company pushed its corrected update a couple of hours after that at 3.28 p.m. PST, he said.

Telafici said the quarantined files could be restored with the corrected update, but deleted files would require a more elaborate procedure. The company has suggested on its website that users should go to a backup or use Windows XP's System Restore feature to roll back the machine to a point before the flaw occurred.

The flaw seems to have happened as a result of what is described as "false positives", which are common in spam detection. It mostly happens as a result of mistaken identity -- when a security researcher finds a malicious file and tags its filename as belonging to a virus or worm, but does not realise that the same filename can be used by a legitimate program.

Telafici said this was a combination of unusual circumstances. "There was one byte off in a signature, and there was a hole in our testing process."

More...

Article : McAfee update causes havoc among PC users
Print this article
Email this article

Share on

Del.icio.us

Digg

Facebook

Fark

Google

reddit

Slashdot

StumbleUpon

Have your Say

Name
Email
Subject
Your Comment
Enter Verification code

Your Comments

Bullshit
By: Jason , Sun, 19 Mar 2006 16:05:36 GMT

Hello everyone. I did not have this problem, but other people I know did, and they got a brand new hard drive for their computer befoe they got to read this.... I think that is bull. I think McCafee should check over their work before they release it to millions of computers... I used to have Mcafee, but I switched over to Norton Anti-Virus. They never have any problems, and they check ther updates before they release them.

Scan virus
By: Nguyen Huu Truong , Sat, 18 Mar 2006 01:04:13 GMT

I want scan virus for Mcafee

McAfee Mess
By: seamus scanlon , Thu, 16 Mar 2006 21:34:21 GMT

I think its fair enough if McAfee made a mistake but when I contacted online help they did not mention what happened and gave me partial solutions which I could not implement on the spot because one of the consequences of the Dat file problem was I could not access the web.
Regards
Seamus

hey let's sue!
By: fawn , Tue, 14 Mar 2006 20:45:18 GMT

Why don't ya'll just chill!!!??? I've been in the industry for 25 years and testing software and hardware for 3/4 of that time. Until you walk in our shoes, you're not going to realize just how hard it is to find every possible thing that can possibly cause a problem!! Come on, we're all human so give them a break. Or are you willing to lose your job, the next time you make one mistake????

Bizarre customer service
By: satish , Tue, 14 Mar 2006 20:19:45 GMT

Its highly dubious service offered by online mcafee software service provider. i have recently donwloaded internetecurity 8 version. the software behaves in a peculiar manner by which it doesnt indicate its presence in the system neither does it indicate the presence of a new version being installed in the computer. my older version is 6.0 and it still runs on old DAT files. whatz the point in buying a new updated version and still being run by a old version.

Its high time Mcafee got its act together. taking customers on a joy ride whereby taking them for bunch of no brainers could prove costly for your business.

Developer
By: Brandon , Tue, 14 Mar 2006 19:25:16 GMT

I have version 7 of Mcafee and it stopped my ASP.nET web sites from working. This has cost me quite a bit of money, not including the 120 dollars I have spent on thier crappy product, I will never purchase Macafee again, Microsoft/Sun should be forced to include security/virus software in their OS and purchase it from Mcafee or another vendor and include in their own phase of testing before release, I agree they should be sued, they cost me thousands

McAfee's update 10 Mar 06
By: Jim furlong , Tue, 14 Mar 2006 16:57:30 GMT

The problem was and is I deleted folders that I felt may have caused the problem "virus", My update put all the deleted files into delete not quartine is McAfee's coming "clean" or are they circling the wagons. I spent two days trying to get things straight and if I had not come across this story I would still be lost.
At the same time MSN Webroot spy ware updated to a newer version of software so I didn't know if it was the virus protection,spyware or one of my normal sights I visit. Too say the least I am not a happy camper. I am Pi--ed.

Mcafee Internet Security Suite 8 upgrade
By: stefan kahl , Tue, 14 Mar 2006 16:55:55 GMT

I have had MISS versions 6 and 7. I store bought Version 8 upgrade and installing it crashed my computer several times. Also, this is a bogus product as it requires a connection to the web for the upgrade download which is not packaged in the box. I have nothing but computer problems with V8 and McAfee tech assistance of all types were useless. A class action suite is again warranted. I will never buy another McAfee product.

Outgoing mail
By: Brad Knight , Tue, 14 Mar 2006 14:29:05 GMT

I am having problems with scaning outgoing mail - I receive an error message and the scaning window appears but no activity is seen and the window cannot be colsed with the X

More Technology News click here

Choose Theme

You can

Current News

News Category

Business

Entertainment

Environment

General

Health

Sports

Technology

World

Press Release