McAfee false-positive glitch fells PCs worldwide
Posted in Security, 3rd July 2009 22:48 GMT
IT admins across the globe are letting out a collective groan after servers and PCs running McAfee VirusScan were brought down when the anti-virus program attacked their core system files. In some cases, this caused the machines to display the dreaded blue screen of death.
Details are still coming in, but forums here and here show that it's affecting McAfee customers in Germany, Italy, and elsewhere. A UK-based Reg reader, who asked to remain anonymous because he was not authorized by his employer to speak to the press, said the glitch simultaneously leveled half of a customer's 140 machines after they updated to the latest virus signature file.
"Literally half of the machines were down with this McAfee anti-virus message IDing valid programs as having this trojan," the IT consultant said. "Literally half the office switched off their PCs and were just twiddling their thumbs."
When the consultant returned to his office he was relieved that his own laptop, which also uses VirusScan, was working normally. Then, suddenly, when it installed the latest McAfee DAT file, his computer was also smitten. The anti-virus program identified winvnc.exe and several other legitimate files as malware and attempted to quarantine them. With several core system files out of commission, the machine was rendered an expensive paperweight.
A McAfee representative in the US didn't immediately respond to phone calls seeking comment. Friday is a holiday for many US employees in observance of Saturday's Independence Day.
Based on anecdotes, the glitch appears to be caused when older VirusScan engines install DAT 5664, which McAfee seems to have pushed out in the past 24 hours. Affected systems then begin identifying a wide variety of legitimate - and frequently crucial - system files as malware. Files belonging to Microsoft Internet Explorer, drivers for Compaq computers, and even the McAfee-associated McScript.exe were being identified as a trojan called PWS!hv.aq, according to the posts and interviews.
We're still trying to determine how widespread this false-positive glitch is being felt and whether people have found any reliable fixes.
http://www.theregister.co.uk/2009/07...sitive_glitch/
Don't Use McAfee, and really really don't update it
Inde
jiggles
Ahahahahahahahahahahahahahahahahahaha. Amazing.
Shayne Hawke
Quote:
|
Originally Posted by Inde
and even the McAfee-associated McScript.exe were being identified as a trojan called PWS!hv.aq, according to the posts and interviews.
|
![[Morkai]](/static/static/../Img/avatar144860_1.gif){kind=avatar}
[Morkai]
Oh the irony. Thanks Inde.
Bristlebane
Only affected European countries?
It's a conspiracy, I tell you! Conspiracy!
It's a conspiracy, I tell you! Conspiracy!
Elder III
Maybe now peeps will listen when I say to avoid McAfee..... (Norton too btw!!!)
Dakka Dakka
Huh, no problems here. Must be because I live in America.
Ariena Najea
Quote:
|
Originally Posted by Inde
Files belonging to Microsoft Internet Explorer, drivers for Compaq computers, and even the McAfee-associated McScript.exe were being identified as a trojan called PWS!hv.aq, according to the posts and interviews.
|
It's too bad Kaspersky costs so much =(
Brawn Over Brains
Yeah.. these shop bought ones seem to suck ass.
I just use Avast. <3
I just use Avast. <3
The Air Revenger
DAAAAAAAAAAM i was wondering what was going on with McAfee my Laptop is all RED ENGINE GORED ENGINE GORED ENGINE GORED ENGINE GOed up
MisterT69
a program that destroys the computer that it worked so hard to protect. Oh this is just madness...
The Air Revenger
anyone know any good free Anti virus - spyware programs i should use after i try to fix my laptop?
![Ec]-[oMaN](/static/static/../Img/avatar8384_2.gif){kind=avatar}
Ec]-[oMaN
Quote:
|
Originally Posted by Ariena Najea
It's too bad Kaspersky costs so much =( |
refer
This isn't that rare. I've heard of NOD32 doing this one but not on this scale. Usually these things are fixed fast but still cause a mess. I do hate McAfee though and always will. Slow, clunky software with options not in easy to find places, not that resource or detection rate good. I wish they'd just die. In 2000 they had a Spyware finder but it really just found everything BUT Spyware and tried to shred it.
Targren
Quote:
|
Originally Posted by The Air Revenger
anyone know any good free Anti virus - spyware programs i should use after i try to fix my laptop?
|
master of puppets
owch unlucky i myself use McAfee so im gunna take real care or change anti-virus
lol yeah its a conspiricy sounds like terminator like skynet its become self awear and will launch lots of robots 2 kill ppl :P lol its madness....or maybe ive just been watching too many films
lol yeah its a conspiricy sounds like terminator like skynet its become self awear and will launch lots of robots 2 kill ppl :P lol its madness....or maybe ive just been watching too many films
Abedeus
In Soviet Union, anti-virus stops YOU!
Never happened to me. But it did block GW for me once.
Quote:
|
Originally Posted by refer
This isn't that rare. I've heard of NOD32 doing this one but not on this scale.
|
refer
Quote:
|
Originally Posted by Abedeus
In Soviet Union, anti-virus stops YOU!
Never happened to me. But it did block GW for me once. |
Tarun
This happened to AVG earlier this year too.
fenix
I've been telling people to not use McAfee and Norton for ages. Both are trash.
Use Avira. Better/faster than Avast!
That, or get NOD32.
Use Avira. Better/faster than Avast!
That, or get NOD32.
Show Some Skin
mhmm...i have McAfee 
am i suppose to take it off? and if so how do i do it
am i suppose to take it off? and if so how do i do it
lord of all tyria
This is absolutely amazing.
MisterB
Quote:
|
Originally Posted by fenix
I've been telling people to not use McAfee and Norton for ages. Both are trash.
Use Avira. Better/faster than Avast! That, or get NOD32. |
Avira's been great.
Thanks for the link, Inde. That's priceless.
Quote:
|
McAfee downplays service pack fail Virus update leaves PCs unbootable By John Leyden Posted in Anti-Virus, 9th June 2009 15:17 GMT A recent McAfee service pack led to systems being rendered unbootable, according to posts on the security giant's support forums. The mandatory service pack for McAfee's corporate Virus scanning product, VSE 8.7, was designed to address minor security bugs but instead tagged windows system files as malware. The software update was issued on 27 May and pulled on 2 June, after problems occurred. Users were advised to keep the patch if they'd already installed it in a low-key announcement on McAfee's knowledge base. Posts on McAfee's support forum paint a different picture of PCs and server left unbootable after the update had automatically deleted Windows systems files wrongly identified as potentially malign. Our source among the McAfee user community, who asked not to be named, described the incident as a "massive fail" by McAfee and reports that sysadmins are angry that a long awaited patch turned out to do more harm than good. In a statement, McAfee acknowledged potential problems but said that these were rare. It said it planned to reissue the service pack once glitches with the software were ironed out. McAfee removed Patch 1 for McAfee VirusScan Enterprise 8.7i from its download servers out of precaution after a potential issue with the update was discovered. A very small number of customers reported trouble with the patch on a limited number of computers. Once the cause of the problem has been identified and the issue has been resolved, we will repost Patch 1. Customers should contact McAfee support if they have any questions regarding this issue, and check the McAfee ServicePortal for further updates. Problems with anti-virus scanner definition updates that result in false alarms against harmless files are a well known Achilles' heel of security software. The issue causes more trouble in cases where system files are flagged as potentially malign. The problems with McAfee's enterprise security software are arguably even worse than that because they involve a service pack and not just regular definition updates. McAfee users have every right to ask tough questions about the security giant's quality assurance and testing regime even if, as McAfee states, only a small percentage of users ran into problems. |
Update. McAfee says it was "rare."
Tarun
Quote:
|
Originally Posted by Show Some Skin
mhmm...i have McAfee
am i suppose to take it off? and if so how do i do it |
Snograt
To re-iterate what Tarun was thinking but never actually said:
Get Avast!, Avira or (pay for) NOD32. I use all 3 on my various computers and never have a problem with any of them. ...Well, ok - maybe the "once-per-boot" nag adverts from Avira are slightly annoying ^_^
Get Avast!, Avira or (pay for) NOD32. I use all 3 on my various computers and never have a problem with any of them. ...Well, ok - maybe the "once-per-boot" nag adverts from Avira are slightly annoying ^_^
refer
Quote:
|
Originally Posted by Tarun
Add/Remove Programs in Control Panel. Also get the McAfee Uninstaller.
|
Best firewall EVER invented, maybe even best piece of software in general.
Fril Estelin
Quote:
|
Originally Posted by Shayne Hawke
An anti-virus program that identifies itself as a virus? Fabulous.
|
), it was a virus whose payload (the part which does nasty things once the vulnerability has been used) was only to remove the Bagle worm. A virus that disinfects you pc .McAfee is know in the security world as a low-end product. All people who have PCs shipped with it (still many out there) should consider using free alternatives...
rick1027
Quote:
|
Originally Posted by Tarun
This happened to AVG earlier this year too.
|
Harvarti
Quote:
|
Originally Posted by fenix
I've been telling people to not use McAfee and Norton for ages. Both are trash.
Use Avira. Better/faster than Avast! That, or get NOD32. |
Bristlebane
I think you've been confusing this with Antivirus software, it's actually not. Look:
Screensaver91
Trend Micro PC-cilin is the way to go