Beta

McAfee Anti-Virus Causes Widespread File Damage

Roblimo posted more than 8 years ago | from the who-can-you-trust? dept.

353

AJ Mexico writes, "[Friday] McAfee released an anti-virus update that contained an anomaly in the DAT file that caused many important files to be deleted from affected systems. At my company, tens of thousands of files were deleted from dozens of servers and around 2000 user machines. Affected applications included MS Office, and products from IBM (Rational), GreenHills, MS Office, Ansys, Adobe, Autocad, Hyperion, Win MPM, MS Shared, MapInfo, Macromedia, MySQL, CA, Cold Fusion, ATI, FTP Voyager, Visual Studio, PTC, ADS, FEMAP, STAT, Rational.Apparently the DAT file targeted mostly, if not exclusively, DLLs and EXE files." An anonymous reader added, "Already, the SANS Internet Storm Center received a number of notes from distressed sysadmins reporting thousands of deleted or quarantined files. McAfee in response released advice to restore the files. Users who configured McAfee to delete files are left with using backups (we all got good backups... or?) or System restore."

Sorry! There are no comments related to the filter you selected.

Help! (5, Funny)

vjmurphy (190266) | more than 8 years ago | (#14906880)

I need virus protection from my virus protection!

Re:Help! (4, Funny)

spellraiser (764337) | more than 8 years ago | (#14906939)

Okay - but after you get that, are you still safe?

NO!

You're going to need some virus protection from your virus protection from your virus protection to be absolutely safe.

Thankfully, I am offering those at very reasonable prices. Buy one now and receive a free fragment from the Eiffel tower as a value-added gift.

Re:Help! (-1, Redundant)

Anonymous Coward | more than 8 years ago | (#14907082)

Actually you don't even need active Virus Protection. Just don't use IE and Outlook and you only need to scan the files you download/receive via email or bring from other routes to your computer.

Usually it is even enough that you just don't download any warez/porn/hax0r etc. related programs.

Or you can do what I did. Upgrade to Linux.

Re:Help! (1)

Mistshadow2k4 (748958) | more than 8 years ago | (#14907454)

A common misconception. First of all, some viruses/malware can download straight into your computer while you're just online (the infamous Blaster comes to mind). So obviously you need a firewall. And some programs that are tagged "clean" by some sites can contain trojans aanyway. The only solution against the latter besides antivirus would be to never buy or download any program that didn't come with Windows - and Windows comes with practically nothing as it is.

The real irony here.... (5, Insightful)

cbiltcliffe (186293) | more than 8 years ago | (#14907166)

The real irony is that all the people who are too lazy/stupid/uneducated to update their anti-virus subscription were protected against this.....

Re:Help! (4, Informative)

xtracto (837672) | more than 8 years ago | (#14907393)

What about a *nix firewall [muine.org] with antivirus software on it [f-prot.com] ?

You only need that headless pentium 3 (even a pentium pro could make it!) that you are using to rest your feet ;-), plus you will be able to forget the burden of whatever "ANTI-*.* " software that wastes your precious resources.

Of course that is if you use Windows (for whatever reason, I also do it).

The Risk (4, Insightful)

eldavojohn (898314) | more than 8 years ago | (#14906882)

I think it's funny how on McAfee's site [nai.com] , they list the risk of the virus they are trying to identify:
Corporate User : Low
Home User : Low
Did they forget to include that the risk of installing McAfee Anti-Virus for any user : High?

Wait a minute, it is identifying some system files that Windows put on my machine! I guess the Mac & 'nix freaks are right, Windows really is a virus. I hope it's only a matter of time before my next virus definition assesses Internet Explorer & Windows Media Player as full blown Trojan viruses distributed as malware with my OS.

Re:The Risk (5, Insightful)

Aspirator (862748) | more than 8 years ago | (#14906956)

One of the commonly percieved risks of viruses is that
'they will delete your files'.

In one fell swoop it seems as though McAfee may have deleted more files
than all the viruses it has removed would have.

Re:The Risk (2, Insightful)

Dare nMc (468959) | more than 8 years ago | (#14907054)

>McAfee may have deleted more files
than all the viruses it has removed would have.


go figure, no big system admin has wanted automatic (witout testing) updates for some time, to their OS. I guess sys admins got lazy on testing virus scanner updates before rollouts.

I know I am not alone in turning off all runtime virus protection on my PC, because it has historically had more impact on system stabilty, and speed than most virii. (ok it seams the latest scanners on winXP may actually work...) Wouldn't save me from this problem, except my system scans only occur weekly, so may be luckly my weekly scan didn't occur (I do have nightly complete backups from backuppc.sourceforge.net [slashdot.org] ).

Re:The Risk (1)

dc29A (636871) | more than 8 years ago | (#14906977)

Wait a minute, it is identifying some system files that Windows put on my machine! I guess the Mac & 'nix freaks are right, Windows really is a virus. I hope it's only a matter of time before my next virus definition assesses Internet Explorer & Windows Media Player as full blown Trojan viruses distributed as malware with my OS.

With common sense like not running Windows as root, ditching IE, ditching WMP and not blindly installing every software you find (even if it has flashing (OMG YUR PC IS SLOW GIGGLEHURTZ!!!oneone!!!) you don't need anti-malware on Windows.

Re:The Risk (2, Funny)

AndroidCat (229562) | more than 8 years ago | (#14906990)

Don't worry, just install the new patched version of McAfee. I believe the internal name for this release is called Skynet.

Good thing... (3, Interesting)

Anonymous Coward | more than 8 years ago | (#14906886)

Good thing Mcafee doesn't have liability, via contract, for this mess....

who-can-you-trust? (0, Troll)

suso (153703) | more than 8 years ago | (#14906900)

This is one of the major reasons I use open source software. Its hard to trust corporations who only tell you lies to preserve their public image.

Re:who-can-you-trust? (4, Insightful)

dc29A (636871) | more than 8 years ago | (#14906931)

This is one of the major reasons I use open source software. Its hard to trust corporations who only tell you lies to preserve their public image.

Do you really think Open Source AV can't fsck up your PC if there are bugs in it? And let's be honest, how many people actually look at the source of programs (updates) they install? I am a programmer, and I never looked the code of an Open Source program I installed for the sake of "Let's make sure this update won't fsck up my PC". I look at the code because I am curious to see how they do certain things, or I want to change some annoying aspect of it.

Re:who-can-you-trust? (2, Informative)

MankyD (567984) | more than 8 years ago | (#14906941)

What on earth did they lie about? They screwed up and they're trying to tell you how to fix it. This is not a commercial vs. oss debate - sheesh!

Re:who-can-you-trust? (4, Funny)

MustardMan (52102) | more than 8 years ago | (#14906954)

Quiet you, we'll have no reasonable thoughts in THIS house!

Closed source is teh $at4n... go linux, w00t!

Re:who-can-you-trust? (0)

Anonymous Coward | more than 8 years ago | (#14907474)

Anyone still using Mcafee deserves what they get. It's a horrible piece of crap software and the people still pushing this crap should be shot.

Does this mean... (4, Funny)

creimer (824291) | more than 8 years ago | (#14906901)

That Microsoft Anti-Virus will be deleting McAfee from the system? And, to be on the safe side, also Norton?

Re:Does this mean... (1)

Stephen Samuel (106962) | more than 8 years ago | (#14907108)

Perhaps they were just trying to do a pre-emptive deletion of MS-AntiVirus and set the net too wide.
Oh well... At least it's a commercial package so, unlike Open Source, I have somebody I they can sue when something like this ......

WHAT???!!! EULA?? Yeah, but I didn' think... arrrrgh!

Re:Does this mean... (2, Funny)

rbochan (827946) | more than 8 years ago | (#14907399)

...And, to be on the safe side, also Norton?

You'd hope that the sysadmin would be competent enough to do that.

hijackthis (1, Informative)

Anonymous Coward | more than 8 years ago | (#14906902)

Gotta love McAFee, they also delete hijackthis when I plug my USB key in.

Re:hijackthis (1)

maotx (765127) | more than 8 years ago | (#14907389)

I've never had a problem with McAfee and hijackthis. Also, 4715 isn't even showing up in our records under the ePolicy Orchestrator. Everyone is either at 4716, or if they haven't connected, 4714.

April 1 Already? (1, Funny)

yup2000 (182755) | more than 8 years ago | (#14906905)

I seriously did a double take and had to check the calendar to make sure...

Well... (1, Interesting)

Anonymous Coward | more than 8 years ago | (#14906906)

All I can say is 'wait 'til monday.'

I wouldn't be surprised if this fuckup is a fatal blow to McAfee.

Re:Well... (2, Funny)

MustardMan (52102) | more than 8 years ago | (#14906978)

... by Anonymous Coward on Monday March 13, @09:07AM (#14906906)
All I can say is 'wait 'til monday.'


Heh, now that's funny.

Holy Shiznit (0)

Anonymous Coward | more than 8 years ago | (#14906907)

IT men and women all over the world are shiznitting themselves this morning.

The McAfee developer who screwed this up will surely be fired. What about the QA people in McAfee, aren't they supposed to have seen this or were they just being paid to do nothing? Surely, they should be fired!

I smell a class-action lawsuit coming.

Am I missing something here (0)

His name cannot be s (16831) | more than 8 years ago | (#14906913)

I've heard of a program, some sort of scanner that is supposed to stop rogue programs from attacking your computer, and deleting files.

Oh yeah, the AntiVirus program.

Whoops! Nice Try McAfee.

Doesn't this kinda breach some sort of Digital-Hippocratic-oath? "First,do no harm?"

McAfee.. not.. Nod32... yes (0)

Anonymous Coward | more than 8 years ago | (#14906918)

McAfee is crap, pure and simple. Our ISP uses McAfee as a filter on mail and lets just say I am glad I am running NOD32 on my home machine as it catches on average 1 or 2 virus a month that slips past McAfee. Also we cannot run it on any of the machines that are running video editing as they cause the system all kinds of problems (cpu spikes, general instability).. junk... junk... junk...

Surprisingly, it didn't quarantine itself (4, Funny)

digitaldc (879047) | more than 8 years ago | (#14906919)

If only McAfee had quarantined itself before this disaster, it would have worked perfectly!

Don't use anti-virus! (0, Flamebait)

$calar (590356) | more than 8 years ago | (#14906923)

See, this is another reason why I don't use anti-virus. The truth is viruses don't magically propagate on the Internet, it takes a dummy to do something stupid. Just learn some common sense and avoid these awful programs.

Re:Don't use anti-virus! (1)

Aranth Brainfire (905606) | more than 8 years ago | (#14906951)

Yeah, but you can feel all superior and stuff if you have one that scans every day and can sincerely say that you have never ever gotten a virus onto your system.

Re:Don't use anti-virus! (1)

$calar (590356) | more than 8 years ago | (#14906991)

I have never used anti-virus software and have never gotten a virus in my life. My main reason for not using anti-virus was because it hampered system performance. I really don't think it's that hard to avoid getting a virus, all you have to do is stay up to date with your operating system and don't open executable attachments (it would be even better if you just ignored emails that weren't from trusted sources). The only thing that bothers me are these zero day exploits that even anti-virus software can't stop.

Re:Don't use anti-virus! (0)

Anonymous Coward | more than 8 years ago | (#14907065)

Well, yeah... "all" you have to do is that, plus cripple your web browser (or never use it), and then you can think you're safe.

If you don't run anti-virus software, then you don't know that you've never gotten a virus. Not all of them announce their presence.

Announce. (1)

leuk_he (194174) | more than 8 years ago | (#14907392)

For a announce you need mc-disaster. In annouces regually it found a virus, or sometime just announces the fact that there are dangerous viri on the web.

If it really found a virus is very well discusable. It gives a warning once in a while that some webpage might contain a virus, or some bounced message with an attachment might be a virus.

Anyway, mc-disaster is not the program that saves me time keeping my system clean. It only costs me time. In the short time i ran it in the past it costed me more time than all the combined viursses i have seen. (not that many)

Re:Don't use anti-virus! (1)

rmadmin (532701) | more than 8 years ago | (#14907249)

Just curious... if you don't have an antivirus scanner... how do you know that you've never had a virus before? There are viruses that are passive enough that even a skilled admin might not notice them. :)

Re:Don't use anti-virus! (1)

$calar (590356) | more than 8 years ago | (#14907380)

I use Linux.

Re:Don't use anti-virus! (3, Interesting)

PFI_Optix (936301) | more than 8 years ago | (#14906958)

I haven't had a virus on my XP system in four years, including during my dial-up days.

If you keep your system updated, use a firewall, and just generally understand how the typical virus/worm/trojan works, you're 99.9% protected. However, there's always the possibility that someone will get clever enough to get through that, so I use AVG just to be on the safe side.

Re:Don't use anti-virus! (2, Insightful)

Tibor the Hun (143056) | more than 8 years ago | (#14907147)

That's wonderful news sir. You've just won yourself an invitation to come to my place of work and train 200 40+ year olds to do the same.
Wow, that'll save us tons of cash!

Re:Don't use anti-virus! (0)

Anonymous Coward | more than 8 years ago | (#14907220)

Bah, he wasn't even claiming that any corporate users should follow his advice...

Re:Don't use anti-virus! (2, Insightful)

JazzCrazed (862074) | more than 8 years ago | (#14907354)

Not to mention that you won't know whether or not your computer has a virus if you don't scan it with some sort of antivirus software.

Re:Don't use anti-virus! (2, Informative)

MankyD (567984) | more than 8 years ago | (#14906962)

Actually... they do "magically propagate" when flaws are found in things like Windows SAMBA sharing or Apache's web server (or any server program that you run for that matter.)

Re:Don't use anti-virus! (1)

TubeSteak (669689) | more than 8 years ago | (#14906998)

Wouldn't that make it a worm?

Worm = no user interaction
Virus = user interaction

Hence... virii don't "magically propagate"

Re:Don't use anti-virus! (1)

MankyD (567984) | more than 8 years ago | (#14907057)

Ok, true, a worm. That doesn't change the fact that an infection is possible and that av software works to quarantine it.

Re:Don't use anti-virus! (1)

$calar (590356) | more than 8 years ago | (#14907012)

Those are called worms, not viruses. Besides, anti-virus is only as good as the latest definitions. If you have auto updates enabled on whatever operating system you use, you should be fine. Additionally, a good firewall goes a long way against these types of exploits.

Same as with safety belts (4, Insightful)

Opportunist (166417) | more than 8 years ago | (#14907070)

Every once in a blue moon, some poor person dies because he or she didn't get out of the burning car because of the belt. Then someone will stand up and say "See? I don't use them and if they didn't, they'd live as well. I drive carefully, I don't get into accidents, so I don't need them!"

The problem is, you never know. It's not only foolishness that gets a trojan onto your system. They come with presumably legit software, even from reputable companies. An infected driver CD is all it takes. Shareware CDs or other CDs slapped on magazines, do you think they have a lot of time to make just perfectly sure the programs are clean? A lot of shareware comes bundled with adware, do you read all those EULAs? And do you think they tell the full truth? Can you read through the legalese?

I won't get into system bugs and other exploits.

So yes, you don't really need safety belts. But it sure feels a bit more secure with them.

Re:Don't use anti-virus! (1)

OrangeDoor (936298) | more than 8 years ago | (#14907133)

This is no reason to NOT use anti-virus. You can have an anti-virus program that doesn't screw up your computer with updates. As previously mentioned AVG is one of them. But like a lot of other software there might be occasional bugs, but they shouldn't delete files. You don't have to go with a crappy product by McAfee or Symantec, besides free A/V software there is a lot of quality software you can pay for.

It's naive not to run anti-virus software. For people like me it's not about constant protection from my safe computer using habits. It's for that really tiny chance that something gets by. Not only is it important to have, it's also useless if not kept upto date. New virus attacks are designed to get on a system in the narrow window between virus release and A/V definition updates.

On a different note, another thing to be wary of when useing McAfee... losing internet access. On several occassions I've gone to clients and discovered that either a) McAfee firewall has decided to block Internet Explorer's access to the internet, or b) McAfee is broken and you can't change the firewall settings and manually removing it is the way to get the internet working again. Similar things happen with the Norton Internet Security package, though McAfee's, as hard as it is to believe, is worse.

Not only do these companies break their customers computers (which I get paid to fix as an independent PC Tech), they also provide crappy or non-existent phone "support." Apparently, nowhere in their manual does it say "Prior to rebooting, uninstall McAfee products."

Nortons AV did this to me once... (2, Interesting)

craznar (710808) | more than 8 years ago | (#14906927)

Scanned my Inbox file, and deleted it because there was a virus in it from before I installed Nortons AV.

However - like most AV software, you can put it straight back.

No biggy ..... however I turn off automatic scanning these days... just manually scan every so often.

Re:Nortons AV did this to me once... (0)

Anonymous Coward | more than 8 years ago | (#14907017)

We've had this happen with ppl using eudora, which stores all its mail in one file.

Re:Nortons AV did this to me once... (1)

Nimey (114278) | more than 8 years ago | (#14907041)

Were you using Mozilla, Netscape 6.x/7.x, or Thunderbird? I've been told of that problem on the first two and experienced it on the latter -- even though that installation of T-bird 1.5 had the option to let antivirus scanners remove individual infected attachments.

Re:Nortons AV did this to me once... (1)

craznar (710808) | more than 8 years ago | (#14907079)

I think it was 0.x of Thunderbird where x>=5

It was annoying, because I never install autoscanners, however a new laptop I had decided to have a Norton AV installed that wasn't removable - easily.

Re:Nortons AV did this to me once... (1)

HermanAB (661181) | more than 8 years ago | (#14907468)

Yeah, McAffee did that to me once and I could not put the file back either. That was the last time I use McAffee...

HA! (1)

ramunas (771197) | more than 8 years ago | (#14906942)

Seems I was right in my reasoning NOT to use antivirus software. My reason was that it's just a useless waste of system resources, now it seams not only that, but also a potential danger to the integrity of the system.

There's gotta be a way to blame this on Bush... (2, Funny)

Anonymous Coward | more than 8 years ago | (#14906946)

There's gotta be a way to blame this on Bush. Somehow he was responsible.

Re:There's gotta be a way to blame this on Bush... (0, Troll)

PFI_Optix (936301) | more than 8 years ago | (#14906983)

He'd been drinking, and there was this bird...

Not Bush's Fault, It is Cheney's Fault! (0)

Anonymous Coward | more than 8 years ago | (#14907138)

Since he shot the poor developer, while he was working on this patch, right in the face!

Being shot like that is bound to distract you and cause coding errors!

They asked for it (1)

voice_of_all_reason (926702) | more than 8 years ago | (#14906952)

There's one action that is responsible for almost all computer-related problems -- crashes, virii, corruption -- and that's blindly running code without checking it out first (either yourself if you have the know-how, or waiting for others who do to test it out first).

Ouch.... (4, Interesting)

Araxen (561411) | more than 8 years ago | (#14906959)

McAfee doesn't have the greatest rep as it is but this might be the last straw for them.

Not surprised (5, Interesting)

QuantumPion (805098) | more than 8 years ago | (#14906961)

This is a major problem with anti-virus software. Because of their blacklist model, they have to release definitions and updates very frequently. They have to release these updates as quickly as possible as well, or else their subscribers will be infected with these viruses before they get the updates. In addition, their software is very bloated and complicated, needing to be able to defend against a huge variety of attacks, both immidiate and obsolete. This results in a very error-likely situation. What the network security companies need to work on is an innovative way to effectively protect corporate and home networks without having to use dangerous bloatware.

Re:Not surprised (4, Interesting)

MartijnL (785261) | more than 8 years ago | (#14907100)

Well, Cisco's CSA (http://www.cisco.com/en/US/products/sw/secursw/ps 5057/index.html [cisco.com] ) does the exact opposite: you tell it what is allowed to run and it blocks everything else. It also runs a signature analysis so when something that you hadn't configured yet tries to perform an attack it alerts the user. It can become quite a task however to properly configure and you still need user awareness to keep them from clicking "YES" everytime like they do with every other popup they face (the other option is that you manage everything but then you will get flooded with support calls).

Re:Not surprised (1)

Monkelectric (546685) | more than 8 years ago | (#14907391)

No ... McAfee is just irresponsible. Try another program like Panda or Trend or Avast. I personally think Panda is the best at catching viruses -- but its software is a bit buggy. Trend is a solid performer, and Avast seems to do an ok job but it screws up Visual Studio so I dont use it personally, but I recommend the free version to friends.

For what it's worth (3, Interesting)

shoptroll (544006) | more than 8 years ago | (#14906966)

My computer started rebooting randomly a week or so ago, and is something I've been trying to combat for a while. It would do it when idling or when I was in the middle of websurfing.

I find it interesting that once I disable Mcafee's on-access scanner the system stabilized itself and has been running without a problem for about a week now (I had seen it reboot about 3 times in one day).

Seeing this article makes me more suspicious of the scanner now.

Re:For what it's worth (1)

Stephen Samuel (106962) | more than 8 years ago | (#14907164)

You might want to scan your hard drive for bad blocks.

Re:For what it's worth (1)

shoptroll (544006) | more than 8 years ago | (#14907309)

That was my first guess... Seagate's SeaTools found nothing, same with CHKDSK in Windows Recovery console

Puzzling.

Re:For what it's worth (1)

ehud42 (314607) | more than 8 years ago | (#14907201)

Double check your CPU fans, heatsinks, etc. I had a customer bring their system in because they were absolutely convinced they had a virus. The PC would reboot every time they ran a virus scan. They even managed to find a virus definition online that described their virus.

Turns out the CPU fan was not connected properly, and the strain of performing a virus scan was enough to cause the system to overheat and the BIOS restarted the machine.

Re:For what it's worth (1)

shoptroll (544006) | more than 8 years ago | (#14907322)

I've been thinking about thermal issues but I've checked the internal monitoring software and everything looks normal. Also, I haven't been seeing reboots when playing games like UT2004 which will push my rig towards the limit.

I'm gonna re-enable the on-access scanning at the end of the week and see if the problem re-appears.

Re:For what it's worth (2, Insightful)

High Hat (618572) | more than 8 years ago | (#14907384)

Have you tried running memtest86?

This honestly sounds like a corrupt memory problem.

Other possibility is that you've hard-set the windows swapfile limit...

Re:For what it's worth (1)

shoptroll (544006) | more than 8 years ago | (#14907461)

Memtest86 was run a month or so back, no problem found.

Swapfile limit is currently set to 3 gb on one drive, 3gb on another drive. 1 gb of RAM. I'm pretty sure this shouldn't be a problem based on everything I've read about the Windows swap file

At last ! (2, Funny)

alexhs (877055) | more than 8 years ago | (#14906968)

At last a good AV software removing those virii-ridden bloatware from your computer :)

Why are people complaining ?

Second time in a month (1)

Malc (1751) | more than 8 years ago | (#14906974)

This is the second time in a month, although much worse than the last one. On the 23rd Feb, my mum asked me about an issue where McAfee had just cleaned Firefox of a trojan: Exploit-MS06-006.gen [nai.com] . Turns out that it was a false-positive and it had needlessly truncated some files.

Short this stock? (1)

cyberwave (695555) | more than 8 years ago | (#14906996)

The Market opens in 13 minutes. Should I short McAfee's stock? ...or is it just going to start trading at a shitty price?

Problems with McAfee (1)

NetDanzr (619387) | more than 8 years ago | (#14907004)

This is not the first problem with McAfee I've had this year. A few weeks ago, something started eating my system resources, pushing total CPU usage to 100%. Through trial and error I found that it was the McAfee virus scan. I found others with the same problem, which convinced me that for a change, the problem was not with the user. I ended up uninstalling McAfee and switching to AVG. Just in time, as I can see...

GAHHH! (0)

Anonymous Coward | more than 8 years ago | (#14907005)

WOW lucky me. I uninstalled this AV just 2 weeks ago and switched to the free AVG!

Deletes text files too (2, Funny)

psm321 (450181) | more than 8 years ago | (#14907007)

I had a TEXT file deleted by McAfee just a few days ago. The "virus" that it identified was a different one from the one in this article too. Unfortunately, in the version of VirusScan I have (came with Dell computer) there's practically no configurable options, so I have no way to set it to quarantine instead of delete.

Prompt (1)

_Shorty-dammit (555739) | more than 8 years ago | (#14907009)

Exactly why you set that kind of software to prompt you for the action, if any, you'd like it to take. Get what you deserve.

Re:Prompt (1)

srw (38421) | more than 8 years ago | (#14907118)

That might be fine for the more computer literate user, but... giving a clueless user the option to clean, delete, quarantine, or ignore is a recipe for disaster. Trust me. Yes, from experience.

Who gives them the right? (0)

Anonymous Coward | more than 8 years ago | (#14907010)



Who gives them the right?

You do!

Compensation? (0)

Anonymous Coward | more than 8 years ago | (#14907011)

Great. So THATS why I've been spending all morning fixing Dreamweaver and Microsoft Office. And to think I actually didn't believe the first user that said "... it worked on Friday and I haven't done anything to it".

Now, how do I go about getting compensation from McAfee? A hughe bundle of Sys Admins getting together mayhap?

McAfee Zen (1)

Woy (606550) | more than 8 years ago | (#14907015)

You use McAfee in this day and age, you deserve what you get.

Fond memories from the 90's won't bring your files back.

Saw it coming (sort of) (5, Interesting)

martyb (196687) | more than 8 years ago | (#14907020)

Just last week, in response to: The Trouble With Software Upgrades [slashdot.org] I posted a question [slashdot.org] asking what do you do to protect yourself from automatic updates that go bad... but I got no responses. In light of the current situation, I'd really appreciate hearing some responses, here.

Re:Saw it coming (sort of) (0)

Anonymous Coward | more than 8 years ago | (#14907145)

I just find it funny no one has yet to respond.

Re:Saw it coming (sort of) (1)

tomstdenis (446163) | more than 8 years ago | (#14907186)

Rollback the OS.

First, don't have your homedir on your workstation. Then, don't do auto-updates on the file servers.

Then, for your workstations create images of the disks. Don't let users perform upgrades unless they assume the responsibility for the box. Next, test the update on a limited subset of boxes. If it works then roll it out. If by chance you screwed up rollback to images that are stable and perform the safer updates.

Generally this is trivial with a proper OS distribution like freebsd, openbsd, Gentoo, etc.

Tom

Re:Saw it coming (sort of) (4, Insightful)

simong (32944) | more than 8 years ago | (#14907284)

I don't think there really is a way apart from having verifiable restorable backups of every system prior to patching. I was having a conversation along these lines this morning and the agreed solution was to have an identical test platform and install on that first, allow it to run long enough for any problems to arise and only then implement on a production system. That's the ultra-conservative approach but many years in financial services have shown that that's the only way of being certain.

McAfee's response (2, Funny)

gEvil (beta) (945888) | more than 8 years ago | (#14907028)

Ummm...Whoops?

Good catch (4, Interesting)

blueZ3 (744446) | more than 8 years ago | (#14907048)

I dunno about the rest of that stuff, but the Adobe update manager is a virus in my opinion.

It seems to have "infected" all of Adobe's recent product install CDs. Once it "infects" your computer it displays a popup whenever you open an Adobe app. As far as I can tell, there's no way to shut this off in the latest versions. So I've paid $x00 dollars for Acrobat, and it comes with a virus.

We lucked out (3, Interesting)

PinternetGroper (595689) | more than 8 years ago | (#14907052)

Our main system here downloads the DAT updates at 2 AM every day. As of Friday morning, it had downloaded the 4714 files, then downloaded the 4716's on Saturday morning, completely missing the 4715's. It appears we missed a bullet. Good luck to all the sysadmin's out there working on cleaning this up!

Where should users turn? (4, Insightful)

babbling (952366) | more than 8 years ago | (#14907080)

When the virus scanners act like viruses, what should users do? This isn't the first time a virus scanner has screwed up, and it probably won't be the last time, either.

Furthermore, a lot of virus scanners have an option to "auto-update". Imagine if an entire company had this option turned on.

Virus scanners have always been a bad solution to the problem of viruses. They don't fix the problem at its root. Instead of ensuring their operating system has no known security holes, users now rely on virus scanners to just catch everything that comes through. Any determined attacker could still just craft a custom virus to attack any host they desire. Since the virus scanner companies wouldn't have come across that particular virus, it wouldn't get picked up.

Would you fix the holes in a boat with sticky tape instead of checking that the boat doesn't have holes before you put it in the water?

Nothing new (1)

Sesticulus (544932) | more than 8 years ago | (#14907135)

I stopped using them years ago when after installing it deleted everything in my start menu.

I haven't had any problems (5, Funny)

myth24601 (893486) | more than 8 years ago | (#14907144)

I use McAfee and My system is working fi

Hahahahaha (-1, Flamebait)

tomstdenis (446163) | more than 8 years ago | (#14907156)

Hahahahahahahahahahhahahahahahahahahaha

Hahahahahahahahahhahahaha....

phew...

This is what you get when you have an insecure kernel coupled with the fact most users run as Administrator.

In a real OS you don't have to worry about that because even if the user did get a virus only their accessible mount points would be a problem. Since they can't write to dirs like /sbin or /usr/bin you don't have to worry. ...

hahahahahahahahahahahaha

Tom

Re:Hahahahaha (1)

DextroShadow (957200) | more than 8 years ago | (#14907465)

Hey Tom, Stop sending me bulletins in my mysp, hey wth, c:\ntldr.... a virus? *lost carrier*

Ye don't always get what ye pays for (4, Insightful)

cgenman (325138) | more than 8 years ago | (#14907158)

People percieve paid software to be superior to free alternatives because A: nothing could go wrong with paid software and B: if something did go wrong, obviously the company would indemnify / rectify / fix the problem.

Likewise, the perception is that the more expensive the software (and the bigger the box it comes in) the more protection you are afforded. And that the company won't suddenly decide to change direction / stop supporting the software / etc.

Yet time and time again this is shown not to be true. McAfee uninstalls arbitrary files on your computer (how'd that get through testing?) and just tells users to re-install from backup... exactly the kind of calamity the software is supposed to prevent. Part of WinNT5 was found to violate someone's patent, and anyone using that particular (admittedly rare) function had to pony up to the original patent holder or write a workaround.

As far as I can tell, the "little guys" software tends to be better in general than the big boys. Why? Because they're still trying. Before Norton was Symantec, they struggled to create an amazing toolkit of software tweaks that really did some great things. Now that their position is secure, they've hardly updated the suite to even work with XP, let alone taken advantage of the fixes and hacks that smaller houses have found. McAfee, once a nimble little company making a great little product, has been bloating for years. The more developers you add to a project, the less anyone knows about what the system is doing.

A free alternative that has been around for a long time:
AVG Antivirus [grisoft.com]
There are others. Please post 'em below.

How on earth did this get past QA? (0)

Anonymous Coward | more than 8 years ago | (#14907182)

This is really bad for the QA dept. How hard is it to push a dat file through a test lab. It seems to me that a whole lot of red flags would have immediatly flown through the roof.

We stopped using mcAfee in 98 when they, not once, but twice pushed out a dat file that sent the CPU of every workstation to 100%.

Personally, I'm with those that turn of autoscanning and just run a scheduled scan every week or so. Now in a corporate environment where the clueless thrive it's a different story.

McAfee Haiku? (2, Funny)

ursabear (818651) | more than 8 years ago | (#14907208)

The files they are gone. It seems McAfee ate them. The backup saved us. or The files they are gone. It seems McAfee ate them. Go home from work now.

Auto update sucks (0)

Anonymous Coward | more than 8 years ago | (#14907238)

Some products seem to resist all efforts to disable auto updates. I only use windows for audio mastering and linux for everything else. The box isn't even plugged into my local network 99% of the time. I do that to keep my exposure low. I don't have time to deal with a broken infested PC.

I've turned off every update option I can find but Grisoft AVG still tries to go get updates at times (usually the worst possible time). I have a laptop that I believe was trashed by AVG. Can't uninstall it, etc.

I guess they know best.

OOPS (1)

ROOK*CA (703602) | more than 8 years ago | (#14907262)

"False positives aren't uncommon however, but this is something that should be caught during regression testing. "

Email from the Test Group to Product Marketing:
"Hey when did we announce an uninstaller product?"
Email from Product Marketing to Test Group:
"We didn't"
Email from the Test Group to Product Marketing:
"What are we supposed to do with this then?"
Email from Product Marketing to the Test Group:
"Just Ship the damn thing whatever it is, we're sick of you guys screwing up our ship dates, now go away"

Look out SkyNet (1)

brix_zx2 (955395) | more than 8 years ago | (#14907331)

So McAfee finally became self-aware of M$'s flaws. It's only a matter of time till Bill acquires this knowledge to take over the world. "May God have mercy on their souls."

Don't run windows, it's bad ... 'kay? (1)

elronxenu (117773) | more than 8 years ago | (#14907390)

This is yet another reason to not run windows. If you run windows, the system's so insecure that you have to buy third party applications to check it constantly. These third party applications have the ability to run rampant through your files, destroying critical data without oversight.

Seriously, who thought this was a good idea, to configure these programs to automatically delete system files? There is always a chance of a false positive - identification of a file which does not contain malware. Are viruses so common in the windows world that it's not worth a human's time to confirm detection before files are altered?

And why, oh why, is it necessary to maintain huge lists of virus signatures? If windows kept a list of the correct md5sums of the system files it would become a trivial task to verify the integrity of those files. One would not need a daily update of virus signatures. Can I cynically suggest that the need for constant update gives the anti-virus companies a permanent revenue stream? And what does Microsoft get out of the flood of windows viruses?

Here's a way that Microsoft could design windows to be virus-resistant: designate certain files (system DLLs, EXEs etc) as change-limited. Provide an API into the kernel to permit those files to be changed by windows update software (only when the replacement file is signed by a trusted key). Maintain a file containing the md5sums of all change-limited files. This file would be modifiable only by the kernel.

In this scenario any virus wouldn't get a chance to corrupt system files because it wouldn't have a correctly signed replacement. And even if it did get to corrupt a system file, it would be trivially detected because the md5sum of the corrupted file wouldn't match the expected md5sum. In order for an infection to occur and be undetected the virus would need to work around the kernel file change API and alter both system file(s) and the md5sums file.

This scheme can be implemented for vendor software too. Windows needs some kind of database of installed software. Does it not have one already? (checks system clock: yep, it's 2006). Red Hat had RPM and the installed software database since 1995. That's 11 years ago, and Red Hat were probably not the first to hit upon the idea of a centralised list of all software installed on a computer.

Ethereal too? (2, Insightful)

OrangeDoor (936298) | more than 8 years ago | (#14907421)

Just noticed the screenshot on the McAfee page for W95/CTX [nai.com] . It shows some dlls from the Ethereal program as being infected. Of course those files are in their complete list [nai.com] of affected files, which comes in a convenient easily accesible PDF file as all the most important documents on the web should. It's 7 pages long, but an amusing list to skim through.

Who uses Ethereal [ethereal.com] and McAfee? Just found that funny/ironic on some levels.

Thank God! (1)

DoctorPepper (92269) | more than 8 years ago | (#14907431)

I don't use Windows! :-)

Feeling pretty good (1)

dtfinch (661405) | more than 8 years ago | (#14907456)

I don't use antivirus software, at least for anything more than manual scanning, but for reasons other than this. Antivirus makes Windows slow and unstable, sort of like some malware does, except it does it all the time.

I don't get viruses and other malware, because I don't manually install viruses and other malware. People who do need antivirus software.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?