ie8 fix
madison

The Ed Bott Report

Ed Bott
Home / News & Blogs / The Ed Bott Report

McAfee admits "inadequate" quality control caused PC meltdown

By | April 22, 2010, 12:03pm PDT

Summary: If your company uses enterprise security products from McAfee, you probably had a bad day yesterday. If you’re an IT professional at one of those companies, you’re probably still cleaning up the mess caused by a defective virus signature update that disabled XP systems worldwide. The worst part? According to a confidential document from McAfee, the cause was a fundamental breakdown in the most basic of quality-assurance processes. I’ve got the exclusive details.

Update 23-Apr: Late Thursday night, McAfee posted a FAQ on this issue at their web site. The FAQ includes some of the text from the confidential document I received yesterday and is clearly a later version of that document. However, the details of why the problem occurred and the specific steps that the company plans to take to avoid similar problems in the future have been replaced with general statements. I have highlighted the differences in updates below.

As of 6AM Pacific time on 23-Apr, there is still no statement, apology, or clearly labeled link to support resources related to this issue on McAfee’s home page.

If your company uses enterprise security products from McAfee, you probably had a bad day yesterday. If you’re an IT professional at one of those companies, you’re probably still cleaning up the mess caused by a defective virus signature update that disabled systems running Windows XP with the most recent service pack (SP3). The worst part? According to a confidential document from McAfee, the cause was a fundamental breakdown in the most basic of quality-assurance processes.

From an IT perspective, this is a nightmare scenario: an automatic update that wipes out a crucial system file and that can only be repaired manually. I’ve heard from more than a dozen IT pros and consultants over the past 24 hours who shared their experiences. They are, to put it mildly, unhappy.

What went wrong?

That was the question I asked in my post yesterday, and I formally asked a McAfee spokesperson for an explanation this morning. I was told that an answer will be posted on McAfee’s blog later today. As of this writing, that blog post has not been published.

But I found the answer, straight from the source, in a document forwarded to me by an anonymous source. According to my source, the document was “a confidential communication to enterprise customers” sent via e-mail. In it, the anonymous author acknowledges that the screw-up was thoroughly preventable. The document, titled “McAfee FAQ on bad DAT issue,” is written in Q&A format and includes the following exchange:

8. How did this DAT file get through McAfee’s Quality Assurance process?

There are two primary causes for why this DAT file got through our quality processes:

1) Process – Some specific steps of the existing Quality Assurance processes were not followed:  Standard Peer Review of the driver was not done, and the Risk Assessment of the driver in question was inadequate. Had it been adequate it would have triggered additional Quality Assurance steps.

2) Product Testing – there was inadequate coverage of Product and Operating System combinations in the test systems used. Specifically, XP SP3 with VSE 8.7 was not included in the test configuration at the time of release.

Update 23-Apr: The details I quoted above have been scrubbed from the FAQ posted at McAfee’s website. The corresponding section of the FAQ now reads as follows: “The DAT release was designed to target the W32/Wecorl.a threat that attacks system executables and memory. The problem arose during the testing process for this solution. We had recently made a change to our QA environment. Unfortunately, this change resulted in a faulty DAT making its way out of our test environment.”

McAfee has also sanitized the portion of the FAQ that describes its plans to adapt its quality control procedures. Here’s the original text of the confidential document sent to enterprise customers:

9. What is McAfee going to do to ensure this does not repeat?

McAfee is currently conducting an exhaustive audit of internal processes associated with DAT creation and Quality Assurance. In the immediate term McAfee will do the following to provide mitigation from false detections:

1)      Strict enforcement of rules and processes regarding DAT creation and Quality Assurance.
2)      Addition of the missing Operating Systems and Product configurations.
3)      Leveraging of cloud based technologies for false remediation.
4)      A revision of Risk Assessment criteria is underway.

And here is the corresponding text as it appears in the final FAQ, published overnight:

What is McAfee going to do to prevent this from happening again?

Nearly all of our 7,000 employees have been working around the clock to help customers like you get back to business as usual and to make sure this never happens again. The vast majority of our customers are now back up and running and we remain focused on those that remain affected.

We are implementing additional QA protocols for any releases that directly impact critical system files. We are also rolling out additional capabilities in Artemis that will provide another level of protection against false positives by leveraging an expansive whitelist of critical system files and their associated cryptographic hashes.

That is mind-boggling. For enterprise customers, Windows XP SP3 is probably the most widely used desktop PC configuration. Leaving it out of a test matrix is about as close as one can get to IT malpractice. Any enterprise customer who received this document has every right to be furious.

Meanwhile, McAfee’s website is almost completely silent on the issue. Customers who have been affected by the issue who visit the McAfee U.S. home page see business as usual, with a rotation of large ads trumpeting McAfee’s latest products. More than 24 hours after the problem occurred, only a single front-page link is available, and it’s blandly headlined, “McAfee Response on Current False Positive Issue.” If you go to McAfee’s Enterprise home page, there is no mention of the problem and no link to any support resources. An overseas correspondent sent me a screen shot of McAfee’s UK home page, which also has no mention of the issue.

That link leads to a blog post by McAfee’s Barry McPherson, published yesterday at 4:29PM. McPherson seems more intent on praising McAfee’s researchers and minimizing the problem than helping users. He writes: “We believe that this incident has impacted less than one half of one percent of our enterprise accounts globally…” I find it difficult to believe that the company could come up with an accurate estimate at all, much less do so within hours after the problem was identified. It certainly doesn’t match up with the reports I’m hearing from the field.

Update 23-Apr: Yesterday afternoon, the McAfee blog post was edited to remove this reference. The sentence now reads, ” We believe that this incident has impacted a small percentage of our enterprise accounts globally and a fraction of our consumer base…”

From a crisis management perspective, McAfee’s response has been disastrous. If the company truly cared about its customers, the home page would contain an apology from the CEO and links to detailed support information. Instead, it appears that the company is hoping its customers will just forget about it.

Based on the 100+ comments to McPherson’s post, customers who were hit by this error aren’t likely to forget about it soon. And when they figure out that a lapse in the most basic of quality control steps caused them to spend thousands of dollars in IT manpower and lost productivity, they’re likely to be angrier still.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “The Ed Bott Report”

Topics

McAfee Inc., PC, Quality Control, McPherson, Ed Bott

Ed Bott is an award-winning technology writer with more than two decades' experience writing for mainstream media outlets and online publications.

Disclosure

Ed Bott

Ed Bott is a freelance technical journalist and book author. All work that Ed does is on a contractual basis.

Since 1994, Ed has written more than 25 books about Microsoft Windows and Office. Along with various co-authors, Ed is completely responsible for the content of the books he writes. As a key part of his contractual relationship with publishers, he gives them permission to print and distribute the content he writes and to pay him a royalty based on the actual sales of those books. Ed's books written prior to fall 2011 have been distributed by Que Publishing (a division of Pearson Education) and by Microsoft Press. As of November 2011, Ed is a partner in the independent publishing company Fair Trade Digital Exchange, which exclusively publishes his books.

On occasion, Ed accepts consulting assignments. In recent years, he has worked as an expert witness in cases where his experience and knowledge of Microsoft and Microsoft Windows have been useful. In each such case, his compensation is on an hourly basis, and he is hired as a witness, not an advocate.

Ed does not own stock or have any other financial interest in Microsoft or any other software company. He owns 500 shares of stock in EMC Corporation, which was purchased before the company's acquisition of VMware. In addition, he owns 350 shares of stock in Intel Corporation, purchased more than two years ago. All stocks are held in retirement accounts for long-term growth.

Ed does not accept gifts from companies he covers. All hardware products he writes about are purchased with his own funds or are review units covered under formal loan agreements and are returned after the review is complete.

Biography

Ed Bott

Ed Bott is an award-winning technology writer with more than two decades' experience writing for mainstream media outlets and online publications. He's served as editor of the U.S. edition of PC Computing and managing editor of PC World; both publications had monthly paid circulation in excess of 1 million during his tenure. He is the author of more than 25 books on Microsoft Windows and Office, including the recently released Windows 7 Inside Out.

254
Comments
Add Your Opinion

Join the conversation!

Just In

RE: McAfee admits
FAULKNE 13th Oct
Good day to confirm this comment I would appreciate T h e b e s t o f Z D N e t d e l i v e r e d your website very nice to everyone Yes, Oracle is the only one with shared-disk architecture, but that is there advantage. It means you can add or remove nodes and the database lives on. In a shared nothing architecture, if you lose a node, you lose the system. I'm sure Oracle appreciates EMC highlighting their advantage.I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate Awesome post! Thank you very much || thanks for nice content this is really benefit to me.
View in thread
0 Votes
+ -
Contributr
Were you affected?
Ed Bott 22nd Apr 2010
If your company had to spend IT resources fixing this issue, how do you plan to deal with it? Are you considering switching to an alternative security provider?
0 Votes
+ -
Yes...
s_southern 22nd Apr 2010
About 1/3 of our systems still run XP SP3. We evaluated Vista but found it to be too much of a headache, so stuck with XP. We've been rolling out Win7 though, so that helped avoid having all of our desktops taken out (We'll be full Win7 and Ubuntu systems in 3 months).

Although, McAfee having actually tested it properly would have helped more.

When our contract is up, we will, as always, evaluate options. Overall, we're still very happy with McAfee's suite of products (especially Host Intrusion Prevention & ePolicy Orchestrator).

I'd also expect that McAfee won't make this kind of mistake again - it's a difficult and expensive lesson, and one they aren't likely to forget.
0 Votes
+ -
What difficulty and what expense?
softwareFlunky Updated - 23rd Apr 2010
McAfee just swept it under the rug and pretended it never happened. Oh yeah, they fixed the problem, but how much pain, as in monetary loss, did they suffer for this? Not enough! On the other hand, how much pain, as in monetary loss, did their customers feel? Entirely too much! And where is McAfee's customers compensation for their losses? Nonexistent!

Now then, what kind of lesson do you think McAfee really learned?
0 Votes
+ -
Pain's a coming...
AndyPagin 23rd Apr 2010
I bet an army of corporate litigation lawyers are sharpening their pencils in anticipation of the claims for damages (lol, pencils are more reliable than PCs at the moment), those ARE gonna cause Mcafee some pain.
0 Votes
+ -
Some questions for you
D2 Ultima 23rd Apr 2010
Leaving aside how you find Vista to be a headache and Windows 7 to *not* be a headache when they are incredibly close in terms of usability, I do have some more questions.

For one, McAfee is, was and probably always will be a pain to use. It is badly configured, not easy to sort through and often blocks basic system functions while STILL allowing viruses through. While I currently am not working now, up until the middle of last year I had been employed at a tertiary level institute which used McAfee as provided by the government to all large scale businesses in my country. Previously Norton was used, and for certain computers AVG free was installed. Suffice it to say, viruses still managed to hit 95% of all computers in the institute, save my personal laptop (using Bitdefender 2009 and then 2010 beta), three computers I personally installed and configured Bitdefender total security 2009 on, my boss's laptop and most of the servers. I say most, because the file hosting server often would find virus-riddled software stored on it.

What I don't understand is how you find it so useful in your institution? Even my boss found it very annoying. He told me when I entered how Symantec/Norton was doing well. Within a week he was annoyed with it. Then he tried McAfee and said he's happy with it. Two days later he's uninstalling it from his laptop because it's blocking everything on his system and it's a hassle to go and configure everything manually. In the end I think he used AVG Free and left it alone. Most of the systems in the institute were running Windows XP SP3. My laptop used Vista Home Premium SP1 and there were four other computers using Vista Business SP1. Those didn't have many problems in terms of viruses.

Also as for your expectations that McAfee won't make the mistake again, why do you trust them so much? There is another blog here that was written a couple of days ago which confirmed that this isn't the first time this happened with McAfee. I can't bet on the credibility of the statement, but if his job is making blogs, then he probably wouldn't have made a bold statement such as that without good reason.

Also, do you use McAfee on every system in your administration? If you do, how are you sure you have no viruses? If McAfee does not pick up viruses on one computer, it will not do so for any. You could have quite a few viruses that it simply won't detect, and you would never know. What are your thoughts on that?
0 Votes
+ -
Which McAfee are you using?
s_southern 23rd Apr 2010
We use VirusScan Enterprise 8.7, Host Intrusion Prevention, etc... all managed by ePO. We've been a McAfee shop since ePO 2. This is the first issue we've experienced in almost 10 years. The last piece of malware that got onto any of our systems was Melissa/ILoveYou.

That said, McAfee is only part of our overall setup. We use MS Forefront TMG (Formerly ISA server) for proxying and ONLY the TMG systems are allowed to communicate with the Internet. Our firewalls all have outbound ACLs limiting traffic to that which is absolutely necessary and we have the host firewalls on each system locked down in some cases to which processes are allowed to communicate with which hosts/ports.

As for knowing about the viruses, we have other sensors in place that detect any abnormal behaviour on our network or systems, and it's all logged and alerted if necessary. We've gone through the process of documenting exactly what traffic is supposed to be on our network, and anything outside that is flagged as abnormal.

As well, our email gateway uses 4 different scanning engines to detect malware on inbound our outbound emails.
0 Votes
+ -
Better set up than we had
D2 Ultima 23rd Apr 2010
You have more things covered than what I was accustomed to. I honestly don't remember the name of the McAfee we were using, though I remember my boss speaking about ePO numerous times. I don't know what MS Forefront is, though if it regulates gateway traffic we had an Untangle server for that (we didn't have full on government support and our IT budget was considered very low by my boss, though I never knew what it was). The Untangle server only sought to prevent certain uhh... undesirable internet behaviour. It blocked websites that had anything to do with proxies as well. As for the firewall, that was on the untangle server as well, though viruses rarely came from the internet. More often they were from flash drives people used and it spread. We didn't limit traffic because due to it being a tertiary education institute, some people often needed to do research (both students and lecturers). We had an internal e-mail server which eliminated the possibility of outside viruses getting in though. As for Host Intrusion Prevention, I'm really not sure what that one is either, I've never done much with McAfee other than what was required at my job previously, so I'm not sure if we used that or not
0 Votes
+ -
Got lucky here....
OhTheHumanity 22nd Apr 2010
The time my Epolicy Orchestrator and systems update left me some buffer time for the problem to be found by others. I am about a day behind when the DAT's are published. I did disable all updates last night to be safe. I now have serious questions around Mcafee AV being used in this company. And from the looks of it they are reluctant to be fully transparent about it and thats not good either.
0 Votes
+ -
We dodged the bullet too...
DevJonny 23rd Apr 2010
...on our client site for the same reason (the
update was one version behind) so when we did an
update we got fixed one!
0 Votes
+ -
Actually, No, but only because
John Zern Updated - 23rd Apr 2010
of the issues we had a few years ago with McAfee that we decided to switch to Symantec Endpoint Protection (not without it's own idiosyncrasies, but easilly mangaged)

You would think that McAfee would strive to be better then the next guy, only because of things like this.

If we were using this package right now, I would just "go in for a pound" and just make a vendor change alltogether.

It's one thig to have a hickup, something much more serious to take down entire companies and municpalities with a patch.

Admittedlly, I can see this actually helping them internally: They will strive to make sure something like this will never happen again.
0 Votes
+ -
No, our EPO saved our asses.
Tommy S. 23rd Apr 2010
Thanks to our lazy IT HQ we were saved.

The time they take to push an updates through our internal update server is long enough that the issue was known.

We lost a few desktop here and there around the network but all of them were 2nd class users not controlled by the EPO.

But if the **** would have hit the fan we would have lost millions in lost production. I rather not think about it.
0 Votes
+ -
lolkittenz!
DataFerret 23rd Apr 2010
Waiting one day if you have other protections in place sounds like a good idea in this case.

More than one day....
0 Votes
+ -
No, We were Not Affected
jsparo 23rd Apr 2010
We did not update to SP3 so we were NOT affected.
Thank God for that.
0 Votes
+ -
SP2 support will end in July 2010.
Tommy S. 23rd Apr 2010
Support for Windows XP with Service Pack 2 (SP2) will end on July 13, 2010

support.microsoft.com/gp/windowsxpsp2
0 Votes
+ -
All the more reason to use an OLD OS
janitorman 23rd Apr 2010
Such as Windows 2000, which is more stable, more usable, and much better than any other MS OS EVER. People had a lot of problems updating to XP sp3 and a lot of them rolled it back to SP2 because of it. WHY do they have to keep making new stuff that doesn't work when there are old solutions that work fine?
0 Votes
+ -
Uhh... Yeah... No.
D2 Ultima 23rd Apr 2010
Because windows 2000 is not compatible with all of the newest software, for one.
For two, it has limitations on maximum RAM, supported processor types and speed, and other related hardware. It also is far easier to network in newer OSes, and for your information, the most stable OS I've ever seen is Windows Vista Ultimate SP1. Yeah yeah yeah vista bad yadda yadda yadda. No, I don't mean windows 7 Ultimate. I'm sure I typed the right sentence. Please stop cussing and thinking I am an idiot. I don't care how bad you *think* it is, Vista isn't bad at all and is very safe and SECURE. Most stable OS I've ever used. If you're fine with windows 2000, then good for you, but most everybody else will find that it can't do all the stuff they want.
0 Votes
+ -
Not really....
FranC. 23rd Apr 2010
I have had my share of McAfee screw up way back when it was just AOL and Compuserve... I won't even go there today as I really do wish that my ISP would not pick McAfee for their Internet Security Suite. I have no doubt that for every 100 computers protected and saved by McAfee, there are maybe 1/2X that number having some problem or glitch with McAfee. I have learned a lesson. Never let your system automatically do updates or install new software from trusted sources. Even trusted sources are bound to act like the very sources that they are designed to protect you from.
0 Votes
+ -
lucky here
lordshipmayhem 23rd Apr 2010
I avoided it by the simple expedient of using Linux for the production environment, which requires no antivirus. Like many a Windows user, I'm not a MacAfee client.

It is a wake-up call for everyone, though, regardless of whether you're in development or simply supporting the IT: test before you push the upgrade, no matter what application or OS you're talking about, and the more critical the application on the box, the more you should test.
0 Votes
+ -
Dodged a bad situation...
dexter_rivera@... 23rd Apr 2010
our ePo saved me, i disabled our repository from pushing the dat right away and woke up the agents.
0 Votes
+ -
I quit using McAfee years ago. No problem here !
bob4814 23rd Apr 2010
I've been using Norton for years now and I have had no problems on either my home or business computers since I switched.

Way back when I had used McAfee I had repeated problems with supposedly screened viruses getting through. The last straw came with one that destoyed some important data.

I tell everyone ... almost anything is better than McAfee.
0 Votes
+ -
"I quit using McAfee years ago. No problem here"
Damien5280 23rd Apr 2010
It hasn't been quite that long here, but I couldn't wait until the subscription expired.

I prefer ESET myself, but as said above, almost anything is better than McAfee.

The only problems I encounter now is at my client's at home who have it.
0 Votes
+ -
Agreed
BowTech 27th Apr 2010
A bit late to the party here, but I agree completely. I had nothing but problems with McAfee during my first year at this Company. Signatures wouldn't update, malware got through, and it was a complete resource hog. Swapped out for Webroot and haven't had a problem since. Gave McAfee such a scathing satisfaction survey, they actually had a Sr. Manager call me. When I saw this story, it didn't surprise me at all. McAfee is the virus.
0 Votes
+ -
Minor Affter
plovelace@... 23rd Apr 2010
We were affected on 5 of our machines (out of 120) thankfully we had settings as such that it only deleted the file if the user was an administrator... and the update occurred shortly after I was emailed the extra.dat file from my McAfee rep with the warning of the issue.
Although I'm disappointed in the false positive, I'm pleased with the dedication to fixing it McAfee has presented. I do agree it should be all over their website. But, like Symantec, they want to solve it and forget it. I know nobody cares about the non-english versions of Windows, but just a few years ago, Symantec crippled Chineese versions of Windows XP far worse than McAfee did this thanks to a false positive.
0 Votes
+ -
Whew
Midnight04 23rd Apr 2010
As an individual user, I was not affected but I remember working in my university's computer lab before I got my own system and a worm crashing the entire system, inconveniencing students and faculty and costing several people their un-backed-up data. We are at the mercy of you fellas and we expect you to care about this.
0 Votes
+ -
I wasn't affected
D2 Ultima 23rd Apr 2010
I no longer work in an IT institute, but I stopped using McAfee for quite a while. I would always suggest Bitdefender Total Security to anyone wanting to properly protect a system. My credibility in promoting it after the recent update scenario taking out many x64 version OSes is hurt though, but as far as I know they released a fix, and a repair install returned files if they were deleted...
I've tried McAfee, Norton, Panda Titanium, Avast!, Avira, AVG (free and paid), Kaspersky and Black Ice, but in the end Bitdefender is the best for me. And it does everything I could want.

Just my two cents though. I couldn't handle McAfee's horrors even if it were at virus busting as my Bitdefender
0 Votes
+ -
WinXP32WMESP3: Have Multiple probs after McAfee Fix
tombeall 23rd Apr 2010
Win XP32 Professional MCE SP3 is OS with Intel Q6600 on Dell XPS720. Many problems. Previously Task Manager reported 62-67 processes running, now only 37. Cannot open Restore Console to go back to earlier version; Windows defender error 0x800106ba; Malwarebytes Anti-Malware runtime error '372' failed to load 'vbalGrid' from vbalsgrid6.ocx; unable to copy from main C: drive to 2nd hard drive with Windows Explorer; Acronis True Image Home 2010 error #1722 "The server is unavailable (0xFFF0); no Windows help available; unable to access home network; no internet; unable to open internet and network wizzards to reset connections; back-up on network NAS drive is inaccessable; Add-Remove programs shows files but will not remove. Other programs will not open. May have to reinstall Windows XP (7 not available to me yet) & loose all. May be able to do a Windows Repair if lucky. Waiting on calls from McAfee Tier 2 Support. Sent them this info & they have to check with "technicians".

UNBELIEVABLE!
0 Votes
+ -
What a nightmare! Sounds like a rebuild.
Joe.Smetona Updated - 26th Apr 2010
I purchased a SATA/IDE to USB converter with Power Supply from Buy.com for $33.12 with shipping.

The Buy.com SKU is 205631284

Startech is the Manufacturer.

I have purchased several different manufacturer (cheaper) converters over the years with mixed results.

This particular one stands out as far as reliability and construction. It appears to always mount properly and hasn't given errors during file transfers.

It may help retrieve your data if you can't boot and have to wipe the disk and re-install.
0 Votes
+ -
McAfee Response was good.
herbsmith@... 23rd Apr 2010
I recieved my first e-mail notification about three hours after the DAT was released. (Don't know what time McAfee knew of the issue, I assume and hour or two after release.) With 90 minutes of my first notification I was recieving updates from their automated systems and at least 3 live people. By the end of day I dozens of e-mails from more sources than I could track. Some were rushed out with incomplete info or too few details. But overall an good effort. Extra.DAT to help limit damage was out promptly. Various Fix directions came out all afternoon, some better than others. An automated fix SDAT.EXE was available by 6 pm. Central and enhanced overnight. My support contacts were answering e-mail questions promptly.
The quality of the information provided could have been better. But the quanity was more than sufficient. Not unlike the problems with the first news reports of any major disaster, the initial reports are filled with half truths and inaccuracies. Not because of malice, but just rushing things our. People want answers before things have been investigated.
I also got the FAQ your referenced. It is too bad that some PR flack or lawyer watered it down. They screwed up. They need to acknowledge that and fix it. It sounds more like they have process problems rather than just one worker violating the rules. It also appears that more than one good practice was violated, which is normally the case when things go wrong. It is not one mistake, but serveral all at the same time that lead this kind of disaster.
I hope they get the act together
0 Votes
+ -
No. I run Mandriva Linux. I don't have that crap.
Abetterfuture 25th Apr 2010
And I also don't pay for ineffective antivirus-software.

Life's better on this side happy
0 Votes
+ -
Yes - affected but caught it early - only 9 PCs down
JohnOfStony 26th Apr 2010
At about 4:50 pm UK time we (IT dept) received a call to say a PC had gone down. I gave the usual advice - turn it off, wait a few minutes and turn it on again. Within 5 minutes we received another similar call with similar symptoms. All our MS updates are "prompt first" so we knew they were not responsible. Other possibilities were a virus - but that would be taking many PCs down, or an antivirus update. We chose the latter as the probable cause and immediately disabled automatic updates on all vital servers and PCs. We were lucky; none was affected. Moreover, as our workday finishes at 5 pm, most user PCs were switched off before they had chance to be affected. In all a further 7 (9 total) PCs were affected, one a director's laptop being used off site.

Our saving grace was the fact that our computers have staggered update times so simultaneous mass updates do not occur.

I wonder whether McAfee will survive the bad press and possible law suits against them.
0 Votes
+ -
Nope
Alan Smithie 26th Apr 2010
OpenSuse running fine here.

PS Ed any comments on J Perlow's latest blog ?
0 Votes
+ -
RE: McAfee admits
beijing2008 Updated - 14th Sep
Wah, I really want to read this, but I'm too busy to do so. replica hermes
0 Votes
+ -
We use McAfee but dodged this bullet
toadlife Updated - 22nd Apr 2010
Apparently the issue only happens if a specific option , "Scan Processes on enable" is turned on. This option is turned off by default in the EPO policy for McAfee virusscan (I don't know if it is turned off in the standalone install of McAfee), and I did not turn it on, so our machines were not affected even though they all pulled the bad DAT file.

We wanted to switch from McAfee to Microsoft's Security solution but we had just renewed (right-hand not talking to the left-hand) our McAfee license for two years a couple of months prior, so we are stuck with McAfee for awhile.

Even though we lucked out this time, this incident just reaffirms my opinion that we need to move away from McAfee.
0 Votes
+ -
Forefront vs McAfee
s_southern 22nd Apr 2010
How did you find Microsoft's management & reporting compares to ePO? ePO is, for us, the best reason to use McAfee over competitors.

Our contract is up in October with McAfee. Our Select Agreement with Microsoft renews at the same time...
0 Votes
+ -
I don't know or care
toadlife 22nd Apr 2010
We have four (3.5 if you factor in the dumb one) techs and 1200 desktops and a myriad of servers and other systems to support.

The reporting in EPO is cool, but we really don't make much use of it. I have a custom EPO dashboard that shows the KPIs for McAfee that I am interested in, but they are pretty basic. I would be shocked if Microsoft's product didn't support that level of reporting, especially considering the reporting that is available for the other products that we use (WSUS/SCCM).

My main gripe about McAfee for the past few versions is VirusScan bogging down machines when they update their DAT files. Microsoft's solution didn't do this when we all tried it in our office. In the IT dept, we all have older desktops with single core processors. When VirusScan updates it DAT file our machines become absolutely unusable for at least five to ten minutes.
0 Votes
+ -
Yep....
OhTheHumanity 22nd Apr 2010
I have heard a few people complain on older systems that the update slows them down for a while. I will be doing the same when our contract expires and looking for a new AV package. The EPO is good, but I can live with out it.
0 Votes
+ -
Thanks
s_southern 23rd Apr 2010
Good input... we won't be doing our evaluations until August, but I appreciate the responses!

Thanks!
0 Votes
+ -
Sounds like they didn't follow their own procedures
Lerianis10 22nd Apr 2010
And I am very sure that quite a few people at McAfee are going to lose their jobs over this issue.

This falls into the category of 'Stuff that should never happen to a computer running your software'.
0 Votes
+ -
Earning a New Name for themselves: McGaffe! [eom]
mejohnsn 23rd Apr 2010
eom
0 Votes
+ -
McAfee is junk
HollywoodDog 22nd Apr 2010
I formerly worked at Symantec on Norton Antivirus. I
didn't fit in at the company and only was there a year,
but I extensively used a number of antivirus products.
Norton Antivirus was generally very good. McAfee is crap.
0 Votes
+ -
I dumped norton
janitorman 23rd Apr 2010
as it's always been a dog, but the MANDATORY update to 2009 or 2010 screwed my system up good. WHY don't they leave well enough alone?
Apparently it was written for Vista, and xp machines lack a neccesary file and it won't even INSTALL on them.. causing paying customers grief. Dumped mine for AVG. Never should have used anything else, but had some systems that came pre-installed with Norton and kept them. Dumb, I know. I still have a windows 2000 machine I like VERY much, much better than an xp or vista machine WITH AVG on it, no problems. Why can't these companies QUIT DOWNGRADING TO NEW CRAP we don't need?
0 Votes
+ -
I'd had to be that QC team right now
eagle747 22nd Apr 2010
It is going to be a looooong day.







www.cubecheck.com
0 Votes
+ -
RE: McAfee admits
CustomerSupport 22nd Apr 2010
The customers who were affected don't care if "less than one half of one percent of our enterprise accounts globally..." Even if it was "less than one half of one percent" I know many organizations that were hit hard, very hard! Thanks to McAfee for keeping the IT support professionals employed!
0 Votes
+ -
RE: McAfee admits
gwconnery@... 22nd Apr 2010
Barry McPherson has posted a new blog post. Once again instead of apologizing or explaining what really happened he a) tries to make us feel sorry for him, b) shills for the company--always been there for you blah blah blah, c) downplays the actual impact this has had.

BTW as side notes:
- I tried to post an angry retort but for some reason it never showed up! (I assume they're censoring, which means the number of posts might be much higher)
- Of the two links he offers for guidance on dealing with the issue, one of them isn't even valid. His own quality control is somewhat suspect...
0 Votes
+ -
Forefront....
jessiethe3rd 22nd Apr 2010
Best decision we made.
0 Votes
+ -
Contributr
Reminder: Please don't feed the trolls
Ed Bott 22nd Apr 2010
It just makes more work for the moderators.

If you see an off-topic comment whining about Linux, don't bother replying. Replies get deleted along with the off-topic original.

Thanks for your support.
0 Votes
+ -
Reminder: Please stiffle conversation
fredb 23rd Apr 2010
If you don't acknowledge the fact that Linux and Max OSX users were not affected by this major screw up maybe they'll all return to the flock.
0 Votes
+ -
This is bad
jscott418 22nd Apr 2010
This is really bad considering it mostly affected enterprise systems. You really have to wonder who running McAfee these days. Heads should role over this!!
0 Votes
+ -
No, it is Worse than Bad: it is McGaffee!
mejohnsn 23rd Apr 2010
And no, heads should not 'role'. Head should ROLL.
0 Votes
+ -
RE: McAfee admits
petemitchell 22nd Apr 2010
Both Symantec and McAfee are the worst companies to buy AV products from. Neither gives a rats ass about their customers, and their products are beyond trash.
0 Votes
+ -
RE: McAfee admits
FAULKNE 13th Oct
Good day to confirm this comment I would appreciate T h e b e s t o f Z D N e t d e l i v e r e d your website very nice to everyone Yes, Oracle is the only one with shared-disk architecture, but that is there advantage. It means you can add or remove nodes and the database lives on. In a shared nothing architecture, if you lose a node, you lose the system. I'm sure Oracle appreciates EMC highlighting their advantage.I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate Awesome post! Thank you very much || thanks for nice content this is really benefit to me.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix