McAfee issues fix, and apology, for hosed XP SP3 PCs

McAfee issues fix, and apology, for hosed XP SP3 PCs

Summary: Security vendor McAfee has published a fix for the definitions update that triggered a false positive and rendered XP SP3 systems unusable.

SHARE:
32

Security vendor McAfee has published a fix for the definitions update that triggered a false positive and rendered XP SP3 systems unusable.

The definitions update, labeled as "5958 virus definition file" was released at 2.00 PM GMT+1 (6am Pacific Time) on Wednesday, April 21. This update incorrectly detects svchost.exe as malware. Problems resulting from this include:

  • Continuous reboots
  • Missing taskbar
  • Loss in internet connectivity

McAfee has issued a fix, available here. There's also a forum thread that users can take advantage of for support and to vent their frustrations.

Barry McPherson, McAfee's executive vice president for worldwide technical support & customer service, had the following to say:

In the past 24 hours, McAfee identified a new threat that impacts Windows PCs. Researchers worked diligently to address this threat that attacks critical Windows system executables and buries itself deep into a computer’s memory.

The research team created detection and removal to address this threat. The remediation passed our quality testing and was released with the 5958 virus definition file at 2.00 PM GMT+1 (6am Pacific Time) on Wednesday, April 21.

McAfee is aware that a number of customers have incurred a false positive error due to this release. We believe that this incident has impacted less than one half of one percent of our enterprise accounts globally and a fraction of that within the consumer base–home users of products such as McAfee VirusScan Plus, McAfee Internet Security Suite and McAfee Total Protection. That said, if you’re one of those impacted, this is a significant event for you and we understand that.

Our initial investigation indicates that the error can result in moderate to significant issues on systems running Windows XP Service Pack 3.The immediate impact on corporate users was lessened for corporations who kept a feature called “Scan Processes on Enable” in McAfee VirusScan Enterprise disabled, as it is by default, though those customers could also be impacted when running an on demand scan.

The faulty update was removed from all McAfee download servers within hours, preventing any further impact on customers.

McAfee teams are working with the highest priority to support impacted customers. We have also worked swiftly and released an updated virus definition file (5959) within a few hours and are providing our customers detailed guidance on how to repair any impacted systems.

An apology is all well and good, but the fact that yet again we see that a security vendor can push updates to customers that can disable PCs shows that there's a serious problem with how these firms go about testing updates before letting them free into the wild. The impact that this problem will have had on affected users is great, and represents greater disruption that most malware would present.

If these firms want the trust of being able to push updates to systems that can potentially cripple systems, we as customers need far greater transparency as to what testing is done on definitions before they are released.

Topics: Windows, Hardware, Microsoft

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

32 comments
Log in or register to join the discussion
  • RE: McAfee issues fix, and apology, for hosed XP SP3 PCs

    Where was the apology? Did I miss it? All I saw was how little a group of people it affected. I felt that they said to basically get over it and move on.
    simpleone71
  • RE: McAfee issues fix, and apology, for hosed XP SP3 PCs

    Thank you for the info. I lost connectivity for wireless after their "Urgent update". Luckily I had a long cable to connect to. I have been waiting for their tech support for about a half hour now.
    kevinger
  • RE: McAfee issues fix, and apology, for hosed XP SP3 PCs

    I was hit at home last night. I had finished the upload and waited until late to run a scan.
    What is funny (yes there is a funny part) is that I had checked my e-mails and saw a zdnet bulletin about McAfee, but decided to not read it until lunch today. Yeah. I could have avoided the whole mess that is waiting for me to get home to fix.
    gsmcten@...
  • RE: McAfee issues fix, and apology, for hosed XP SP3 PCs

    They also shutdown a 911 center, different update I suspect:

    http://isc.sans.org/diary.html?storyid=8671&rss

    Not that it's their fault necessarily, the IT people should have been on top of this. It does however highlight a problem.
    bwalker
  • All QA is relative - and they disowned theirs!

    Classic problem - get it out fast or take time to fully test against all the possible configurations.

    Also, since they are testing THEIR systems and are likely configured as to how THEY recommend them - and not how people actually do - real easy to miss something like this.

    Do they have two hundred physical systems with different software and hardware and configs and test against them or just a base system with just XP and run against it?

    QA is very expensive in time / hardware when done right.
    TAPhilo
  • RE: McAfee issues fix, and apology, for hosed XP SP3 PCs

    Are you listening Dell, HP and other OEMs. Stop shoving McAfee down the throats of your new customers/users. Small wonder McAfee screwed up, the products they crank out are so bloated, all they seemed determined to do is take over your PC, and constantly nag you with issues responsible PC owners should be managing anyway. Let's not talk about resource hog. I'll stick with ESET thank you very much.
    Looks good on McAfee, but I feel sorry for their victims. McAfee products are so bad, they have to pay others to give them away!
    jeffsoltor
    • exactly!

      Some of my clients were hit by a similar problem a few days ago.
      MicroSoft issued an 'update' and it detected a virus and stopped the
      update in mid stream, hosing the clients computers. Who can we blame
      for that? After all, we knew it was Windows so is it other user's fault?
      john_gillespie@...
    • McAfee...

      In my experience doesn't find and fix the viruses anyways. Dump McAfee and use MalwareBytes / Vipre.
      Lost Cause?
      • Reply to: Lost Cause?

        Everyone should go out and by PC Cillin from Trend Micro. It is by FAR the best antivrus/spyware/malware yadd yadda yadda out there; it is worth every penny and you can install it on more than 1 computer (i think up to 3 comps)
        jmcess@...
  • Any idea how many were affected by this?

    McAfee said that 0.5% of McAfee users were hit by the
    update. Taking into consideration that they're playing
    with numbers, this seems really low.
    How many machines were affected? Most reports say 40% of
    their machines. Certainly I, and many in my company, were
    hit by it.

    Anyone want to have a guess?
    Proj65
    • Re: Any idea how many were affected by this?

      My company lost about 25% of the PCs. Some were saved because they were powered off but most because they are still on SP2. Sometimes it pays to be slow in innovation... ;-)
      pa@...
  • get over it

    Get over it, it's Windows!
    So you paid your MS tax today. Move on.
    john_gillespie@...
    • RE: get over it

      And the Linux troll strikes again. Go read your Computer Shopper and stop bugging the working world.
      jimmycap
  • RE: McAfee issues fix, and apology, for hosed XP SP3 PCs

    I first read this story on MSNBC News, before looking it up on ZDNet. It's starting to look to me like we might as well trash the Security Software, and let all the other critters through.
    What I find the most shocking, is that it's one of the world leading security vendors this time. I'm surprised I haven't seen more of this frome the likes of Microsoft Security essentials, or AVG Anti-Virus Free Edition, which are both free packages! Oh Dr. Solomon, why did you dissappear!?
    Nookhoek
  • Root cause

    McAfee must deliver adequate testing before delivery. It is part of the product.

    Many companies and software developers think of testing as a minor part of product delivery. They staff testing with less experienced and less capable people. Wrong choice.

    I learned from my friend Roger many years ago that if testing fails to find any problems, then testing has failed.
    pwatson
  • McAfee issues fix and apology...hosed XP SP3

    Of course McAfee should get a healthy dose of static for bungling it. But
    also note that it happened on a nine-year-old operating system, two full
    versions ago. I don't like giving Microsoft money either, but how long
    can XP-ers cling to the past?
    bstaud@...
    • re: clinging to the past?

      XP may be a 9 year old OS, but you have to consider that MANY people opted to skip completely over the next OS they offered, Vista, because it was such a poor release!

      Therefore, for quite a few corporate AND home users, there wasn't a sensible choice for an upgrade from XP until Windows 7 came out. And at least for corporate users, most consider it foolish to rush into an OS upgrade without waiting for at least 6 months or so, to make sure any "show stopper" type bugs are discovered by the early adopters and taken care of. Combine all that with the poor economy - and you've got exactly what you're seeing now. LOTS of people still running XP and just now gearing up for a migration to Windows 7 as they replace aging computers.
      kingtj
    • Clinging to Past?

      As long as it keeps playing World of Warcraft, there is no reason to upgrade . . .
      LadyGray
    • Numbers count

      XP is still the most popular OS out there, and by a substantial margin. The units affected are also running the latest MS Service Pack released but two years ago, so this is hitting diligent boys and girls. If those factors don't qualify for heightened scrutiny on the McAfee testing radar, I'm not sure what would - or should.

      [i]Of course McAfee should get a healthy dose of static for bungling it.[/i]

      Congrats for getting that part right.
      klumper
    • XP SP3 is only 2 years old.

      [b] [/b]
      AzuMao