McAfee clients: do you have the guts?

McAfee clients: do you have the guts?

Summary: McAfee customers whose systems went down yesterday should demand they get given money or an extended licence for the time they had to spend fixing the problem.

TOPICS: Security

blog McAfee customers whose systems went down yesterday should demand they get given money or an extended licence for the time they had to spend fixing the problem.

Yesterday, supermarket Coles said it had been affected by a bug contained in an update of McAfee's antivirus software. Due to this, 18 of its supermarkets had to close for a period of time in Western Australia and South Australia. That's thousands of dollars lost, and all because of a virus definition that wasn't tested properly.

Coles wasn't the only one affected, with the Commonwealth Bank and Virgin Mobile also having problems, and there's likely to be more.

McAfee has already taken the blame and said sorry on its blog, but even then you could see it was trying hard to minimise its embarrassment.

I mean, it even tried to downplay how widespread the problem was.

"We believe that this incident has impacted less than one half of 1 per cent of our enterprise accounts globally and a fraction of that within the consumer base home users of products such as McAfee VirusScan Plus, McAfee Internet Security Suite and McAfee Total Protection. That said, if you're one of those impacted, this is a significant event for you and we understand that," it had said yesterday.

The company has since retracted that statement, changing the estimate to a "small percentage" of its enterprise accounts.

This would have really annoyed me if I was an IT manager for one of what was then considered the "less than one half of 1 per cent". If I was running around trying to get machines up while users sat around and tapped their feet in anger or thousands of dollars in revenue wasn't being made, I would have thought, "You bet this is a significant event for me".

After a situation like that, I would have been thinking: "I want my money back. No, better, I want my time back." And as everyone knows, time costs money. So Coles, Commonwealth Bank, Virgin Mobile and others: do you have the guts to ask for compensation? This is how the corporate world works, right?

[? template('/'.constant('CMS_VHOST').'/common/poll/display_poll.htm', 1620761693) ?]

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • It's not that it was a mistake, it was a horrible, stupid, ugly, should-have-never-happened, virus-scanning 101, mistake.
  • It is a pity to see a large company such as Coles still tied to a vendor of such dubious quality software (Microsoft) that it needs protection from a third party company. I don't think you can blame McAfee for doing their best all these years to protect users from the zillions of types of malware for Microsoft systems. I would expect a few blips each year from suppliers such as McAfee et al .... after all Microsoft in the past has never done too much to aid these security companies in their endeavours. With the awareness of security threats to Microsoft systems now I would think it is time to move to a Unix/Linux solution in the corporate sector, and leave the buggy, virulent stuff to home users who accept it as part of using Microsoft products.
    Disclaimer: I do use Microsoft systems or McAfee applications.
  • @DigiGuy
    You do realise that this problem isn't caused by Microsoft. While MS had its problems in the past, I won't say they're of dubious quality, that's just FUD.
  • @hhandoko - Yes I do realise that the immediate problem is a McAfee one, and it does sound pretty bad and all the IT guys going up the wall .. you have my sympathy. My point is/was that Microsoft has been producing software which is vulnerable to malware/virus/etc even if all system patches are applied, it is too easy to get into nearly all the time.It is inevitable that there will be human error along the way, from McAfee and all the others, this situation will probably repeat at great cost to corporates and the community at large. The USS Microsoft is a leaky boat, it seems that Unix style systems don't have these problems or these needs for third party help. Have a nice weekend.
  • Words like "negligence" and "incompetence" come to mind with this issue.

    Why? Because a whitelist of the checksums of core system files is one of the most obvious, basic things a virus scanner should use to protect against this issue ... yet nobody seems to bother doing it.

    I'm sure Microsoft would gladly provide such a checksum list, and even if they won't it's not too hard to generate one by stepping a machine through every system update one by one and checksumming all changed system DLLs and executables.

    Perhaps McAfee actually does this and somehow failed to include a particular version of svchost.exe in their whitelist. That'd still be pretty pathetic for an outfit of their size and age, but at least understandable. If that was the case, though, you'd think they'd be saying so. I suspect they just don't whitelist.
  • I agree Coles should seek compensation although I think AV on POS is a bit of a bad design, you should design so that the POS (point of sale not the other acronym) can't get infected and any infection is discovered and quickly dealt with.
  • You know what? Last time I worked for a company which required up to date systems to do business (including AV!), we had test systems. You know how many updates, from ANY vendor, got through without a thorough testing? Zero. Not from Microsoft, nor Sun, nor Oracle. If we tested THEIR updates, nobody has any business deploying an update from McAfee to a production system without thorough testing.

    While I understand that people are mad, the current assumption of liability is not on McAfee. If we want that to change, we need to confront the entire industry. And you know what? AV will become a WHOLE lot more expensive.

    This isn't a good thing. Let companies who need high-reliability systems spend the money on testing. Let companies who want a cheap product have it. If Coles will lose a bunch of money if their computers crash, they either need insurance or a good testing department.
  • LionellPackLionellPack:
    The level of testing for AV and security updates in general are a risk balancing act, and with how quickly exploits now appear and a virus/worm can spread, the risk is too high for customers to wait and do a full regression test before deploying virus definition updates. The AV vendors have to have a good automated set of test systems before they post the defs up on their update sites.
    Because of the risk exposure current AV products (all that I've worked with) assume that definitions will automatically become available to clients as soon as the server downloads them, and several make it quite difficult to remove a definition (it's as if they just didn't seem to think that would ever need to be done?).
    For client machines, in a large org, all apps should be packaged and so a machine can just be reimaged (after the def fix is in-plcae) and apps auto-install, for a quick restoration.
    Most servers are another matter, and that's where having AV configured to delete files it can't clean instead of quarantining is just too much of a risk.
    Anonymous reader