A version of the McAfee antivirus software used in the corporate and public sectors misidentified the svchost.exe file in Windows XP systems as malware, sending the affected machines into a loop of restarts. Only users of McAfee VirusScan Enterprise on Windows XP service pack 3 were affected, but the fallout was pretty severe, with hospital and police systems among those taken down.I’ve noticed that “geek elite” types tend to be a little more blase about malware than the general public, both because we can guard against it better by not falling for the same old tricks, and are generally more qualified to recover from a malware infection. Personally, I don’t use a virus scanner on my Windows machines, because I run them as a sort of disposable environment anyway. My first line of defense is using the latest version of Windows, and updating automatically. Then, it’s Google Chrome, which makes the web a much less likely attack vector. Then, webmail only, with Google Apps and Chrome again, eliminating email as a likely point of attack. After that, I rarely install software on that machine, since the internet has made running client software a lot less necessary than it used to be. Though I download a lot of files, I don’t download executables very often, and, crucially, I can tell the difference. And whenever there’s a big new Windows release, Windows has probably been a little crufty anyway, so it’s a reformat and clean install. Most of my files are kept on a NAS RAID anyway.
But virus scanners are an important security blanket for most people, and particularly for organizations that don’t have the luxury of enforcing the practices that I apply to my own computer. Though this latest McAfee brouhaha was particularly severe, false positives are not at all uncommon for virus scanners, and of course they’re famous for slowing your computer down.
Now, scammers are using the confusion sown in the wake of the McAfee screwup to further victimize McAfee users, using Search Engine tricks to fool users into downloading new malware payloads thinking that they’re McAfee updates. In the ongoing cat and mouse game to protect the non-vigilant from their own computers, I’m afraid there will never be any true safety, outside of an iPhone-like walled garden, or a complete move to a network-computer paradigm, such as my method, which involves rarely downloading any executable, and keeping the internet safely sandboxed in the browser.
But a computing world that’s safe for the n00bs is a heavily compromised world wherein people don’t really control their own computers, and the tinkering that made our industry great falls by the wayside. Is it worth the tradeoff? What do you think?
I also don’t run anti-virus at home. I find most anti-virus programs only slow the computer down and provide little protection. Best practices like yours makes the difference.
I live in Kentucky and this story hit here Tuesday. McAfee shut down most police stations, hospitals and governments. Though honestly, I couldn’t tell the difference.
I also don’t run anti-virus at home. I find most anti-virus programs only slow the computer down and provide little protection. Best practices like yours makes the difference.
I have FireFox with AdBlock+, FlashBlock and NoScript addons enabled, I am careful with what I download, and I have an external firewall. Haven’t had a single virus or malware infection for years now
I have installed the same addons on my mother’s laptop and showed her how to use them and explained a bit on good security practices, as I have always explained to all my close relatives too. None of them have had virus or malware issues for the past few years.
It’s amazing how many people seem to completely lack any kind of common sense when browsing the web, taking everything there as a 150% fact, filling their details on even the most obvious scams and so on. With even just a tiny bit of explaining of good practices they could be so much safer. Unfortunately, there is no established way of easily obtaining such knowledge, even at schools they just get taught how to use Frontpage Express or how to play Quake/Farmville, and it seems most people aren’t even willing to learn! I have never understood why; is it really such a bother to have to learn something useful?
you seem to be informed in matter of computing, are you as in formed in matters of law, medicine, history, religion, world geography, people in your community, internal workings of your own body?
not everybody can be expected to have the same amount of above average knowledge in each and every field.
not everybody can be expected to have the same amount of above average knowledge in each and every field.
Where did I even claim everyone should? But obviously, when it comes to computing and Internet everyone should have atleast the slightest clue as to how to surf securely yet people don’t seem to be willing to learn. That is NOT the same thing as asking for them to know the inner workings of a computer or such, you know.
If you try running a large company without antivirus, you are an idiot. Lets assume that you are 99.9% vigilant against all threats without anti virus. That’s great! You’d need to be confronted with 1000 virus attempts in order to be infected once. Maybe you’d encounter 1 attempt a month. So it may take 83 years before you get a virus, you’ll probably be ok.
Now what if there are 1,000 employees who are using the same method against viruses and they also see one virus attempt a month. They’ll see 1000 viruses a month, and one of them will be infected.
You need more 9s. Antivirus is an easy, cheap way to get more 9’s. ( that is when it doesn’t go berserk and destroy your system like mcaffee. )
No kidding, especially when there are employees that will do the exact opposite of what they are told out of spite or apathy.
Education is good but can’t beat education and protection.
There has also been malware that got past adept users through system exploits. You don’t want to be the company that is rolling out anti-virus software on the day of an outbreak.
I work for a small company and we do use anti-virus here. But guess what. It doesn’t work against malware. I don’t remember the last time anybody actually got a virus. Year 2000? Most of the time it’s those “Anti-Virus malwares” you get when surfing the internet. Several times a week somebody gets a pop-up stating that their hard-drive is infected.
CTRL-ALT-DEL, close program.
No, you’re an Id10t if you’re running a company using Windows OS, expecting McAfee or Symantec to keep you safe.
An Id10t? Do you have pubes yet?
Yes. But if you use anti Virus to keep you safeer you then correctly understand security is about risks and trade offs rather than absolutes.
But, yes I am talking about what to do to improve security on windows. What do I recommend to people like me? –Fedora.
That’s why you don’t see many geeks writing geography books or performing surgery. Most people, however, seem to think they can do computing tasks without knowing how to use a computer.
Unfortunately, no amount of automated tools can mitigate their lack of understanding nor common sense.
I think your comments synthesizes the overall situation.
Let’s take a car as an example:
Everybody drives a car, people don’t have to become an Engineer to drive a car, but they do have to get a minimum training in order to drive a car safely (and be allowed to drive at all).
While you can drive a car without any previous training, it’d be dangerous (at least until you get the hang of it).
So, no, people don’t have to become geeks in order to use a computer and surf the web, but they should at least get some fairly basic training to do it safely.
Computers are complex things that do all sort of stuff and are only getting more and more used in people’s daily tasks, so if they want to use them to access their bank accounts and do whatever they do with their computers, knowing how to do it in a sacure manner would, at minimum, make the web a little safer.
It’s about time they start teaching Internet Safety in school instead of Microsoft Word how-tos.
Edited 2010-04-23 18:59 UTC
I don’t think it’s about everyone learning technology to the degree that Warecatf does but to the minimum level of understanding that mother and other relatives have. With your example, I’m not required to know biology to the degree of a doctor but there is a bare minimum required including how to feed myself. I don’t require a laywer’s knowledge of law but I also have a minimum knowledge needed and can’t claim ignorance of the law as an excuse. My own example often said; “you don’t have to become an F-1 race car pilot but you do have to learn to drive a car”.
I’d suggest that most of the threats would be negated by people gaining a minimum amount of knowledge instead of simply knowing how many popups they have to click before getting to the porn shots.
The key word here is ‘average knowledge’ … like in medicine, if you get a cut, you should at least know how to disinfect it. When it comes to computers and the Internet, most people don’t even have this equivalent knowledge.
There is a big difference between knowing how to set up a firewall with custom rules and just basic stuff, like knowing not to double click on a .exe file that promises you nude pics of Megan Fox.
“There is a big difference between knowing how to set up a firewall with custom rules and just basic stuff, like knowing not to double click on a .exe file that promises you nude pics of Megan Fox.”
Oh crap!
Someone is in for a big pay day for new OS installs after this then.
That makes you very gullible. You can run AV software with resident protection off. This means real-time scan is disabled and will not slow down your computer.
I never used to run AV software too but it’s a bad practice. It won’t hurt to right-click and scan downloaded file, “just in case”. Since real-time scan is turned off, I haven’t noticed any slow downs.
Edited 2010-04-23 23:23 UTC
If you have a fast enough system, realtime scanning really doesn’t slow you down noticeably. I know I can’t tell a difference at all when I’m on XP, and I’ve got a mediocre Core2Duo with 2GB memory and a GeForce 8400GS. Hardly a speed demon compared to current i7 systems, but more than enough for my needs.
The exception would be for gamers who want that extra three FPS for bragging rights or whatever. If that’s an issue though, Avast now has a “gamer mode” that stops the realtime scanning for you when you game.
someone has understood that windows is a malicious virus infesting our computers
I believe it is properly named a “backdoor”
Why exactly are important services, like hospitals and police, running Windows and relying on Antivirus? Yet more proof that we’ve got idiots in charge I guess.
whats the alternative? solaris? 🙂
the question to me is why were these computers configured to auto update? any update should first go through a process to make sure nothing breaks before being allowed to spread to all the computers in an organization.
And it is why you pay for support and testing from them. They reality is, most of these corporate user don’t have proper IT department.
The best way for them would be a network anti malware solution. Blocking them in a gateway before they are installed. Signature check can be done on packet too, not just files… (and yes, it does slow your internet connection and your intranet, but just as much as anti virus slow your computers).
Well, my original comment didn’t quite come across the way I’d intended, and the edit timeout bit me. I meant to stress the and, as in why are they running Windows *and* relying on Antivirus *instead* of locking the systems down? That’s what the policies and mmc are for after all and, while they can be a big pain in the ass and obscure at times, they’re far more effective than any Antivirus could ever be. Lock them down, then use a gateway/firewall/network-based AV solution to check traffic from the outside in. split the subnets, so that if they do have a public access point it doesn’t get anywhere near the corporate environment. Lock down the browser, forbid the user to install *anything*, and do not let any existing software automatically update. These steps would eliminate the need for per-system antivirus if they really must use Windows. If they’re going to secure their Windows machines, they need to do it right.
Which leads us to the next question, why does one need to lock down the system in the first place. Why is it not delivered with services off by default and configuration hardened. Why am I turning the majority of stuff off instead of turning just what I need on?
In terms of auto-updates, was this a program patch or something delivered through Mcafee’s signature updater? It seems to be a signature issue that decided svchost.exe was malicious. Antivirus is probably the one category of software that should be updating it’s signature files and scanning engine automatically. This puts the responsibility on McAfee for pushing a bad signature file update.
If it was something like a bad Windows update, I’d be all over the municipality asking why they don’t have compitent IT. For an AV data file update it’s more understandable.
They tried that with UAC on Vista, and we all know how well that was received.
Much of that grief was third party software not updated to function in the Vista security model. Microsoft’s choice to make UAC intentionally annoying in a hope that consumers would pressure third party developers. They could have implemented it in a better way. Even so, the default config and software installs on Windows versions.. allow all, deny none – then leave it up to the consumer to make the system safe.
It was an signature update that came from McAfee.
Patch Tuesday was last week, and there haven’t been anymore released for Windows clients.
McAfee DAT 5958 Update Issues
http://isc.sans.org/diary.html?storyid=8656
Even if everything you just said made sense, its still wrong. Why? HIPAA requires antivirus for all the reasons you don’t understand.
You really think they had a competent admin… they probably can’t afford one with the politicians sucking up all the money.
Never mind, your other post clarified your statements nicely
Edited 2010-04-23 20:00 UTC
Take it from someone who works for law enforcement: Local government IT is a joke. The IT managers in my county honestly think that Linux itself is a virus because their MCSE instructor told them so. A few years ago they sent out a system-wide email discouraging employees from running Avast and AVG on their home computers because “free antivirus software can damage your system and cause you to become more infected”. Why the hell they cared about our home systems I’ll never know, as they don’t allow any sort of VPN or other connections from home users to the county network.
It’s gotten so bad that Criminal Investigations and Crime Scene have their own separate networks that are not allowed to be touched by County IT; they had to do that just to be able to work without being locked down by WebSense every ten minutes.
Hospitals generally don’t create their own software and 3270 and 5250 dumb terminals are gone, so most use Windows to access the main computer.
It’s not as though the Hospital Information System is running on a Windows server, but they still need proper access to the HIS.
Most core Windows system files are malicious!
Just a joke, Happy Friday!
This is the story of a company that doesn’t test its products in every escenario.
As a software developer I can tell, it can happen to any of us.
Edited 2010-04-23 17:52 UTC
WindowsXP SP3 with McAfee Enterprise.
That’s really not an obscure combination. I’d say it’s one of six basic setups that should have been checked. Maybe there is a third factor in there that triggers the issue but that detail hasn’t hit the news outlets yet it seems.
Virus scanners are notorious for false positives. It is the drawback to the ‘search for what we know is bad’ mentality.
I was recently at my university’s computer lab working on a C++ program assignment when their Symantec scanner warned me that the program I compiled was malicious. It was a very simple program that computed and drew out a triangle based on three lengths. Nothing complex (under 400kb total) and certainly not a virus. I had named the executable based on the chapter, page, and problem I was working on. Symantec told me this was a trojan downloader and removed the executable.
False positives will always be a problem in the current antivirus market. Personally, I choose not to use antivirus and instead I simply do not install anything that does not come from a trusted source. This solution obviously won’t work for everyone, though.
Indeed, it’s very annoying to compile a program just to be told what a virus it is. (How? I wrote it!) Blame bad heuristics and overzealous AV dudes. Worse is that antivirus slows everything down badly, moreso on “old” single-core P4s. It’s unbearably slow, you can’t even hardly use the computer while it’s running! Also, it’s just not sensible to rescan the entire HD every single day, esp. when a big chunk is archives of old service packs or non-executable files, etc. Gah, so frustrating!
But malware attacks have been very strong and frequent lately, and I’ve noticed XP seems to be a common target. It’s sad, really, that some people find it fun to hurt others for profit. 🙁
In the days when it was about fun the tricks tended to be humorous rather than harmful. malware is big business today though and the profit motivation is far more enticing to organized crime. It’s not about deriving fun but deriving profits. There are some incredible geniuses working on the criminal side and rivaled only by the incredible geniuses working the defense side.
I’ve heard more cases recently of XP users being hit with malicious code through Myspace/Facebook. Hackers don’t even have to look for new exploits when there are plenty of people surfing social networking sites that have updates turned off.
I find nearly all antivirus programs do more harm than good. The ones that cost money are huge, bloated, useless junk.
The world’s best Windows antivirus program is free from Microsoft, you can download from http://www.microsoft.com/security_essentials.
Security Essentials (SE) is a small (yes a Microsoft program that is small!) and as close to perfect as any antivirus program I have seen. Gee, why don’t they make this a standard part of Windows 7 rather than a hidden free program that you have to find and install? Well, I would guess they don’t want to hurt the big-buck anti-virus businesses like McAfee and Symantec. Wake up and use the small simple fast Microsoft Windows Antivirus that works. Forget all of the others. As a double check, I run Malwarebytes over night to see if Microsoft missed anything.
Remember the ONLY way to fix any Windows problem: reinstall Windows, Microsoft Security Essentials, free registry utility apps from download.com, and all of your apps. Next time you reinstall make sure you partition your HDD into 2 partition C: for Windows and apps and D: for your files. Then next time you need to reinstall, quick format the C: drive and reinstall. All of your files are intact on the D: drive. No need to recover them from backup.
Every computer maker delivers to you one big whopping drive where you store your files together with the world’s most popular computer virus … Microsoft Windows. STUPID!
Store all of your stuff on the new D: drive and backup those files to your flash drive, NAS drive, and online. Microsoft gives you 25 GB for free on Skydrive. Just Google for “free online backup” and you see a lot.
I like humyo.com. Semi-easy to use and lots of free online disk space before they charge you.
Wouldn’t it be nice to have a black net box that does all of this geek stuff for you automatically? My new start-up BlackNetBox.com (no website yet) will make a beautiful cube 3-node network computer that does everything for you (backup, virus protection, defrag, registry fixing, updates, testing, reinstalls, etc) behind the scenes silently so you always have a 3 perfect PCs working together for you. It automatically recovers from both software and hardware crashes. Hey, maybe I should call it a Mac. 😉 No, I call it the XCUBE. Stay tuned.
Wouldn’t it be nice to have a black net box that does all of this geek stuff for you automatically? My new start-up BlackNetBox.com (no website yet) will make a beautiful cube 3-node network computer that does everything for you (backup, virus protection, defrag, registry fixing, updates, testing, reinstalls, etc) behind the scenes silently so you always have a 3 perfect PCs working together for you. It automatically recovers from both software and hardware crashes. Hey, maybe I should call it a Mac. 😉 No, I call it the XCUBE. Stay tuned.
*sniff sniff*
What’s this smell..?
*sniff*
Smells like vaporware.
Smells like frying SPAM.
Last third party testing I saw didn’t put MSE too close to the top. I couldn’t see if it was false positives or missed bits it had issues with. AVG, Avast and Avira all rank higher and provide free tools.
MSE is very light on resources though and not entirely ineffective. I run it on my home machine rather than fly naked. We’ll see if it holds up over time.
Oh come on that is a ridiculous assertion.
Security Essentials cannot compare to something like Nod32 or Kaspersky. MSE is great for the price but does not offer the same level of protection. Try Nod32 if you want something light.
Or if there’s a malware masquerading as a core Windows system file, get down and dirty and purge it manually if need be: go to a command prompt (in safe mode if necessary), do a search for all files with the hidden, system, and read-only attributes on, then delete the culprits. And if you’ve got Norton Commander for Windows 95 running on XP or later, it will read NTFS partitions and display hidden files all the time.
Microsoft could have made this feature standard during Windows installation that if setup detects more than one hard drive it offers to put My Documents in the second drive, instead of users going out of their way to do this on their own after Windows is installed.
This issue is still being tackled by our IT dept days later because it hit hundreds of computers all at once. I got out of it on mine because they keep the windows installation files on the computer so a quick terminal expand svchost.ex_ svchost.exe and copy to system32 / reboot got things up and running.
Did anyone see the ‘Trojan.Fakealert.5’ problem which affected Bit Defender (and related virus scanners) a month or so ago? Basically after updating the virus signatures, every system file was identified as malicious. Caused a lot of people a lot of problems. Thankfully Bit Defender is mainly used by home users.
It was a daily definitions update.
I love how the ubergeeks say “simple, don’t run an antivirus/windows”. Yeah, that’s great, you’ve obviously never worked a day in a corporate IT environment, and apparently never will.
Linux is not the answer. Fine for some servers/applications but by and large, most IT departments want to pay for software and support. Not for the sub-contracted hoards of geekdom to descend on the datacenter when the latest *nix server product gets a corrupt filesystem.
Running an anti-malware product is necessary because the vast majority of people are either ignorant of what they’re doing on a computer, or just too damn stupid to realize that facebook isn’t going to send them an attachment in an email.
</end rant>
Buffer overflow exploits via .pdf / .swf (sometimes Java applets, but lesser so) are the current infection points. If you have Adobe Reader and Flash installed and you aren’t using Firefox + NoScript, you aren’t as safe as you think you are. Adblock helps a bit. NoScript helps a lot, but even that isn’t perfect if the top level domain you trust gets hacked and < iframe >’s you to a malicious .pdf file that then loads up a Zeus trojan .exe that no anti-virus can detect. (Zeus toolkits dynamically generate a different .exe and cannot be proactively detected well)
Most anti-virus software today is reactive, not proactive. Only companies investing heavily in HIPS (Host Intrusion Prevention) are going to go anywhere in the future. Instead of looking inside executables, start detecting odd < iframe >s on pages, scan .pdf and .swf files for odd tags, and prevent sudden and unwanted changes to the registry from executables coming from the browser cache unless explicitly allowed.
Congrats to OSNews choosing a content / commenting system that strips the < iframe > tag, btw. Bravo.
We didn’t choose it, we built it! 🙂
And do you (or anyone else out there) know whether Chrome’s sandbox would protect against the buffer overflow exploits you describe?
Well then, kudos to you guys! It’s a refreshing and rare thing to see people care about sanitizing input.
I don’t see Chrome’s sandboxing preventing a PDF or SWF overflow from executing / accessing files, especially if the filesystem is FAT / FAT32. It all depends on how the PDF / SWF is written, and if UAC is enabled and the user is vigilant, etc.
A programmer buddy of mine who works at Kayako and now some web-based firm had a virtual machine infected, and he uses nothing but Chrome across the board. No prompts, just loaded a page with an advert and *BLAM* fake anti-virus pop-ups everywhere. Nothing that a roll-back can’t cure, but it is possible and I’m not too surprised.
Open Adobe Reader RIGHT NOW and hit Edit -> Preferences. Under Internet, uncheck Display PDF in browser. Under Javascript, uncheck Enable Adobe Javascript. Congratulations, you are now much, much more secure than you were a minute ago. To go another step further, install Secunia PSI and scan your system occasionally; install any patches as needed.
I’ve seen every trick in the book: javascript functions that take in obfuscated text BACKWARDS to parse it into a URL, to hide the URL from AV / HIPS scanners. As soon as AV companies start to detect this kind of thing, the malware groups just add another layer. The rabbit hole goes deeper and deeper. There was one page that had functions written in ten different languages.
malwaredomainlist is a great place for people to get their hands on this kind of code in the wild and experiment with it. Remember to lock your VM down if you do! I would even recommend running the Windows VM in a Linux host, just for absolute safety.
Edited 2010-04-24 17:46 UTC
I can also provide a browser security anecdote:
http://arstechnica.com/security/news/2009/03/chrome-is-the-only-bro…
Disabling Javascript in Adobe Reader is good advice but I would go a step further and suggest an alternative like Foxit. Java should only be installed if absolutely needed. It’s such a shame that so many websites still use Java when there are better alternatives.
http://krebsonsecurity.com/2010/04/unpatched-java-exploit-spotted-i…
A quote from that link:
“the contestants are required to do this in default browser installations without plugins such as Flash or Java, which are commonly used as vectors for attacks.”
So basically, not a real world situation.
Every product has security flaws… the security software / anti-virus needs to look at the choke points and protect those, instead of stupid hash detection or proactive detection that hits almost as many false positives as it does legit malware. Choke points being, the registry keys that have to be changed for a program to survive a reboot, the installation of a device driver or service, etc.
In a business environment, tell me how we are going to move thousands of users who are accustomed to Adobe Acrobat / Reader to FoxIt without training or extensive documentation, re-training of the Help Desk, etc.
To boot, FoxIt has it’s own slew of security issues. There are PDFs out there that buffer overflow FoxIt as well, just scan Secunia or disclosure sites for a few examples. Security via obsecurity doesn’t work in an age of targeted attacks.
I’m not trying to toot my own horn, but I used to work for a major AV security company and I’m only putting this kind of thing out there to help people be better protected. Google Chrome does have the ability to control javascript execution per site now, but you have to whitelist them manually, which is a huge pain. If you could simply right click the address bar and then choose allow top-level site, it would be manageable and I would switch from Firefox / NoScript almost immediately. With the current model, however, Firefox is easier to manage, although quite a bit slower.
Edited 2010-04-24 21:59 UTC
In a business environment, tell me how we are going to move thousands of users who are accustomed to Adobe Acrobat / Reader to FoxIt without training or extensive documentation, re-training of the Help Desk, etc.
In a business environment Acrobat/Acrobat Reader is the de-facto standard and it’s probably really tough to try to get people to move on to something else.
But for home users I often suggest SumatraPDF. It’s pretty snappy, small, and doesn’t seem to suffer from the same vulnerabilities as Foxit or Acrobat, atleast not when I’ve tried it in a VM with an infected file. It lacks some of the capabilities of its bigger brothers, though, but it could very well be worth the small effort of trying if you know someone who only needs to read PDF files, not edit them
This is probably a dumb question, but what’s to retrain in operating a PDF viewer? GO to page x, read, next page, read, fill out form, print/send… etc. I can understand maybe needing to retrain if you were to switch wordprocessors or something, but a document viewer?
I think the problem with Sumatra is that it is too light, as in missing too many features even for home users. It’s like the notepad of pdf readers. As soon as they want to do something beyond reading the file they will just go and install Adobe reader. I really can’t recommend it for that reason.
That’s a fair concern for changing office suites but a pdf reader? It’s not like you can do that much with a pdf.
The vast majority of pdf exploits only work with Adobe reader. It’s not that I believe FoxIt to be 100% unhackable, it’s more Adobe’s abysmal security record.
http://www.computerworld.com/s/article/9157438/Rogue_PDFs_account_f…
Yes it does because those attacks are often targeted at the largest targets. It just shouldn’t be relied upon as a sole method of defense.
I’ve never trusted the Mozilla code base and I think their security record in the past was more due to IE6 being an easy target. Last year Firefox had far more vulnerabilities than IE8
Despite being the most attacked browser, IE had 45 reported vulnerabilities, compared with 169 vulnerabilities reported for Firefox.
http://news.cnet.com/8301-27080_3-20002879-245.html
Thank God we ditched McAfee 3 years ago, I would be pulling my hair out right about now with every user in my corp banging down my door.
I am stuck using Windows at work, for us to change to another platform such as Linux or Mac is not an option due to our software vendors. Fortunately I have one AV vendor defending my desktops and servers, and 3 other AV vendors sitting in the UTM on the perimeter, very rare we ever get anything through.
There will always be false positives in AV, but how McAfee slipped up on this one I can’t even begin to imagine.
Who ever was doing the QA on that DAT needs to be shown the door, maybe he can hang the bum who worked for Apple who left the Iphone prototype in the bar because he got a little too blitzed. (They can both be scrubbing Steve Jobs’s porcelin IGod….)
False positive is nothing new. Symantec AV crashed thousands of PC in China in year 2007 with blue screen of death.
http://www.computerworld.com/s/article/9019958/Symantec_false_posit…
http://texyt.com/symantec+china+compensates+antivirus+victims+angry…
Symantec also cause hundreds of PC in my company to crash with blue screen in year 2008 when one of its live update virus definition is corrupted.
Symantec and McAfee outsource their programming to cheap labour in India. When you pay peanuts, you get monkeys. If you expect quality, look elsewhere
Edited 2010-04-24 08:48 UTC
Remember AVG Anti-Virus attacking a Windows (Vista?) system file and so many people were upset?
I can’t imagine that McAfee are feeling any better, though they don’t have a huge number of free users, though they have those free trials.
Actually home users were spared from the beating, it hit corporate customers and was caught before everybody else got hit. Which in some ways is kind of worse, because there is a much bigger sting to a whole company’s worth of computers going down, than a bunch of random home computers.
Didn’t AVG also only hit one language of Windows? I think it was the German version wasn’t it? And I don’t believe AVG brought down any vital systems in German-speaking locales either, though this is probably because most corporate users don’t use AVG of any kind.
Norton and McAfee, the real viruses. Those two most common have to be the worst virus protection in existence.
This is very goddamn true.