Slashdot Mirror

← Back to Stories (view on slashdot.org)

McAfee Anti-Virus Causes Widespread File Damage

Posted by ryuzaki0 on from the who-can-you-trust? dept.

AJ Mexico writes, "[Friday] McAfee released an anti-virus update that contained an anomaly in the DAT file that caused many important files to be deleted from affected systems. At my company, tens of thousands of files were deleted from dozens of servers and around 2000 user machines. Affected applications included MS Office, and products from IBM (Rational), GreenHills, MS Office, Ansys, Adobe, Autocad, Hyperion, Win MPM, MS Shared, MapInfo, Macromedia, MySQL, CA, Cold Fusion, ATI, FTP Voyager, Visual Studio, PTC, ADS, FEMAP, STAT, Rational.Apparently the DAT file targeted mostly, if not exclusively, DLLs and EXE files." An anonymous reader added, "Already, the SANS Internet Storm Center received a number of notes from distressed sysadmins reporting thousands of deleted or quarantined files. McAfee in response released advice to restore the files. Users who configured McAfee to delete files are left with using backups (we all got good backups... or?) or System restore."

13 of 353 comments (clear)

  1. The Risk by eldavojohn · · Score: 4, Insightful
    I think it's funny how on McAfee's site, they list the risk of the virus they are trying to identify:
    Corporate User : Low
    Home User : Low
    Did they forget to include that the risk of installing McAfee Anti-Virus for any user : High?

    Wait a minute, it is identifying some system files that Windows put on my machine! I guess the Mac & 'nix freaks are right, Windows really is a virus. I hope it's only a matter of time before my next virus definition assesses Internet Explorer & Windows Media Player as full blown Trojan viruses distributed as malware with my OS.
    --
    My work here is dung.
    1. Re:The Risk by Aspirator · · Score: 5, Insightful

      One of the commonly percieved risks of viruses is that
      'they will delete your files'.

      In one fell swoop it seems as though McAfee may have deleted more files
      than all the viruses it has removed would have.

    2. Re:The Risk by stinky+wizzleteats · · Score: 3, Insightful

      I guess sys admins got lazy on testing virus scanner updates before rollouts.

      That's very funny. When a ubervirus thrashes a couple of corporate networks to the tune of a billion dollars apiece, we hear "Stupid admins - the patch was available - they weren't keeping up". Now it's "They should have tested before rolling them out." (paraphrased)

      It appears, therefore, that using a system that is subject to viruses and security vulnerabilities on the scale of Windows is inherently untenable. We can't even define logically consistent expectations for the administrators of such systems. Can we stop using them now?

  2. Re:who-can-you-trust? by dc29A · · Score: 4, Insightful

    This is one of the major reasons I use open source software. Its hard to trust corporations who only tell you lies to preserve their public image.

    Do you really think Open Source AV can't fsck up your PC if there are bugs in it? And let's be honest, how many people actually look at the source of programs (updates) they install? I am a programmer, and I never looked the code of an Open Source program I installed for the sake of "Let's make sure this update won't fsck up my PC". I look at the code because I am curious to see how they do certain things, or I want to change some annoying aspect of it.

  3. Same as with safety belts by Opportunist · · Score: 4, Insightful

    Every once in a blue moon, some poor person dies because he or she didn't get out of the burning car because of the belt. Then someone will stand up and say "See? I don't use them and if they didn't, they'd live as well. I drive carefully, I don't get into accidents, so I don't need them!"

    The problem is, you never know. It's not only foolishness that gets a trojan onto your system. They come with presumably legit software, even from reputable companies. An infected driver CD is all it takes. Shareware CDs or other CDs slapped on magazines, do you think they have a lot of time to make just perfectly sure the programs are clean? A lot of shareware comes bundled with adware, do you read all those EULAs? And do you think they tell the full truth? Can you read through the legalese?

    I won't get into system bugs and other exploits.

    So yes, you don't really need safety belts. But it sure feels a bit more secure with them.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  4. Where should users turn? by babbling · · Score: 4, Insightful

    When the virus scanners act like viruses, what should users do? This isn't the first time a virus scanner has screwed up, and it probably won't be the last time, either.

    Furthermore, a lot of virus scanners have an option to "auto-update". Imagine if an entire company had this option turned on.

    Virus scanners have always been a bad solution to the problem of viruses. They don't fix the problem at its root. Instead of ensuring their operating system has no known security holes, users now rely on virus scanners to just catch everything that comes through. Any determined attacker could still just craft a custom virus to attack any host they desire. Since the virus scanner companies wouldn't have come across that particular virus, it wouldn't get picked up.

    Would you fix the holes in a boat with sticky tape instead of checking that the boat doesn't have holes before you put it in the water?

  5. Ye don't always get what ye pays for by cgenman · · Score: 4, Insightful

    People percieve paid software to be superior to free alternatives because A: nothing could go wrong with paid software and B: if something did go wrong, obviously the company would indemnify / rectify / fix the problem.

    Likewise, the perception is that the more expensive the software (and the bigger the box it comes in) the more protection you are afforded. And that the company won't suddenly decide to change direction / stop supporting the software / etc.

    Yet time and time again this is shown not to be true. McAfee uninstalls arbitrary files on your computer (how'd that get through testing?) and just tells users to re-install from backup... exactly the kind of calamity the software is supposed to prevent. Part of WinNT5 was found to violate someone's patent, and anyone using that particular (admittedly rare) function had to pony up to the original patent holder or write a workaround.

    As far as I can tell, the "little guys" software tends to be better in general than the big boys. Why? Because they're still trying. Before Norton was Symantec, they struggled to create an amazing toolkit of software tweaks that really did some great things. Now that their position is secure, they've hardly updated the suite to even work with XP, let alone taken advantage of the fixes and hacks that smaller houses have found. McAfee, once a nimble little company making a great little product, has been bloating for years. The more developers you add to a project, the less anyone knows about what the system is doing.

    A free alternative that has been around for a long time:
    AVG Antivirus
    There are others. Please post 'em below.

    --
    The ______ Agenda
  6. The real irony here.... by cbiltcliffe · · Score: 5, Insightful

    The real irony is that all the people who are too lazy/stupid/uneducated to update their anti-virus subscription were protected against this.....

    --
    "City hall" in German is "Rathaus" Kinda explains a few things......
    1. Re:The real irony here.... by ummit · · Score: 4, Insightful
      Are you a teenager?

      Looks to me like he's a smug user of computing platforms that are actually, inherently, mostly secure.

      ...those paying for an anti-virus subscription being somehow incompetent.

      It seems there are yet a few little boys who dare to say "The Emperor has no clothes" when confronted with the, yes, staggering incompetence with respect to security which is rampant within the mainstream PC world.

      1. adopt a platform with no inherent security
      2. become utterly dependent on it such that you can neither abandon it nor correct its inherent flaws
      3. spend extra time and money on extra, after-the-fact "security" applications which, at best, give you a slight headstart in what's still a footrace between the white hats and the black hats (a race in which the black hats still seem to be holding their own)
      4. put up with lost files and more lost time when the "security" software runs amok
      5. to make yourself feel better while you're waiting for your backup tapes to read, belittle someone who has the audicity to wash his hands of your chosen platform's sorry problems.
  7. Re:Saw it coming (sort of) by simong · · Score: 4, Insightful

    I don't think there really is a way apart from having verifiable restorable backups of every system prior to patching. I was having a conversation along these lines this morning and the agreed solution was to have an identical test platform and install on that first, allow it to run long enough for any problems to arise and only then implement on a production system. That's the ultra-conservative approach but many years in financial services have shown that that's the only way of being certain.

  8. Re:Don't use anti-virus! by PFI_Optix · · Score: 4, Insightful

    Apparently, it is.

    I've used it at home for a little over four years and worked with it for three years as an administrator. I have NEVER had a virus on any XP system I was responsible for.

    In fact, the only virus I've ever had a problem with was an infected Windows 2000 domain controller that was SUPPOSED to be managed by corporate IT. They hadn't updated it in well over a year and wouldn't let me touch it until it started crashing (and those geniuses had it as the exchange server as well...again, I couldn't change that).

    In both cases, I didn't go to extreme measures to secure the systems. I used automatic updates, both a standalone firewall and Windows Firewall, and antivirus (AVG Free at home, Symantec Corporate at work). That, and I educated my users on what NOT to open from their e-mail.

    A good way to teach your users not to open strange attachments is to give them a dummy one that will just let you know who opened the file. I arranged with management to do this one day...send out a trojan-like e-mail with a script that would write a file with the username in it to one of the network shares and see who opened it.

    The next day I unplugged one of the network switches for fifteen minutes at the beginning of the day, told them it was because some people had opened "virus e-mails" (management knew the truth) and then plugged it back in. I talked to the people who had opened the "virus" e-mails and gave them an in-depth training session on why it's a bad thing to open every attachment you get on e-mail. From then on, they wouldn't touch anything that was even remotely suspicious.

    Three years, nearly 100 users, and ZERO penetration on my systems. It's not rocket science.

    --
    120 characters for a sig? That's bloody useless.
  9. Re:Help! by rikkards · · Score: 3, Insightful

    That's great but what if someone introduces a virus through other means i.e usb key, infected laptop, etc. Firewall won't help much internally

  10. Re:CTX undo file by stry_cat · · Score: 5, Insightful

    Who in their right mind is going to download and run a script off of an unknown website? I'm sure you're trying to help, but no one should do this. Otherwise they'll need more than just McAfee to fix their computer.