Slashdot Mirror

← Back to Stories (view on slashdot.org)

McAfee Anti-Virus Causes Widespread File Damage

Posted by ryuzaki0 on from the who-can-you-trust? dept.

AJ Mexico writes, "[Friday] McAfee released an anti-virus update that contained an anomaly in the DAT file that caused many important files to be deleted from affected systems. At my company, tens of thousands of files were deleted from dozens of servers and around 2000 user machines. Affected applications included MS Office, and products from IBM (Rational), GreenHills, MS Office, Ansys, Adobe, Autocad, Hyperion, Win MPM, MS Shared, MapInfo, Macromedia, MySQL, CA, Cold Fusion, ATI, FTP Voyager, Visual Studio, PTC, ADS, FEMAP, STAT, Rational.Apparently the DAT file targeted mostly, if not exclusively, DLLs and EXE files." An anonymous reader added, "Already, the SANS Internet Storm Center received a number of notes from distressed sysadmins reporting thousands of deleted or quarantined files. McAfee in response released advice to restore the files. Users who configured McAfee to delete files are left with using backups (we all got good backups... or?) or System restore."

6 of 353 comments (clear)

  1. Not surprised by QuantumPion · · Score: 5, Interesting

    This is a major problem with anti-virus software. Because of their blacklist model, they have to release definitions and updates very frequently. They have to release these updates as quickly as possible as well, or else their subscribers will be infected with these viruses before they get the updates. In addition, their software is very bloated and complicated, needing to be able to defend against a huge variety of attacks, both immidiate and obsolete. This results in a very error-likely situation. What the network security companies need to work on is an innovative way to effectively protect corporate and home networks without having to use dangerous bloatware.

    1. Re:Not surprised by MartijnL · · Score: 4, Interesting

      Well, Cisco's CSA (http://www.cisco.com/en/US/products/sw/secursw/ps 5057/index.html) does the exact opposite: you tell it what is allowed to run and it blocks everything else. It also runs a signature analysis so when something that you hadn't configured yet tries to perform an attack it alerts the user. It can become quite a task however to properly configure and you still need user awareness to keep them from clicking "YES" everytime like they do with every other popup they face (the other option is that you manage everything but then you will get flooded with support calls).

      --
      http://virtualize.wordpress.com/
  2. Saw it coming (sort of) by martyb · · Score: 5, Interesting

    Just last week, in response to: The Trouble With Software Upgrades I posted a question asking what do you do to protect yourself from automatic updates that go bad... but I got no responses. In light of the current situation, I'd really appreciate hearing some responses, here.

  3. Good catch by blueZ3 · · Score: 4, Interesting

    I dunno about the rest of that stuff, but the Adobe update manager is a virus in my opinion.

    It seems to have "infected" all of Adobe's recent product install CDs. Once it "infects" your computer it displays a popup whenever you open an Adobe app. As far as I can tell, there's no way to shut this off in the latest versions. So I've paid $x00 dollars for Acrobat, and it comes with a virus.

    --
    Interested in a Flash-based MAME front end? Visit mame.danzbb.com
  4. A tool for media giants by JasonEngel · · Score: 5, Interesting

    Comcast gives away McAfee AV for free to customers, so I tried it out. The only time it ever caught anything at all was a false-positive. Complete file system scans never ever turned up anything. However, if I opened a folder with a file in it called SetupDVDDecrypter_3.5.4.0.exe in it, McAfee would call it a virus and delete it. Didn't matter which version of the installer actually, it would delete it. Didn't matter if the AV program was configured to only quarantine suspect files, it would delete it. Didn't matter if I made an empty text file then renamed it to SetupDVDDecrypter_3.5.4.0.exe, McAfee AV would delete it. If I renamed the installer to something else, McAfee AV did nothing.

    Pretty obvious to me that it was just waiting to find files that media companies didn't like people to have on their own private property so I'm guessing that they must have gotten McAfee to agree to do their dirty work for them and call stuff they don't like a virus and automatically delete the file regardless of settings.

    But that's just my conspiracy theory.

  5. Anti-virus as virus? Yeah, I knew that already. by Whumpsnatz · · Score: 4, Interesting

    On an old WinME laptop, the only virus I ever had on it was Norton AntiVirus.

    I worked on a consulting job two years ago, and they told me I could use my own PC. No problem - except that, when I got there, they wanted to check it for virii. In an XP world, I was running Windows ME. So they loaded up Norton on my machine, and ran it for about 3 hours.

    Result? Nothing. No junk of any kind. Completely clean.

    Why? It helped that I had the free version of Zone Alarm, and the firewall on my DSL router definitely helped, but I think the biggest reason I had no problems was

    - Mozilla instead of IE
    - Eudora instead of Outlook.

    Completely clean, that is, except for the antivirus. That monster kept interrupting my work. It took a great deal of effort to get the beast out of my system.