Slashdot Mirror
McAfee Kills SVCHost.exe, Sets Off Reboot Loops For Win XP, Win 2000
Kohenkatz writes "A McAfee Update today (DAT 5958) incorrectly identifies svchost.exe, a critical Windows executable, as a virus and tries to remove it, causing endless reboot loops."
Reader jswackh adds this terse description: "So far the fixes are sneakernet only. An IT person will have to touch all affected PCs. Reports say that it quarantines SVCHOST. [Affected computers] have no network access, and missing are taskbar/icons/etc. Basically non-functioning. Windows 7 seems to be unaffected."
Updated 20100421 20:08 GMT by timothy: An anonymous reader points out this easy-to-follow fix for the McAfee flub.
It seems to be very willing to take the whole machine down. Speaking of which, did anyone at McAfee even bother to test this dat on a Windows XP machine?
For those who seek perfection there can be no rest on this side of the grave.
Well, with McAfee, the cure has been worse than the disease for over a decade now. But the cure is easier to explain to management.
I have seen the future, and it is inconvenient.
You could also choose Linux instead of Windows.
Or you can go back to pencil and paper. Much more cost effective than Linux.
Funny that one of the 'false reasons' against Open Source is liability
So are you going to sue the bastards for lost time and productivity?? You should.
how long until
Seriously, though, we got hit hard with this.
I'm trying to avoid having this happen. I just called our guy who manages the AV server (among other things) and sent him this. He was skeptical, but wasn't opposed to rolling back the server to using 5957 for now until more builds on this story. My system hasn't updated to 5958 yet, even though the AV server was set to deploy that. Let's hope for the best...
Posts not to be taken literally. Almost everything is sarcasm.
That's not enough any more; even reputable websites can often be easily compromised either through SQL injection, XSS, compromised ad server or some other mechanism and apps like Adobe Reader, Office, Flash, Foxit Reader, Firefox, Java, VLC and more have all experienced serious vulnerabilities in recent months, which have often remained unpatched for long periods of time.
I finally gave in and installed my home-licensed copy of Sophos (provided by my work) because there are too many factors outside of my control these days and short of isolating my PC from all external data sources there's no way to be sure and I'd rather have a backup in case I miss something.
What I want to know is how does something like this happen? You would think McAfee takes their new patch and tests it to make sure that it doesn't cause this type of annoying issue. How does something like this slip through the cracks?
I think the people who have software that autodeploys updates to 20-50k employees without getting a say in the matter (i.e. testing, change management, etc.) have a lot more to answer for. When the software that supposed to *save* your productivity by preventing viruses ends up doing this to your sites, it's time to just throw it in the bin.
because it comes pre-bundled into every machine from just about every major vendor, and people are too lazy and stupid to find/get something better
"I disapprove of what you say, but I will defend to the death your right to say it." - Evelyn Beatrice Hall, re Voltaire
Will you come to my workplace and enforce these rules (and the rules that others are responding with)? I see several desktops on my network downloading infected pdfs or trojans according to my SEP console. Thankfully these users aren't administrators, but the exploits are just a privilege escalation away from ownage.
Class action lawsuit with a settlement for a one dollar McAffee credit for all affected users?
There is a lot of business software that runs only on windows so the whole "just switch to linux" thing is quite impossible in many cases. Of course the problem here isn't windows, it's McAfee, but don't let that stop you from pretending that linux is superior to windows in every way.
The needs of the business dictates what O/S is used. Sometimes linux is best, sometimes windows is. If I acted like a fanboy and let my personal bias overrun the needs of the company then I wouldn't have a job for very long, and neither would a lot of other people in I.T.
In my case it's pretty easy though. The software doesn't exist for linux that could fill our business needs so switching from windows to linux would be a horrible choice, ruin the company, and put a lot of people out of work.
Remember, dreaming is free...until you forget your dreaming.
By God, you're right!
Your wise advice has galvanized me to action!
I am switching the entire company over to Linux this very instant.
Just as soon as I find the AutoCAD for Linux install CDs.
None of them can see the clouds; The polished wings don't care.
It's days like this that make me glad I set our ePO server to wait a day to distribute new DATs. I've been considering an AV change, this seals it!
Don't be a typical smug IT guy. You really think the average consumer is going to go buy a PC and think, "Hey, let me research this anti-virus thing. I think McAfee might suck." No. Why would they do that? Isn't that why they are coughing up the big bucks to begin with, so that they don't have to? Weather or not they have valid reason to worry is beside the point. Don't call them stupid though. I can't stand the stigma attached to IT guys, but alot of the times the stigmas are valid.
From some of the other comments on this story, from sysadmins fixing this, it sounds like it hits near completely- or completely-patched XP machines. That's extremely silly a thing to just 'whoops' on.
How about nothing is executable until you explicitly change the permissions, and nothing on removable media is executable. That way there is no accidental running of any programs.
Autorun should have been killed when Windows 95 was still around. It's such an obvious security risk.
Follow me