Slashdot Mirror
McAfee Kills SVCHost.exe, Sets Off Reboot Loops For Win XP, Win 2000
Kohenkatz writes "A McAfee Update today (DAT 5958) incorrectly identifies svchost.exe, a critical Windows executable, as a virus and tries to remove it, causing endless reboot loops."
Reader jswackh adds this terse description: "So far the fixes are sneakernet only. An IT person will have to touch all affected PCs. Reports say that it quarantines SVCHOST. [Affected computers] have no network access, and missing are taskbar/icons/etc. Basically non-functioning. Windows 7 seems to be unaffected."
Updated 20100421 20:08 GMT by timothy: An anonymous reader points out this easy-to-follow fix for the McAfee flub.
It seems to be very willing to take the whole machine down. Speaking of which, did anyone at McAfee even bother to test this dat on a Windows XP machine?
For those who seek perfection there can be no rest on this side of the grave.
Well, with McAfee, the cure has been worse than the disease for over a decade now. But the cure is easier to explain to management.
I have seen the future, and it is inconvenient.
Or you can go back to pencil and paper. Much more cost effective than Linux.
Funny that one of the 'false reasons' against Open Source is liability
So are you going to sue the bastards for lost time and productivity?? You should.
how long until
Seriously, though, we got hit hard with this.
I'm trying to avoid having this happen. I just called our guy who manages the AV server (among other things) and sent him this. He was skeptical, but wasn't opposed to rolling back the server to using 5957 for now until more builds on this story. My system hasn't updated to 5958 yet, even though the AV server was set to deploy that. Let's hope for the best...
Posts not to be taken literally. Almost everything is sarcasm.
I think the people who have software that autodeploys updates to 20-50k employees without getting a say in the matter (i.e. testing, change management, etc.) have a lot more to answer for. When the software that supposed to *save* your productivity by preventing viruses ends up doing this to your sites, it's time to just throw it in the bin.
because it comes pre-bundled into every machine from just about every major vendor, and people are too lazy and stupid to find/get something better
"I disapprove of what you say, but I will defend to the death your right to say it." - Evelyn Beatrice Hall, re Voltaire
By God, you're right!
Your wise advice has galvanized me to action!
I am switching the entire company over to Linux this very instant.
Just as soon as I find the AutoCAD for Linux install CDs.
None of them can see the clouds; The polished wings don't care.
It's days like this that make me glad I set our ePO server to wait a day to distribute new DATs. I've been considering an AV change, this seals it!
Don't be a typical smug IT guy. You really think the average consumer is going to go buy a PC and think, "Hey, let me research this anti-virus thing. I think McAfee might suck." No. Why would they do that? Isn't that why they are coughing up the big bucks to begin with, so that they don't have to? Weather or not they have valid reason to worry is beside the point. Don't call them stupid though. I can't stand the stigma attached to IT guys, but alot of the times the stigmas are valid.
How about nothing is executable until you explicitly change the permissions, and nothing on removable media is executable. That way there is no accidental running of any programs.
Autorun should have been killed when Windows 95 was still around. It's such an obvious security risk.
Follow me