Slashdot Mirror

← Back to Stories (view on slashdot.org)

McAfee Retracts Lowball Bug Damage Estimate

Posted by kdawson on from the had-our-fingers-crossed dept.

bennyboy64 writes "McAfee has changed its official response [warning: interstitial] on how many enterprise customers were affected by a bug that caused havoc on computers globally. It originally stated the bug affected 'less than half of 1 per cent' of enterprise customers. Now McAfee's blog states it was a 'small percentage' of enterprise customers. ZDNet is running a poll and opinion piece on whether McAfee should compensate customers. ZDNet notes a supermarket giant in Australia that had to close down its stores as they were affected by the bug, causing a loss of thousands of dollars."

40 of 233 comments (clear)

  1. XP SP3 by Enderandrew · · Score: 3, Insightful

    I thought this affected anyone running XP SP3, which I expect would be a majority of enterprise desktops, not less than half of one percent.

    --
    http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
    1. Re:XP SP3 by SharpFang · · Score: 4, Insightful

      I guess less than half of 1% of all corporate customers are customers of McAffee.
      The right wording is everything.

      --
      45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
    2. Re:XP SP3 by GIL_Dude · · Score: 2, Interesting

      It really depends on the intersection of folks running McAfee along with SP 3 in the enterprise. My company is just finishing a migration to Vista, but we still do have about 15,000 Windows XP SP3 desktops (not done deploying yet). However, late last year, I was at a MS Global Accounts meeting (35 very large companies) and NONE of the rest of them had deployed SP 3 for their XP machines. They were all on SP 2 and were harping on Microsoft about the end of support for SP 2 that was fast approaching. None of them wanted to deploy SP 3. It was flabbergasting to me, but they just didn't want to do it. So none of those companies were impacted - even if they ran McAffee.

    3. Re:XP SP3 by Jazz-Masta · · Score: 2, Informative

      You should also add to this the statistic of how many corporations use their own distribution server (middleman). Even if clients poll daily, the corporation as a whole may only deliver updates weekly or may stagger updates to ensure they are tested in the wild before pushing them out to corporate clients.

      Not only this, but many Administrators manually review virus' before they are cleaned. I have caught a few false positives by doing manual checks.

    4. Re:XP SP3 by Enderandrew · · Score: 2, Informative

      Microsoft Forefront is what I'd suggest.

      --
      http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
    5. Re:XP SP3 by coniferous · · Score: 2

      I really like MS Security essentials... I hate to say it.. but I actully do trust Microsoft much more then McAfee and Symantec. I would try this out in a heartbeat.

    6. Re:XP SP3 by travisco_nabisco · · Score: 2, Informative

      I will second TrendMicro. We have a small organization ( 50 computers + servers) and have had no problems with TrendMicro's security suite.

    7. Re:XP SP3 by Jazz-Masta · · Score: 2, Funny

      The plural of virus is viruses. Also, there's no reason to capitalize administrators here.

      I know, I should proof-read more often.

      Oh well, we all make mistakes - some larger than others (McAfee).

    8. Re:XP SP3 by oldspewey · · Score: 2, Interesting

      I suspect that after this event, lots of enterprise customers will adopt the stance you propose ... either that or they'll abandon McAfee altogether.

      The company I work for got hit by this. My personal machine was spared (not running XPSP3), but many, many of my colleagues were down for an entire day or longer while this was getting figured out and cleaned up. A quick back-of-the-envelope calculation for lost productivity at my company alone would easily climb into 7 digits ... possibly even 8 digits. Now multiply that by the number of corporate customers that got hit.

      --
      If libertarians are so opposed to effective government, why don't they all move to Somalia?
  2. Really? by ircmaxell · · Score: 2

    ZDNet notes a supermarket giant in Australia that had to close down its stores as they were affected by the bug, causing a loss of thousands of dollars.

    A chain of supermarkets close down, and they only lose thousands

    of dollars? Really? I would expect that figure to be a lot higher than that for a single store... Think about all the fresh produce that'll go bad (that have daily deliveries). Think of the power usage (lights, refrigerators). And that's assuming that they aren't paying any of their employees while the store is closed. I'd imagine the loss would be on the order of tens of thousands of dollars per store. Not thousands of dollars across all of the stores...

    --
    If a man isn't willing to take some risk for his opinions, either his opinions are no good or he's no good
    1. Re:Really? by pinkj · · Score: 5, Funny

      Maybe Australia only has one big grocery store somewhere in the Outback. Kinda of like what we have in Canada except it's a giant igloo in northern Toronto.

    2. Re:Really? by Cimexus · · Score: 2, Interesting

      Nah - this is Coles. That'd be one of the "big two" Australian grocery retailers, with thousands of stores nationwide. I expect that 'loss of thousands of dollars' was many, many thousands (either that or it only affected a very small number of stores for a very small time before getting fixed).

      Actually I used to work at Coles (it was my first job!). Our store was the smallest one in the state but still had revenue of ~$300,000 a day...

  3. I'm still wondering ... by khasim · · Score: 4, Insightful

    ... why they didn't test the new dat file against Windows system files.

    Seriously, we pay them a LOT of money for their product licenses and they cannot even test against known system files?

    1. Re:I'm still wondering ... by eharvill · · Score: 2, Insightful

      Yup. Same in the organization I am currently working with. Out of 10s of thousands PCs potentially affected, only ~800 actually got nailed, fortunately none at their retail locations. I was one of the lucky ones. After we determined it was an AV issue I was up and running a few minutes later. Safe mode -> rename/delete the latest .dat files -> reboot. Mine didn't delete the svchost.exe like some others did for some reason. Sucks for the folks that aren't somewhat computer savvy and had to have someone walk them through the steps over the phone.

      --
      At night I drink myself to sleep and pretend I don't care that you're not here with me
  4. I wonder by mr_da3m0n · · Score: 2, Interesting

    ...If McAfee has a clause in their EULA somewhere that limits their responsibility, and should that be the case, if it is legally enforcable.

    Maybe someone with access to said EULA could look it up?

    Microsoft once pushed their accountability as a selling point for the Windows Server platform against Linux, if I recall well -- however their maximum responsibility was something like 50$. I wonder what is McAfee's stance in this regard.

  5. Necessary Evil by RayRuest · · Score: 2, Interesting

    It could only effect that few if the policies were set up update infrequently (ever few days or so). My policies are set to check for updates and push them frequently, so I got bitten. I have less than 100 desktops but am a 1 person shop. 4 hours of sneaker net repairs and corporate downtime. Thanks McAfee. There was at least 1 hospital in the area that had to resort to turning non-critical patients away. Don't these things get testing before release? These products are a necessary evil... they don't need to be more evil than the purpose they are attempting to provide.

  6. Re:WHAT???? by FearKratos · · Score: 2, Funny

    Symantec is so much better.

  7. AV on POS computer?? by wvmarle · · Score: 4, Insightful

    I feel sorry for that super market chain but: wtf is AV doing on a POS computer?

    POS should be a dedicated computer, running one and only one application (the POS software), on a thoroughly shielded LAN, talking to only a centralised server (or small network of servers if one is not enough) that collects the sales data and distributes prices etc. That server should itself be connected only to the POS network and a corporate LAN. In other words: no direct access out of the Internet, no web browsing, no local storage of any data files, no downloading, nothing that could have the most remote risk of a virus.

    Or am I missing something here?

    1. Re:AV on POS computer?? by ifrag · · Score: 3, Funny

      Or am I missing something here?

      That it was in Australia?

      --
      Fear is the mind killer.
    2. Re:AV on POS computer?? by Anonymous Coward · · Score: 4, Funny

      wtf is AV doing on a POS computer?

      This setup also seems somewhat redundant, since McAfee's AV itself is a POS.

    3. Re:AV on POS computer?? by EMG+at+MU · · Score: 2, Insightful

      I agree.
      However, when you have 200,000+ POS machines, management wants an AV.
      I hate McAfee, I hate using a AV instead of isolating a machine from removable media and the Internet. I hate spending money on AV when we could use it on something else. But when a franchise manager on the other side of the world lets one of his employees use the wifi or a printer or something, I'm glad there's an AV to protect my ass. Even though there shouldn't be a way the POS machines get a virus, the AV is kind of like car insurance: It protects you from accidents, costs too much money per year, someone else forced you to get it, and in the end when something shitty happens it kind of saves your ass.

    4. Re:AV on POS computer?? by Scyth3 · · Score: 2, Interesting

      Typically the POS desktops are talking directly to a server in the backroom. The server in the backroom is typically where a manager will check their emails (via Outlook), take training via a web site, etc. and it's also where the database for the POS client desktops is stored. Every night that small store server submits the data to a main server at the "home base". So, if the virus scan is on the server (typically is), and the machine goes down, then the business is effectively closed. It's not that the POS machines had a virus scanner on them, it's that the server does since it's used as a work machine for the manager as well. That's how one of the biggest auto part chains in the US operates. It wouldn't surprise me to see this elsewhere.

    5. Re:AV on POS computer?? by Locutus · · Score: 2, Insightful

      and why does a POS computer have an internet connection to get the updates? It reminds me of the story of how a bunch of trains had no signal systems because the computers controlling the railway signals were running Windows, connected to a LAN, and got infected with a virus and stopped operating the signals. I guess with admins, you get what you pay for and maybe those MCSE certs are worthless.

      LoB

      --
      "Anyone who stands out in the middle of a road looks like roadkill to me." --Linus
  8. Re:McAfee by Anonymous Coward · · Score: 5, Funny

    I, too, not run Avast Home. Me switch to MS Security Essentials.

  9. Which is more harmful? by goffster · · Score: 4, Funny

    McAfee or being part of a botnet?

  10. Getting real about things here by onyxruby · · Score: 4, Interesting

    First, McAfee blew this big time, that such a bug made it to production shows a complete breakdown in their internal processes. XP with SP3 is the number one OS combination in enterprise environments, and should have been the first thing that they tested on. Without doubt McAfee has liability on this and needs to get aggressive about damage control with clients.

    That being said, every one of these clients that was hit by this is just as guilty as McAfee is! They are in no better shape and those responsible need to be going management review for their failure. Enterprise Management 101 - nothing goes into production that has not been tested in a lab for pre-pilot and a small group of production computers for pilot! This is as basic as enterprise management gets. Every single environment that was taken down by this shows professional incompetence by their requisite IT departments.

    The only question is if it is the fault of management for failing to allow the budget and support needed for a lab for testing or if it is the fault of the IT staffer who never tested things as they should. This is without doubt one of the most public examples of IT incompetence to make the news in years. This is a case of sheer and utter incompetence by every affected party and no pity should be given. If pity were to be given, give it to the poor desktop techs that have to go around making apologies and manual fixes for everything.

    1. Re:Getting real about things here by onyxruby · · Score: 4, Informative

      As a matter of fact I do expect that. I have designed and set up processes for patch management, software distribution and similar testing for large enterprise environments for years. I have done so everywhere from very large financial institutions to health-care and government. The fact that you need to test daily does not change any principal of what I have said. For any enterprise not to have a dedicated lab to do exactly this kind of testing, or ever worse, not to to use it is sheer and utter incompetence.

      In no case should an automated update for an environment ever be released into production without testing. Even Microsoft gets this point and allows you to disable automatic patching to ensure that proper testing can be conducted. I'm not trying to sound harsh, but in all seriousness if you can't learn why testing /every/ production change is necessary from this debacle, than you do not belong in enterprise management. It really is that simple.

  11. Made quite a mess of some college networks, too. by ProdigyPuNk · · Score: 5, Interesting

    A buddy of mine is in IT at a college in the area. This affected almost all of their computers. Although it's harder to put a dollar figure on, the students and professors were NOT happy when all of the computer labs on campus went down, along with a "server" or two. Ever seen professors gets mad ? Now imagine your an IT guy and the professors can't access their online grade books that you pushed them into using. I really think McAfee is going to have a big problem on it's hands come contract renewal time. Pissed off IT people have long memories!

  12. I am sure they "forgot" to count third party AV. by JaCKeL+1.0 · · Score: 2, Interesting

    We use Sonicwall's security services, their anti-virus is a crippled version of Mcafee business. And we've been hit hard: Machine where going down but WITHOUT any explanation or any warning messages (this version is silent to the user) and since svchost was killed, no chance of getting in the event monitor or using any tools, it took me couple of hour to figure it was the AV. I am sure they "forgot" to add all those third party security solution who rebrand Mcafee solutions. What is making me mad is the way they try to play with "numbers" (a small percentage, half of a percent...) and the way they hide everything and to act like it didn't happen(go navigate on their website and try to find any information about this bug, they even closed their support form in the peak of the crisis). C'mon if you screwed up, at least PLAY FAIR and be sorry, we might forgive you.Pplaying the ostrich game will make us angrier.

  13. Oblig. xkcd by wvmarle · · Score: 4, Insightful

    Quite apt, even though not POS: http://xkcd.com/463/.

  14. Re:Testing before deploying? by X0563511 · · Score: 3, Insightful

    I know assumptions are bad, but is it really that big a stretch to assume the vendor tests their updates on their supported platforms?

    It's not like these were weird corner-cases.

    --
    For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
  15. Exactly what I was thinking by Freaky+Spook · · Score: 2, Informative

    McAfee must have had a really good sales guy to convince a Project manager that the POS machines needed AV, either that or who ever developed the POS machines didn't decide to secure them with Enhanced Write Filter, SteadyState, DeepFreeze or some other disk write protection so every time the machine is rebooted it loses all its write cache.

    Even though it is Windows, there is absolutely no need for AV when the application is so limited.

  16. Damage Limitation by MrNemesis · · Score: 2, Informative

    "McAfee Interwebs Secrutiny has detected that your outgoing mail to customerservices@mcafee.com, subject "You f**king idiotic t**tballs of a son of a ****** in the ******** with a hatstand!!!!" has been detected as Offensive Spam and will be deleted. Thank you for Trusting in McAfee! [TM]"

    On a more serious note, I ran into a few small shops that were badly hit, but most of the people I know who work in the enterprise have a time delay before the updates hit the machines, which is usually a hangover from the last time $av_vendor bollocksed up an update.

    Personally, I'm still a believer in most AV's being worse that the viruses themselves, and don't run any on my windows boxes - I don't think I've used a single one that hasn't fucked up at some point. Most of my colleagues feel the same way (and, IMHO, by the time it's hit your filesystem and you have that 20% chance of the AV detecting it, it's already too late anyway) and the only reason we run it at work is because of compliance issues... that and the majority of machines being a poorly patched IE6. Yay!

    --
    Moderation Total: -1 Troll, +3 Goat
  17. Compensate customers? by northernfrights · · Score: 2, Funny

    "ZDNet is running a poll and opinion piece on whether McAfee should compensate customers."

    Poll? Opinion piece??? This is fucking America. Spare me the nonsense, show me the lawyers.

  18. what it did to my 11'000 computers by Atreide · · Score: 3, Informative

    we have 11K computers

    only XP SP3 computers were impacted
    whether running Virus Scan 8.7 or 8.5

    but in fact less than 100 computers were impacted,
    1% compared to our total

    one thing that helped
    was employees had started to leave after work when update propagated
    and they shutdown computer when they leave

    it could have been a nightmare
    we were very lucky

    --
    The world belongs to those who get up early. - I'm far from being the king of Earth then :-(
    1. Re:what it did to my 11'000 computers by Blakey+Rat · · Score: 4, Funny

      who the
      fuck taught you to
      type? your
      line spacing is the
      strangest thing i've ever seen and

      your reluctance to use punctuation and the
      shift key (except for one comma that
      snuck through) boggles the
      mind

      --
      Comment of the year
  19. Not Windows' fault, but still its problem... by Animaether · · Score: 3, Informative

    ( Title after the VirtualDUB developer's excellent post entitled "Just because it is not your fault does not mean it is not your problem"; http://www.virtualdub.org/blog/pivot/entry.php?id=245 )

    Here's the thing.. it's not Windows' fault that some random program deletes svchost.exe , just as it isn't Windows' fault that any app or user can delete ntldr (e.g. a badly designed uninstaller).

    But it -is- a Windows problem because without those, it won't start up. So why is Windows even allowing these files to be deleted?
    I can't delete by hiberfil.sys even though all it is, is pre-allocated space for the hibernation functionality. If I deleted it, nothing would be lost, and upon hibernation it could re-allocate the required space or tell the user the drive is too full and they're SOL. But no - I simply can't delete it. But I -can- delete vital system files.

    So, no.. it's not Windows' fault that McAfee's virus scanner deleted the file. It -is- Windows' problem that they -can- in the first place.

    I realize that sometimes there may be a need for a 3rd party application to modify a system file - however rare - but then provide this through a proper mechanism that backs up the original and deletes/replaces on reboot only, with the option to deny the change on boot-up. ( System Restore points only go so far as you'll need the Windows CD/DVD in order to get to the restore utility if you can't boot into Windows anymore. It's also an overly complex solution to the simple problem of renaming files on bootup. )

  20. Worse than the disease? by Atrox666 · · Score: 2, Insightful

    When was the last virus outbreak that caused this much damage?

  21. Sorry. PCI Rears its ugly head again. by knarfling · · Score: 4, Informative

    Even though it is Windows, there is absolutely no technical need for AV when the application is so limited.

    Fixed that. I am afraid that the Payment Card Industry (PCI) differs from your opinion.* In their infinite wisdom**, PCI has decreed that ALL computers need to be running AV. After, all, if it is good for the desktop, it must be good for the servers, right? And since a virus can be spread from anywhere to anywhere, all computers need to have their own protection.

    I know it seems silly, but many of the PCI Audit Drones actually believe this. I spent hours trying to convince an auditor that we did not need AV on a Linux server that cannot accept email and has no internet connection. If the PCI Audit Drone finds a computer without AV, you fail the PCI Audit. If you fail the Audit, you get marked as failing on a public web site. If you fail enough times, you lose your ability to accept credit cards. So the need to have AV on a POS is there, it is just not a technical need.

    *Reality
    **For very, very small values of infinite

    --
    Great civilizations have lived and died on false theories. Don't mess up mine with a few facts.
  22. Re:No, not possible. by miguelfrommars · · Score: 2, Funny

    We temporarily lost 15 pcs yet company productivity went up. Less pron so they might as well work,eh? I've got no problem if McAfee would reissue that botched update now and then...