Slashdot Mirror

← Back to Stories (view on slashdot.org)

McAfee Retracts Lowball Bug Damage Estimate

Posted by kdawson on from the had-our-fingers-crossed dept.

bennyboy64 writes "McAfee has changed its official response [warning: interstitial] on how many enterprise customers were affected by a bug that caused havoc on computers globally. It originally stated the bug affected 'less than half of 1 per cent' of enterprise customers. Now McAfee's blog states it was a 'small percentage' of enterprise customers. ZDNet is running a poll and opinion piece on whether McAfee should compensate customers. ZDNet notes a supermarket giant in Australia that had to close down its stores as they were affected by the bug, causing a loss of thousands of dollars."

13 of 233 comments (clear)

  1. I'm still wondering ... by khasim · · Score: 4, Insightful

    ... why they didn't test the new dat file against Windows system files.

    Seriously, we pay them a LOT of money for their product licenses and they cannot even test against known system files?

  2. Re:XP SP3 by SharpFang · · Score: 4, Insightful

    I guess less than half of 1% of all corporate customers are customers of McAffee.
    The right wording is everything.

    --
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
  3. AV on POS computer?? by wvmarle · · Score: 4, Insightful

    I feel sorry for that super market chain but: wtf is AV doing on a POS computer?

    POS should be a dedicated computer, running one and only one application (the POS software), on a thoroughly shielded LAN, talking to only a centralised server (or small network of servers if one is not enough) that collects the sales data and distributes prices etc. That server should itself be connected only to the POS network and a corporate LAN. In other words: no direct access out of the Internet, no web browsing, no local storage of any data files, no downloading, nothing that could have the most remote risk of a virus.

    Or am I missing something here?

    1. Re:AV on POS computer?? by Anonymous Coward · · Score: 4, Funny

      wtf is AV doing on a POS computer?

      This setup also seems somewhat redundant, since McAfee's AV itself is a POS.

  4. Re:McAfee by Anonymous Coward · · Score: 5, Funny

    I, too, not run Avast Home. Me switch to MS Security Essentials.

  5. Re:Really? by pinkj · · Score: 5, Funny

    Maybe Australia only has one big grocery store somewhere in the Outback. Kinda of like what we have in Canada except it's a giant igloo in northern Toronto.

  6. Which is more harmful? by goffster · · Score: 4, Funny

    McAfee or being part of a botnet?

  7. Getting real about things here by onyxruby · · Score: 4, Interesting

    First, McAfee blew this big time, that such a bug made it to production shows a complete breakdown in their internal processes. XP with SP3 is the number one OS combination in enterprise environments, and should have been the first thing that they tested on. Without doubt McAfee has liability on this and needs to get aggressive about damage control with clients.

    That being said, every one of these clients that was hit by this is just as guilty as McAfee is! They are in no better shape and those responsible need to be going management review for their failure. Enterprise Management 101 - nothing goes into production that has not been tested in a lab for pre-pilot and a small group of production computers for pilot! This is as basic as enterprise management gets. Every single environment that was taken down by this shows professional incompetence by their requisite IT departments.

    The only question is if it is the fault of management for failing to allow the budget and support needed for a lab for testing or if it is the fault of the IT staffer who never tested things as they should. This is without doubt one of the most public examples of IT incompetence to make the news in years. This is a case of sheer and utter incompetence by every affected party and no pity should be given. If pity were to be given, give it to the poor desktop techs that have to go around making apologies and manual fixes for everything.

    1. Re:Getting real about things here by onyxruby · · Score: 4, Informative

      As a matter of fact I do expect that. I have designed and set up processes for patch management, software distribution and similar testing for large enterprise environments for years. I have done so everywhere from very large financial institutions to health-care and government. The fact that you need to test daily does not change any principal of what I have said. For any enterprise not to have a dedicated lab to do exactly this kind of testing, or ever worse, not to to use it is sheer and utter incompetence.

      In no case should an automated update for an environment ever be released into production without testing. Even Microsoft gets this point and allows you to disable automatic patching to ensure that proper testing can be conducted. I'm not trying to sound harsh, but in all seriousness if you can't learn why testing /every/ production change is necessary from this debacle, than you do not belong in enterprise management. It really is that simple.

  8. Made quite a mess of some college networks, too. by ProdigyPuNk · · Score: 5, Interesting

    A buddy of mine is in IT at a college in the area. This affected almost all of their computers. Although it's harder to put a dollar figure on, the students and professors were NOT happy when all of the computer labs on campus went down, along with a "server" or two. Ever seen professors gets mad ? Now imagine your an IT guy and the professors can't access their online grade books that you pushed them into using. I really think McAfee is going to have a big problem on it's hands come contract renewal time. Pissed off IT people have long memories!

  9. Oblig. xkcd by wvmarle · · Score: 4, Insightful

    Quite apt, even though not POS: http://xkcd.com/463/.

  10. Sorry. PCI Rears its ugly head again. by knarfling · · Score: 4, Informative

    Even though it is Windows, there is absolutely no technical need for AV when the application is so limited.

    Fixed that. I am afraid that the Payment Card Industry (PCI) differs from your opinion.* In their infinite wisdom**, PCI has decreed that ALL computers need to be running AV. After, all, if it is good for the desktop, it must be good for the servers, right? And since a virus can be spread from anywhere to anywhere, all computers need to have their own protection.

    I know it seems silly, but many of the PCI Audit Drones actually believe this. I spent hours trying to convince an auditor that we did not need AV on a Linux server that cannot accept email and has no internet connection. If the PCI Audit Drone finds a computer without AV, you fail the PCI Audit. If you fail the Audit, you get marked as failing on a public web site. If you fail enough times, you lose your ability to accept credit cards. So the need to have AV on a POS is there, it is just not a technical need.

    *Reality
    **For very, very small values of infinite

    --
    Great civilizations have lived and died on false theories. Don't mess up mine with a few facts.
  11. Re:what it did to my 11'000 computers by Blakey+Rat · · Score: 4, Funny

    who the
    fuck taught you to
    type? your
    line spacing is the
    strangest thing i've ever seen and

    your reluctance to use punctuation and the
    shift key (except for one comma that
    snuck through) boggles the
    mind

    --
    Comment of the year