McAfee To Pay For PC Repairs After Patch Fiasco

Barence writes "McAfee has offered to pay for the PC repairs of consumers affected by last week's faulty antivirus update. The problematic patch falsely identified the SVCHOST.EXE Windows file as a virus, causing PCs running Windows XP SP3 to crash or enter endless reboot cycles. In a blog post addressed to 'Home or Home Office Consumers,' the company offered to reimburse PC repair expenses, though there was a notable caveat. 'If you have already incurred costs to repair your PC as a result of this issue, we're committed to reimbursing reasonable expenses,' the company said. 'Reasonable expenses' has yet to be formally defined."

Definately an

[sleekware]

epic fail.

Re:Definately an

[RuBLed]

epic win.

Re:Definately an

[Thanshin]

And a fricking hard to miss bug!

It questions the entire quality control system.

Re:Definately an

[Lord+Byron+II]

Didn't Google mark all websites as malware-infested about a year ago? All it takes is some engineer to mistype a single keystroke (a "*" in Google's case) and down the whole system comes.

Re:Definately an

[ByteSlicer]

It questions the entire quality control system.

What quality control system?

Re:Definately an

[JoshuaZ]

The epic fail was the initial bug. This response however is exactly what McAfee should be doing. Offering fairly spontaneously to reimburse people for their expenses incurred is good customer service and good damage control. It is also the ethical thing to do. When something is both the most ethical and most business-savvy course of action, that's a good thing. And that they are willing to do so when it essentially admits to the fact that they screwed up big time shows that they are willing to admit to their mistakes, something many people are not. When evaluating both corporations and people, look at how they respond to the serious failures and crises. McAfee has a good response.

Re:Definately an

Probably more like a .+ or [\w\d]*, but sure

Re:Definately an

[Thanshin]

All it takes is some engineer to mistype a single keystroke (a "*" in Google's case) and down the whole system comes.

A single engineer to mistype a single keystroke + A director of quality that proposed/allowed a quality control methodology that didn't include a single check between the engineers coding and the public receiving a new version.

Laying blame on those who don't have a large scale responsibility is, very often*, wrong.

*: Yes, a dev could've set a logic bomb when suspecting he'd be fired. And even then most of the blame was on the one who lost control on the future firing info.

Re:Definately an

[commodore64_love]

And people wonder why I rarely use virus software. The damage caused by the AVS is often worse than the actual virii or spybots. Seeing a "Windows XP can't boot" message is pretty damn annoying. I ended-up having to install KDE Ubuntu Linux instead, and never did recover my lost files (just videos fortunately).

Re:Definately an

Using the made-up "virii" as a plural for viruses makes you look like a retard.

Re:Definately an

[Twinbee]

I don't like anti-virus software and wouldn't dream of using anything Like Mcafee or Norton, but how is it a fail if they're willing to admit guilt and even PAY for any damages incurred?

Re:Definately an

[PIBM]

Usually it's not the file losses that are the worst, but rather the privacy of the information stored in your computer. People spend much more time fighting off against unwarranted charges on their billing / credit card than fixing the problems caused by either a virus or an anti-virus..

Re:Definately an

Using the made-up "virii" as a plural for viruses makes you look like a retard.

What is the plural of viruses anyway? Viruseses?

Re:Definately an

[Frosty+Piss]

The epic fail was the initial bug. This response however is exactly what McAfee should be doing.

Maybe so. But being familure with the lawyer thing, I smell a big fat Class Action (where of course the lawyers get paid big fat checks, and the consumers get a coupon).

Re:Definately an

People still use Windows XP?

Re:Definately an

[ComaVN]

Virusesii, obviously.

Re:Definately an

ditto. too many times middle managers cut on qa costs to increase their bonus and then pass the blame of defects to developers

Re:Definately an

[lennier1]

Why do I suddenly have to think of Perl? ;)

Re:Definately an

have the morons at McAfee got a bootable CD or USB stick which will fix the problem - to either mail out or download and burn from the website?

It's not just QA(?) that sucks with that company it is every darn level.

Re:Definately an

You should see some of the code that I see make it to production. ick.

Re:Definately an

epic.

Re:Definately an

[tlhIngan]

Maybe so. But being familure with the lawyer thing, I smell a big fat Class Action (where of course the lawyers get paid big fat checks, and the consumers get a coupon).

True, then again, accepting this payback probably excludes them from any other settlement. So a user has an option - get a refund for getting their computer fixed, or getting a coupon for a free 6 months of McAfee, but having to pay to fix their computer. The really dumb ones get a coupon and a broken computer.

Also, McAfee will probably hide behind the EULA for the class action, since the EULA probably also said they don't have to pay if they screw up your system anyhow.

Re:Definately an

[Frosty+Piss]

Also, McAfee will probably hide behind the EULA for the class action, since the EULA probably also said they don't have to pay if they screw up your system anyhow.

Class action lawyers ignore EULAs because they are unenforcable. The EULA is a wish list that has very little actual meaning.

Re:Definately an

[pnewhook]

A director of quality that proposed/allowed a quality control methodology that didn't include a single check between the engineers coding and the public receiving a new version.

ditto. too many times middle managers cut on qa costs to increase their bonus and then pass the blame of defects to developers

How about software prima donnas that think they are too good to make mistakes and say QA just gets in their way? I would say this is far more likely due to a software guy skirting the checks rather than there be no checks in place for an established company like McAfee

Re:Definately an

[Bakkster]

Ignoring, of course, that this is only reimbursing the private-use of the program. As of now, the corporations who were affected quite severely financially (for following suggested security measures) are still out in the cold.

Re:Definately an

[edittard]

What is the plural of viruses anyway?

A hyperplural?

Re:Definately an

[daremonai]

At least in Google's case, it didn't try to delete every website out there.

Though the idea of an "Internet reboot" does sound tempting sometimes.

Re:Definately an

[Thanshin]

How about software prima donnas that think they are too good to make mistakes and say QA just gets in their way? I would say this is far more likely due to a software guy skirting the checks rather than there be no checks in place for an established company like McAfee

Nope. Still wrong.

Who's the prima donna's boss and how did he let him have anything to do with the tests?

Re:Definately an

[commodore64_love]

>>>a dev could've set a logic bomb when suspecting he'd be fired

Genius. All I did was take a few pens and packs of CDs from the supply closet - $100 tops. Whereas this hypothetical developer cost McAfee millions. Nice.

Re:Definately an

[Thanshin]

Well, worst I've heard was placing a collection of magnets on the backup tape "drop slot".

Fortunately it was discovered on a minor file recovery, not a complete data loss.

Re:Definately an

People still use Windows?

Re:Definately an

[commodore64_love]

>>>Using the made-up "virii" as a plural for viruses makes you look like a retard.

Technically we are BOTH retards (yes you too). "Virus" has no plural in the original Latin language, just like the words "air" and "rice" and "earth" have no plural form.

Re:Definately an

[jank1887]

or, it's just a case of statistics being a bitch. given the number of updates that have to be pushed through the system, it's only a matter of time before the process lets a faulty one through. that it was so egregious is, well, unfortunate.

Re:Definately an

[GrumblyStuff]

Well... there's that "reasonable reimburses" bit and then only in conjunction with repairs to the PC. If, for instance, you/your company relies heavily on computers for production, billing, marketing, and/or customer interaction and those computers went tits up, you/your company would lose money, reputation, and/or customers from the getgo. So techs get scrambled and you have to dig into computer files to restore SVCHOST and disable McAfee.

But wait, if you're a small startup, maybe only self-employed, you ARE the tech. Or not. Did you keep track of your time frantically trying to get your computer up and running? Did you look up tech support in the phone book and run into some shit-for-brains Geek Squad monkeys?

Yes, yes, your IT personnel should always run stuff on test machine since the alchemical failures of computer tech is nigh impossible to predict. But... shouldn't a large anti-virus company have some testing if only to make sure their program doesn't attack the fucking OS?

Re:Definately an

While this is completely untrue, in general. It is especially untrue in the context of corporate/enterprise world where much of the liability is going to arise. In those cases, the EULAs are likely executed by someone, at some point, at each of those corporations. The agreement was also likely negotiated.

The falsehood that EULAs are not enforceable is prevalent on here, but that's not the case. Courts are very willing to enforce them as contracts. On the fringes, EULAs are rejected. But they're rejected under the same theories that other contracts are rejected, but no one goes around saying ordinary contracts are unenforceable and just a "wish list."

Re:Definately an

>>>Using the made-up "virii" as a plural for viruses makes you look like a retard.

Technically we are BOTH retards (yes you too). "Virus" has no plural in the original Latin language, just like the words "air" and "rice" and "earth" have no plural form.

Yeah, and back in the original Latin, used by a bunch of dead old guys, they didn't even HAVE words like "Twitter", "blogosphere", or "tacoriffic". What's your point?

Re:Definately an

Yes, but what about their enterprise customers? No reimbursement offered there, even thought that's where the biggest losses were. Who cares if Billy Bob couldn't watch porn at home? We had 850 doctors, nurses, $200/hr lawyers, police officers, and of course, run-of-the-mill office workers out of action for an entire day. Our organization lost about $150,000 worth of staff productivity as a result of this fiasco.

Re:Definately an

[Twinbee]

It's also more logical than the alternative. I'll never forgive the language for making us use commas inside quotes when obviously they belong outside.

Re:Definately an

[TheRaven64]

People still use computers?

Re:Definately an

[pyrr]

It IS kind of a win, as a result of this "fix", users couldn't exactly become infested with malware*, now could they?

*well, arguably a program that deletes svchost could be considered malware, maybe sometimes to save the village, you have to destroy it.

Re:Definately an

[elashish14]

That's great and all, but if I were a consumer, no matter how much they're compensating me, if I really had to make a serious choice of AV software, now I know that I'd probably never choose them. It doesn't matter how much compensation they provide; if something they make is going to disable my computer (which is essentially my life as I use it for all my work, including my thesis) then I'd never use it. The risk is too great and for something serious, you can't afford a flaw like this.

It's a shame, but no measure of compensation is enough to supplant a reliable and secure service.

Re:Definately an

Home users only. According to McAfee, almost everyone affected was an enterprise user. They don't expect this to cost them much.

Re:Definately an

[aix+tom]

The thing about contracts is that both sides have to agree before they enter into the contract.

So if a customer only gets to see the EULA after he bought the shrink-wrapped product in a store, it can't be part of the contract.

If on the other hand they (for example) download a trial version and had to (or at least were able to) read the EULA before buying the License, then it can be enforceable.

Re:Definately an

[blair1q]

Someone set us up the patch...

(had to be said, and probably was, but it's monday, and I don't use McRapifee, so i felt compelled)

Re:Definately an

The next time that your organization says "Macs are too expensive", just give the bean counters a copy of your post.

Re:Definately an

[ccarson]

I just called customer service to claim my 2 year extended service, afforded to customer's effected by last weeks outage (according the the article above). I was told that they haven't received authorization to provide that. I replied that I wanted my account canceled in which case I was hung up on. Looks like I'll be going with another anti-virus company on the next go around.

Re:Definately an

[pnewhook]

You really think a large company like McAfee wouldn't have these controls in place? This is clearly a case of someone skirting the rules and not following process.

Re:Definately an

[Z34107]

People still- *hurk* *gaaaaaaaasp*

Re:Definately an

[Chris+Mattern]

It questions the entire quality control system.

Or it gets the hose again...

Re:Definately an

[Chris+Mattern]

It's also more logical than the alternative.

Only if you flunked Latin. "Virii" is not the plural of "virus" however you slice it--in fact, it's even more complicated than it looks as "virus" is in fact *not* a second-declension noun in spite of the "-us" ending. Stick with "viruses" and you won't look like a moron trying to look sophisticated.

Re:Definately an

[Chris+Mattern]

His point is that instead of using a Latin form that is nonexistent, and wouldn't look like that even if it DID exist, you can use a perfectly good English (as in English, the language you're actually speaking) form that works, is correct, and doesn't make you look like a moron.

Re:Definately an

[Runaway1956]

Try that clamav an Debian, with SEL. It's worked great for a lot of people!!

Re:Definately an

[mewshi_nya]

Thank you!

Re:Definately an

[IMightB]

How do you know that it didn't go through some sort of QA? I can think of many reasons why QA potentially didn't catch it.

Re:Definately an

[hairyfeet]

Try Comodo. Free for personal, decent business and server rates, catches everything my customers can throw at it (and I get some stuuupid click happy customers, so that is high praise) and is solid as a rock. Most importantly I have been running it along with my clients and have never had one of these McAffe/Norton style stupid moments.

And if you add Comodo Time Machine to the equation you won't ever have to worry about one of these "borked beyond booting" moments, as even when Windows won't boot Time Machine gives you an easy to use GUI that makes it butt simple to restore the machine back to a working state. The only catch I've found with Time Machine is it doesn't like dual boot XP/7 machines, due to Windows 7 changing drive letters, but even then it won't cause any problems it just refuses to install.

So give them a try. It has certainly made this old repair guy's life a hell of a lot easier.

Re:Definately an

[lgw]

How about software prima donnas that think they are too good to make mistakes and say QA just gets in their way? I would say this is far more likely due to a software guy skirting the checks rather than there be no checks in place for an established company like McAfee

If a developer has the ability to skirt QA checks at all in any way QA is fundamentally broken. Who sets up a dev shop like that? Dev hands code to QA; QA hands code to production.

In any case, the most basic sort of automatic regression testing should have caught this (since it breaks the test machine on install). At any professional shop this would have been bounced on check-in, and never even made it as far as QA. And, again, software prima donna mindset doesn't matter - you check in, the BVT fails, the change is rolled back (or the "line is stopped").

Re:Definately an

[lgw]

The comma-quote thing is a typesetters' style guide thing, not a language thing, really. It "looks better" that way, never mind the content. Charles Dodgson ranted about the practice in the 1800s, so it's hardly a new complaint. I think he has finally won his little war, as quote-comma seems to be taking over, especially online and in technical writing.

Re:Definately an

[hairyfeet]

Oh I'm so gonna get hate for this, but I don't give a shit...Can we PLEASE let this "get a Mac" bullshit DIAF already? Did you not even read his post? Did you not see "Doctors, Nurses, Cops, lawyers" in his post? Why is that important? Simple, ALL of those groups use specialized software that...drum roll....works ONLY on Windows!

So your totally dumbass suggestion should actually read "Buy a bunch of Macs, then pay untold millions to have all these pieces of specialized software rewritten, while hoping you don't step on a patent landmine and spend the next decade in court". Now does THAT sound very appealing to you? Nobody in the corporate world is using Windows because they are Win fanboys, they are using it because they have software they need to run to get the work done that ONLY works on Windows!

So can we please just let this "Switch to Mac/Linux" DIAF already? Don't you think if they could save millions of dollars in license fees without loss of productivity they would do it? Nearly every single business, from the SMBs to the giant supermegacorps, all have software that is "mission critical" that they can't get their work done, and thus get paid without. And that software almost never has anything close on Mac/Linux. Be it billing, report generating, insurance forms filling, bookkeeping, nearly all of it is highly specialized for the job and have NO Mac/FLOSS equivalent.

So saying "Just get a Mac" is about as useful as saying "replace your Internet with Carrier Pigeons" for all the good it does, okay? And sorry if I came off a little ranty, but anyone who has ever worked corporate knows what I'm talking about, yet even though /. is filled with tech heavy admins we still get this naive "just switch" every time there is a problem that effects Windows. If only OSes were so easy to switch, then we'd have real competition and Windows licenses would be dirt cheap. As long as nearly all specialized software only runs on Windows, it just ain't gonna happen.

Re:Definately an

[QuietObserver]

My thoughts exactly. This can only be a failure by QA, who should never have allowed this flaw to make it past the test phase. No QA department should ever let a prima donna dictate code policy.

Re:Definately an

[Smauler]

I succumbed and installed MSE a little while ago after hearing good things about it... it found one virus in a zip file (which I knew was dodgy, and had never run), then proceeded to hose my system on reboot. Repeated BSOD reboot, Vista64. It's the only OS crash I've ever had since running Vista (apart from during installation). I had to do a system restore from a few days prior - worked better than I expected, tbh. I'm not going to touch consumer antivirus ever again on my system.

Re:Definately an

[Khyber]

"How do you know that it didn't go through some sort of QA?"

If it had I wouldn't be repairing 500+ computers that had McAfee installed on them.

There was NO QA in place, as even I would've caught this on a test install and scan.

Re:Definately an

[Khyber]

And I can see who never took Latin in high school.

Bet you still pronounce that "V" as a "V" and not a "W" like a typical moron, too.

Re:Definately an

[adolf]

And my point is this: It's like complaining about folks using "ain't" -- you can bitch all you want, but it does not help to correct the perceived problem. It just makes you look pedantic.

Ain't ya'll got that, yet?

Re:Definately an

[ByteSlicer]

I also stopped using antivirus software years ago. Firefox + NoScript + Adblock + common sense works much better.

I've seen Norton/Symantec installs on friends/relatives' computers that were bogging down the system more than most viruses would. And they still got viruses. Setting them up with Firefox + Avast (free home edition) fixed the performance issues and kept most viruses/malware out.

Re:Definately an

[Lunzo]

Shouldn't you be leading the grammar Nazis, not fighting against them?

Re:Definately an

[pnewhook]

I didn't say the coder dictated QA policy - I said he skirted the rules. Big difference.

Re:Definately an

[pnewhook]

Who sets up a dev shop like that? Dev hands code to QA; QA hands code to production.

Do companies still set up such a 'throw it over the wall' approach? Seems pretty archaic.

Re:Definately an

[lgw]

What about a specific hand-off makes this a "throw it over the wall" approach? For small projects (such as a single bug fix, or presumably virus signature patch) there's some point in time where the Dev lets the appropriate QA guy know "OK, I checked in the fix for XYZ, it's testable now", ususally by an update in the bug tracking system, yes? That doesn't mean the dev and QA guy didn't discuss the bug before or after the check-in, but you need some sort of signal to QA that the dev thinks he fixed XYZ.

Re:Definately an

[smash]

It requires an engineer to fuck up, AND the QA process to be completely inadequate. XP SP3 is not an uncommon platform for their AV product to run on. To diagnose one of the core OS files as "virus" on that platform, and actually push out the definition file live shows a complete lack of adequate QA.

Re:Definately an

[BikeHelmet]

Yep, way better than Sony's response to bricking operating systems.

McAffee will probably only have a small percentage of their customer base take them up on the offer - but costs could be as high as $150 for every customer that does.

Re:Definately an

[smash]

Rather, its a case of the process security being woefully inadequate. It should not be POSSIBLE for a dev to release something like this live without it being signed off by QA before release as certified compatible with all of the product's supported platforms. Either the QA was never performed (company policy failure - the dev has too much access to enable him to roll the def out without passing QA) OR the QA person signed off on the definition without doing their job and needs to be fired.

This is going to cost McAfee a shitload.

Re:Definately an

[smash]

It should not be possible for the coder to skirt QA. He should not have the security access to push the change out to production.

Re:Definately an

[smash]

Excuse me if I fail to take software advice from some noob who isn't capable of getting media files off a hosed XP box...

Slashdot is also engaged in this

[BadAnalogyGuy]

Replying here in the comments since we all know people don't read the summary, much less the article. :-)

Slashdot is also involved in reimbursing McAfee users who have fallen victim to this problem.

Please contact pater@slashdot.org or krow@slashdot.org if you have been inconvenienced by this patch update bug.

Your help is greatly appreciated.

Re:Slashdot is also engaged in this

Who do we contact if we've fallen victim to stupid slashdot comments, bad analogies, or goatse?

Re:Slashdot is also engaged in this

[g0bshiTe]

Anyone on /. with the words Analogy or Goatse in their names I suppose.

Re:Slashdot is also engaged in this

[lennier1]

When in doubt ask the cowboy.

$50! DENIED!

Let the billing and accounts recieveable fuckery begin!
Mc's legal department and accounts are going to be looking for ANY reason to tell claimants to go play "Hide and go fuck yourself with that invoice."

Re:$50! DENIED!

Let the billing and accounts recieveable fuckery begin!
Mc's legal department and accounts are going to be looking for ANY reason to tell claimants to go play "Hide and go fuck yourself with that invoice."

They just need to hire a few health insurance industry folks as consultants. Their payout would be minimal.

Re:$50! DENIED!

[jgagnon]

Just wait... they will deny someone the price of one of their competitors' products and it will go public.

Bad times ahead for McAfee, for sure.

Reasonable cost?

[areusche]

I'm pretty sure that reimburshing my IT department's lost money and time is pretty reasonable considering I spent two days walking to every computer on the campus.

Re:Reasonable cost?

[LWATCDR]

maybe you should put a Linux partition on all of the boxes with some remote access software?
Not actually trying to be a smart ass but if you could do that then it might have been possible to fix the issue remotely.
I am not sure since my office has a small network and we didn't have the problem. I would think that it should be possible to replace the missing file and disable the anti virus or maybe replace the definitions file remotely. Most modern Linux distros can mount NTFS partitions.

Of course right now the idea of light clients and Windows terminal services probably doesn't sound so bad!

Re:Reasonable cost?

They will most certainly not pay for in-house repairs and not for lost time or profit either. How long does it take a professional service technician to apply the automated fix to a PC and how much does that cost?

Re:Reasonable cost?

[PIBM]

Did you not so read the summary to miss the 'home or home office' part ?

Re:Reasonable cost?

[Richard_at_work]

Should McAfee really be on the hook for your departments poor IT practices? Every one of those computers should have been remotely re-imaged, and as all campus data was kept on centralised servers then you should have lost no data, your job should have consisted of queuing systems for re-imaging, not much more.

People are railing McAfee here for poor QA, and they rightly should - but you have just demonstrated your own poor QA. Who in their right mind releases a patch to their entire install base at once? Release it to 10 computers and monitor for a couple of days. Then released it to 50 more and continue monitoring. Keep including groups until all computers have been covered without issue. How hard is that?

Re:Reasonable cost?

[nurb432]

That's why Intel made Vpro.

Re:Reasonable cost?

[LWATCDR]

If you have a box running so you can use the VPro client software.
Actually VPro looks very cool. The question is how do you get it? Seems like it must be built into the system at the motherboard or bios level.

Re:Reasonable cost?

[rabbit994]

Completely impossible. Many AV vendors are now updating 2 or 3 times a day. Heck, Microsoft free AV gets updated daily and sometimes twice daily. Unless you skipped updates and only deployed every Monday update, you could possibly test but you would need a dedicated team to testing. What happens if some Javascript virus came out on Tuesday? Are you going to leave your users unprotected till next week? AV is unfortunately a system where sometimes you do have to pray and update. We do that at our job since we are media company, we have very liberal web filter and sometimes our users get infected even with auto updating. I'd be scared to see the damage if we didn't update as soon as Symantec update was released. BTW, Symantec sucks as bad as McAfee but suits pushed it on us.

Re:Reasonable cost?

[Richard_at_work]

Bollocks is it impossible, you just don't want to do it. The entire point of a progressive rollout is that it limits damage done to a small group that increases in size the more you trust the patch.

Re:Reasonable cost?

[areusche]

Should McAfee really be on the hook for your departments poor IT practices? Every one of those computers should have been remotely re-imaged, and as all campus data was kept on centralized servers then you should have lost no data, your job should have consisted of queuing systems for re-imaging, not much more. People are railing McAfee here for poor QA, and they rightly should - but you have just demonstrated your own poor QA. Who in their right mind releases a patch to their entire install base at once? Release it to 10 computers and monitor for a couple of days. Then released it to 50 more and continue monitoring. Keep including groups until all computers have been covered without issue. How hard is that?

You're right, however what we as IT professionals know generally does not follow what users and management want.

I agree, do a remote wipe and restore but are you about to run the risk of having some buffoon somewhere screaming because he never saved any of his documents to the network share?

If I was ruler of this castle I would be more than happy to clean out all of the old crap, switch to linux, and run any windows related junk through a VM. However life isn't that great. Management wins again. So yes McAfee should be held to some standards because of their mistake.

Re:Reasonable cost?

[LWATCDR]

Okay I work at a small firm so we don't have the problems or the tools to deal with the problems that you would have dealing with a thousand PCs. But how do you just reimage a PC remotely when the OS will not even boot?
I can only assume that you can buy PCs that have some advanced management tools built into the BIOS.
"and as all campus data was kept on centralized servers then you should have lost no data,"
That would be nice and ideal but how hard is it to enforce in practice? I would think enforcing strict policies like that on a university campus would be like herding cats. Yes for the Administration system it should be a piece of cake but what about systems in research labs?

Even with all of your suggestions sort of the testing of the antivirus update this is still a nightmare. I mean even in a small hospital you could be dealing with hundreds or thousands of systems that you would have to get back up and running.
While testing updates really should be a matter of course I am not sure that many people do that with antivirus signature files.

What I still don't get is this.
Why is it so easy to modify a critical OS system file! I mean really shouldn't it be just about impossible for any program to delete or modify system files? If we could fix that little issue it would do wonders for the security of most PCs.

Re:Reasonable cost?

It is impossible. There are multiple updates per day. In a large organisation pushing an update takes a few hours at least to reach all computers.

When the first "infected" computers are called in, the update is already two updates along.

I think you've never working in a large shop, and you certainly have never worked in software testing or QA.

Re:Reasonable cost?

[eth1]

I would think enforcing strict policies like that on a university campus would be like herding cats. Yes for the Administration system it should be a piece of cake but what about systems in research labs?

Sometimes it's best to let the cats herd themselves.

I used to support a school full computers a few years ago. While a much smaller environment than a Uni, the faculty still talk to each other. One of the first things I did was set up imaging and easy network storage for the faculty. At first it was like herding cats - impossible to get them to take the time to make sure their important stuff was on the network storage. It took only two HD failures to change everyone's behavior. The first one, the teacher *wasn't* storing stuff on the network, and of course her tales of woe spread far and wide. I just made sure everyone knew why everything was lost.

The second, the teacher *was* storing everything on her network drive, and when her HD failed, she was up and running by her next break, with everything intact, and she spread her tales of joy far and wide. I just had to put in a little extra effort so that everyone knew why it was so easy. Mysteriously, everyone was suddenly making sure all of their important stuff ended up on their network drive.

Re:Reasonable cost?

Okay I work at a small firm so we don't have the problems or the tools to deal with the problems that you would have dealing with a thousand PCs. But how do you just reimage a PC remotely when the OS will not even boot?
I can only assume that you can buy PCs that have some advanced management tools built into the BIOS.

Just buy a secondhand server with SATA RAID controller and gigabit network interface. Buy big SATA disks. Install linux and FOG (both free as beer) on server, set workstations to boot from LAN. Register workstations to FOG server and at the same time make compressed base image of every workstation. Relax. If workstation crashes, open up a FOG web console, select re-image and ask user to push the power button until comp shuts down and then again until it wakes up. Go have a beer.

If you don't have centralized server as storage, you can partition workstation HD to two and force windows use drive D as home folder.

Re:Reasonable cost?

[jimicus]

Okay I work at a small firm so we don't have the problems or the tools to deal with the problems that you would have dealing with a thousand PCs. But how do you just reimage a PC remotely when the OS will not even boot?

Well, even if you don't have PCs with remote management (which adds a fair bit to the cost), you can configure them to boot from the LAN first.

All you do then is set up your imaging system to reimage all the impacted PCs. Seeing as they're stuck in a reboot loop (that's what this update did), shouldn't take too long for them to get a new image.

Re:Reasonable cost?

[thsths]

> Actually VPro looks very cool. The question is how do you get it? Seems like it must be built into the system at the motherboard or bios level.

Yes, it is just like any other feature: you buy a PC that has it. My office PC for example has Intel AMT (nearly the same thing), but they wont tell me the password.

Re:Reasonable cost?

[LWATCDR]

I work at a small development firm so 90% of the people at the firm are techs so we need very little in management.
My question is if it goes to boot from network first doesn't that take a while to time out and got into a regular boot?
Just wondering how much time that adds to the initial boot.
Over all I can see how this is really a life saver for a firm in this situation.
The fun of pushing 1000 images over the network is just too much for me to even think about but I can see the value.

Re:Reasonable cost?

[jimicus]

Depends on the remote imaging software - some integrates with your existing infrastructure.

Not that it matters much - IME a lot of people don't bother switching their PC off overnight anyway. I would seriously consider it - it's just a shame there's no standard way of reconfiguring boot options once the PC has booted.

Re:Reasonable cost?

I think you've never working in a large shop, and you certainly have never worked in software testing or QA.

Hmm, first rule of our QA policy is that everything goes through QA, no exceptions. If the thing can work in production, it had damned well be able to work in QA.

Re:Reasonable cost?

[rkfoote]

And Intel put out a fix for this exact issue the next day (it's a bootable ISO that can be run using vPro.. If you don't have vPro you can still just burn the CD and boot it).
Here is the link: http://communities.intel.com/docs/DOC-5029

Re:Reasonable cost?

[LWATCDR]

We like to shut down our PCs at night to save power which it will do even with modern power management.
Also I find Windows boxes tend to slow down the longer they go between reboots. Funny thing is that my windows box doesn't tend to do that.
It is an interesting option even then. It wouldn't be all that hard to reconfigure each machine to reboot from the network just in case.
What we tend to do is keep a Linux CD and or Flash drive handy just in case.
That allows us to boot into Linux and access the HD from Linux to fix corrupt files and such.
We actually average less than three "infections" a year at our office.
For the most part we lock down the support staffs web access, we use a Linux based firewall, we have a virus scanner on our email server, and we do not allow any executables as email attachments.
That combined with a fairly tech savy user base means that we do not have anywhere near the infection rate that other offices our size have.

Re:Reasonable cost?

[jimicus]

What we tend to do is keep a Linux CD and or Flash drive handy just in case.
That allows us to boot into Linux and access the HD from Linux to fix corrupt files and such.

I took this one step further - I have booting from LAN set up to give me a menu offering to reinstall Windows, install any of a number of Linux distributions, boot an Ubuntu live CD and a number of tools (most usefully DBAN). The potentially-damaging options are password protected to protect people from themselves. Seems silly to mess around with trying to find a blank CD, burn it, then forget all about it so have to do the same again when I've got a dirty great fileserver at my fingertips.

My next step is going to be enhance this so I can have a PC with a specific MAC address rebuild Windows. This isn't difficult per se but IME most of the commercial tools which do these things assume that you don't have much of an existing infrastructure to do this, so I either need to roll my own (should be easy enough considering what I've already got) or work around this limitation.

Re:Reasonable cost?

Seems like you should have killed two drives right off the bat, and saved everyone some anguish. :)

Re:Reasonable cost?

[NoModPoints]

Make sure there is a linux live-cd inside the case, securely fastened and protected from dust (like in an envelope, with the envelope glued down). Include a piece of paper with instructions on how to make the computer boot from CD. Have the initialisation script on said CD start up a remote-management client.

Re:Reasonable cost?

[Richard_at_work]

As we have seen with this incident, you cannot trust any patch you distribute - yes it is a trade off, but a virus infection is not going to happen en mass while a duff OS or anti-virus patch can certainly take out a significant proportion of your install base in a single swipe. Which would you rather? Seriously? I'd rather progressively roll out the patch, reducing the possible vulnerable surface area as I went, than instantly wipe out my install base.

So I stand by my original statement - its not impossible, you just don't want to do it.

And to the people that marked me flamebait or troll, I don't think you have ever been responsible for more than your grandmothers computer - my strategy works, I know since I worked by it when I was a sysadmin (up until August last year). You never, *ever* make a change to the entire install base in one sweep, regardless of the reason. Progressive roll out is king.

Re:Reasonable cost?

[Richard_at_work]

As already noted, LAN boot is one option, but if you go with tools like Symantec Ghost (or one of the free options, I haven't checked those out in the past 2 years), you have the option of installing a pre-boot environment for Ghost which the computer will boot into first, check to see if there are any imaging tasks to do (and you have the option with Ghost of preserving users data on the currently installed image, and migrating it to the fresh image) and either do them or boot into the day-to-day OS. Works a treat when you have it set up correctly.

Reimburse?

[WrongSizeGlass]

Reimburse them ... or ... maybe what they should do is give the "victims" extended subscriptions instead ... that's probably exactly what they want ;-)

Re:Reimburse?

[Pharmboy]

Exactly what I was thinking, that they would give you "free" extended coverage for the "life of the machine", which of course, is -3 days since they killed them.

2 year extension?

[topham]

A 2 year extension? What, so they can have 730 more days to do it again?

Re:2 year extension?

[timeOday]

I actually think they deserve some credit for this. It will cost them a fortune. Better that they hadn't made the mistake in the first place, but then again, these things happen occasionally and cases of software companies paying for damages caused by their bugs are extremely rare.

Re:2 year extension?

cases of software companies paying for damages caused by their bugs are extremely rare.

Because none of them could afford that. If McAfee would pay for the hours spent by IT techs, lost productivity due to unavailable IT systems, etc. they'd probably be bankrupt several times over. Due to that I cannot believe there won't be a massive caveat to "reasonable expenses".

Re:2 year extension?

[The+MAZZTer]

This reminds me of the story where my grandpa chipped a tooth eating some peanut brittle or something. My grandma sent the company that made it a nasty letter and they returned an apology and another box of peanut brittle. My grandpa chipped another tooth on the first bite.

Re:2 year extension?

Let's see. They're covering "reasonable expenses" related to repair only. There's your caveat. Figure one lowly technician can manually fix 10 computers per hour at $20/hr. A large company with 10,000 affected computers would be compensated a measly $20k.

Re:2 year extension?

..and what about the 1,000 hours the users of those systems were unable to work?

In my experience (at a fairly large company) pretty much everyone was unable to work for most of the day while IT scratched their heads.

Re:2 year extension?

Looks like you forgot about February 29, 2012.

Re:2 year extension?

[plague3106]

How is it the company's fault that your grandfather has exceedingly weak teeth? If lots of people were chipping their teeth on it, that'd be one thing, but some old guy who's dental hygene may be a factor?

Re:2 year extension?

[mzs]

They do deserve some credit. It will also be an example in the future when those higher-up than me make a statement like, "Why should we use this open source thing, who will pay when they mess-up?" I'll just be holding my head in my hands again then I guess because this plus support are the two biggest bullet points that kill open source year after year on projects.

Re:2 year extension?

731 days. February 2012 has 29 days :D

Re:2 year extension?

[AmberBlackCat]

They should be required to offer the cash value of the 2-year extension as an alternative.

Not gonna be enough..

[Hebbinator]

I don't see how this even begins to approach the amount they are in for.. they are going about it the wrong way. In signing up to pay home/ home office users, they are automatically assuming guilt for themselves (as if anyone wasn't sure that they were guilty in the first place?)

First off, they are starting with home / home office users. This population will incur the highest cost per computer to fix - i.e. instead of paying 1 IT guy 30/hr to fix a bunch of computers in one place, this is one-at-a-time visits to Geek Squad (ugh) or whatever which will run 50+ per computer..

This is just opening the door for future corporate lawsuits - i.e. "Clearly they have said that they were the cause of this issue and are willing to refund some of their users to the tune of X for just ONE computer. My company lost 1000 computers, I want 1000x dollars, plus lost productivity."

Re:Not gonna be enough..

Or in the case of a company such as Intel: "My company lost 200,000 computers, I want 200,000 * dollars plus lost productivity". Maybe instead this will cause companies to realize that most anti-virus software cost more in terms of productivity and resources than any virus would in the long term. They should self insure instead of paying for poor coverage.

Re:Not gonna be enough..

[L4t3r4lu5]

I always thought McAfee was included with shitty software bundles because it wasn't used on corporate networks.

Do yourselves a favour and switch to ESET Smart Security.

Re:Not gonna be enough..

Wrong. Read their EULA. "Hold harmless".

Re:Not gonna be enough..

[Kjella]

Good luck on that, it's not unusual for consumers to have completely different rights than corporations. Nor is it illegal for corporations to be nicer than they legally can be. Stuff like you describe is the reason why you ALL get shitty service in the US, because if one knowledgeable guy answers a question outside the script he'll call back more and demand that service or cry foul and sue or the next person who gets an average drone will cry foul and sue for discrimination or whatnot absurd reason. It's very hard to provide equally good service but real easy to offer equally shitty service.

Re:Not gonna be enough..

[omni123]

I always thought McAfee was included with shitty software bundles because it wasn't used on corporate networks. Do yourselves a favour and switch to ESET Smart Security.

Unfortunately that's not the case--the organisation I work for (40,000+) uses McAfee on all desktop machines and coincidentally runs XPSP3. The flipside is that nobody was bored enough to install an update straight out of release and it usually takes a month or two turn around unless it's urgent or specific. In the corporate world ESET is simply too new a product (comparatively speaking, the old school preference etc).

Re:Not gonna be enough..

Problem is, AV software being reactionary in design, it is usually the newest threats that are spreading the most, and are the ones you want to detect, which is why frequent signature updating is required to try and stay on top of it. This is at odds with normal IT practices which is for slow roll out of updates (to allow for testing, etc). Microsoft has "Patch Tuesday" for this reason.

Re:Not gonna be enough..

[JamesP]

First off, they are starting with home / home office users. This population will incur the highest cost per computer to fix - i.e. instead of paying 1 IT guy 30/hr to fix a bunch of computers in one place, this is one-at-a-time visits to Geek Squad (ugh) or whatever which will run 50+ per computer..

This is just opening the door for future corporate lawsuits - i.e. "Clearly they have said that they were the cause of this issue and are willing to refund some of their users to the tune of X for just ONE computer. My company lost 1000 computers, I want 1000x dollars, plus lost productivity."

Well, tough...

Don't wanna play the game, go home.

Kudos for them actually, for saying 'it's my fault'

Re:Not gonna be enough..

i.e. instead of paying 1 IT guy 30/hr to fix a bunch of computers in one place, this is one-at-a-time visits to Geek Squad (ugh) or whatever which will run 50+ per computer..

Damn, those Geek Squad guys are making off like bandits. I'm in a small shop and we're charging $20 for a no-warranty run-the-McAfee-fix bench repair.

Re:Not gonna be enough..

[blair1q]

"I don't see how this even begins to approach the amount they are in for.."

It doesn't.

They are offering something that costs them nearly $0, in compensation for large-cost effort repairing machines broken by rogue software, which is precisely they were originally paid large-cost actual $$ to prevent.

Not getting more revenue is not at all the same thing as "paying for repairs". In "paying for repairs", they would transfer $ to the affected parties, and those parties could still buy a competing product and be even in $ terms for those two years.

Re:If ever there was justification to Pirate McAfe

[LinuxIsGarbage]

Currently they are extending subscriptions by two years. Enough to prevent any successful bid by IT personnel to get higherups to approve a switch. Now whether they will cover the actual cost of lost productivity, not just of IT staff but by the company as a whole.

Re:If ever there was justification to Pirate McAfe

[The+MAZZTer]

Why would you willingly use McAfee in any way after this? Why not just go with AVG or Avast or MSE?

I was thinking this would be a boon for me...

[chaffed]

I was thinking this would be a boon for me. I do in home and business support in my off hours, good spending money. However, due to my issues with McAfee, none of my regular clients use McAfee AV products.

So, if I had recommended McAfee to my clients, I would be a rich person now. Damn, doing the right things doesn't make as much money!

Re:I was thinking this would be a boon for me...

[King_TJ]

Heh.... Doing the right thing almost always *ensures* you'll make less money -- at least in the world of computing.

I do on-site service too, and honestly, that's one reason I charge higher hourly rates than some of my competition. I've seen, first-hand, the way they leave a PC after they're supposedly done "cleaning up a spyware infection". Typically, they run a couple of their favorite programs on it, letting them run through and remove whatever they find, and they declare it "clean" - charging their fee and leaving.

I actually take the time out to test a system after I clean a virus/spyware issue, and if I see any evidence that, say, pop-up windows are still occasionally coming up in Internet Explorer, or error boxes are displaying from files that got deleted but not removed from the registry entries referencing them? I go back in and fix all of that. If I can't get it to where I'm satisfied it's 100% back to normal, I sometimes back up all their documents, bookmarks/favorites, Outlook email store, autocomplete files, photos, music, and whatever else - wipe the drive, and rebuild the whole machine.

Honestly, that stuff takes many HOURS to do right, and I can't really bill a person for all of the time that takes - so I just "cap" things at that point with what I think is a fair price, and "eat" the rest of it.

If I was less honest, I'd do what the other guys do and just do a quick, easy automated "once over" of things, take my money and run. Chances are good they'll call back and pay a second or third time to go back and mess with the remaining junk that was left behind anyway. And if not, at least I wasn't stuck putting in hours of unpaid work to do the job right....

But I dunno.... there's still something satisfying about knowing you did a job the best you could -- even if it usually goes relatively unappreciated.

Re:I was thinking this would be a boon for me...

How the fuck do you make money? Is your time really that worthless?

Give them the option. Quick scan with potential for missed files. Or they can choose a full system backup/format/os reinstall right off the bat.

Tell them the first option takes 30 minutes and may be all they need but may end up being not enough. Tell them the second option takes 3 hours but guarantees full removal.

And use malwarebytes anti-malware if they choose the first option. 95% of the time, it kills everything and the only thing left not-working is some BS ie proxy setting that you need to remove manually in the options dialog.

Kudos to you being "honest", but I think you're selling yourself (and your time) quite short with your strategy. AND people will come to expect it (see the post above) in the future.

I don't do what you do, I do what I just described when facing a malware mess. My customers have always been satisfied, and no one is getting screwed or lied to. And they get charged a 1 hour minimum for onsite visits. Make them bring the fucker to you.

Re:I was thinking this would be a boon for me...

[bootup]

I stopped doing the virus removals all together. I just wipe and reload every time now. 99% of the time if you scratch the virus removals you save everybody money because most of the time you end up failing to remove the virus. Even if you don't the machine isn't going to be 'like new' when you are done. I only want my customers to have a 'like new' computer when I am done. I NEVER want to have to come back. I don't feel right about charging someone twice. Even if it isn't really my fault. Even though I'm warning them... I do basically the same thing though as you. I ask them questions about how they use the computer, "do they you have the disks that came with it?", etc. and "then reason I ask is because there are different ways to resolve the problem and the one I usually recommend is wiping and reloading" . "It's quick, easy, and you end up with a system that is like new. If your system is slow now, it'll be as fast as it was when it was new when were done-or almost probably (as long as you have enough ram /w sp3 / etc av updates), and other problems that you might experience that are artefacts you might still experience from even a successful virus removal won't be present". The thing is though- I usually charge almost as much as the rip off scam artist places like like best buy. Although not the on-site pricing just the 'in-store' pricing. So it is a premium service in that respect at a really good deal considering what they are getting.

Corporate customers?

[lamfear]

What about their corporate customers?

Sounds like a similiar problem microsoft (hotfix)

[irreverant]

Strange - just a week or so ago, I recall reading a similar incident with Microsoft. I wonder if these companies don't share information, perhaps they should and things like this could be minimized. Maybe it happened this time to the same people that had the issue when Microsoft released it's patch.

What do you charge?

[HockeyPuck]

Since this has come out I've decided to charge my family and friends $1000/computer, which they can pay to me upon being reimbursed by McAfee.

Re:What do you charge?

[Actually,+I+do+RTFA]

Since this has come out I've decided to charge my family and friends $1000/computer, which they can pay to me upon being reimbursed by McAfee.

It's exactly because of this, and the "My P3 got fired, so I replaced it with a 16-core uberputer" that McAfee had to specify "reasonable".

Fix it yourself?

[Eggbloke]

I know not everyone knows as much about computers as the average slashdot reader but it's pretty simple to boot into safe mode and kill McAfee (although it takes a lot to completely remove it, it's basically malware)

Re:Fix it yourself?

[frith01]

You seem to under-estimate the scope of the problem caused by the definition update. The system REMOVED the svchost.exe file from the working system, which basically leaves you in an un-privileged state as an account user, and unable to access the network or any privileged program.

As such, the installer program wont run, so you CANNOT just un-install, even in safe mode.

Having said that, the time it takes to fix a system is an insignificant part of the actual cost to the corporation affected. ( We were down for 6 hours or so, until we found the correct cleanup procedure. )

Re:Fix it yourself?

My work computer was hit last week. Funny actually, because Windows still ran decently enough for me not to notice the extent of the problem immediately after my next-morning boot. First symptom was no sound although the hardware was detected and installed properly. Firefox kind of worked, although it took quite a long time to start. Only then I noticed that I couldn't drag'n'drop icons anymore, as well as other strange glitches in Windows Explorer which made me understand that something had gone really, really wrong. Then I remembered about the previous day's strange Viruscan alert on svchost.exe...

Fixing it wasn't too hard, however, as I have administrator access to my machine. All I had to do was to prevent Viruscan from examining .exe files in order to be able to grab a copy of svchost from a sane computer running XP SP3. Everything back to normal after reboot. I wonder how much repair shops will charge for it, though...

Re:Sounds like a similiar problem microsoft (hotfi

[shutdown+-p+now]

You must be remembering about the case where Windows Update would kill the system by updating some files, if some other files were infected by a virus (basically the virus relied on very specific features of certain versions of system libraries).

Offtopic

[Artem+S.+Tashkinov]

AV industry is just one big fuck up.
Instead of building a true behaviour based, sandbox'y style AV solutions, they peddle their ugly products and never exchange their virus signatures leading to a situation when no AV can detect all existing viruses, and no AV is even remotely future-proof in defeating unknown malware types.
And let this McAffee debacle become the next little step in embracing of open source OS'es by the corporate world.

Re:Offtopic

FWIW, I knew an engineer working for McAfee in the early 90s (IIRC, was at least mid 90s) who had developed a virus detection system closely related to a sandbox / virtualization approach - it would detect malware based on what it did in a sandbox copy of the OS. According to him, it worked great, but after much internal high level debate the project was killed, as there was no business case for a virus scanner that didn't need high frequency updates (and the associated subscription fees.) He believed a set of patents were filed to lock up the concept, but I've never looked for such...

Re:Offtopic

[xtracto]

That would work wonders as an open-source project. Unfortunately Open Source is also not known for such type of innovation.

Re:Offtopic

Heh, the *ONLY* way you can be safe on Linux is if you use white-listed software (i.e. repositories). If you go ahead and download random shit/"warez"/"crackz", no OS is going to save you. Pretty much the same on Windows. Ofcource the average desktop linux distro's (e.g. ubuntu) security is much more brittle than the robust object/token model of NT. I have no idea why they continue to copy the horribly outdated and outclassed rwx permission model that was a terrible design to begin with. Too bad..

I wonder....

[fuzzyfuzzyfungus]

What, if any, level of incompetence would (legally) be "indistinguishable from malice"...

Obviously, by installing an AV product, you indicate a desire for it to perform certain operations on your system, and an acceptance of the fact that it will probably tank your I/O performance and so forth. And, in general, courts have generally accepted the notion that vendors are nominally, at best, liable for buggy software.

In this case, albeit unintentionally, McAfee ended up committing several hundred thousand hack attacks. Disabling thousands of computers, including plenty that would fall under the CFA's definition of "protected computers".

Thought experiment: If some punk kid had accidentally disabled some hundreds of thousands of computers(along the lines of that old accidental self-replicator worm, or something), what parts of the book would they be throwing at him right now? Are McAfee's actions just a desperate attempt to keep some of their burned customers, or do they fear something more serious here?

Re:I wonder....

[Ogive17]

Thought experiment: If some punk kid had accidentally disabled some hundreds of thousands of computers(along the lines of that old accidental self-replicator worm, or something), what parts of the book would they be throwing at him right now? Are McAfee's actions just a desperate attempt to keep some of their burned customers, or do they fear something more serious here?

I'm guessing he'd have to pay some form of restitution, just like what McAfee is doing.

Re:I wonder....

[GrumblyStuff]

Make it a nifty screensaver with kittens and puppies and all that sort of crap so that people install it willingly. Tack on a standard disclaimer absolving the programmer of all responsibility to whatever happens to your computer.

In my opinion...

[Antony-Kyre]

reasonable expenses shouldn't exceed the average cost that a data recovery business would charge. And it would be simple enough to see that the drive is okay, that all you need is to fix the missing files in question. If I had to guess, I'd say $99 max comes to mind.

I say the simplest option would be to provide some free service. Maybe a couple year's worth. This way they wouldn't have to write out a check to everyone. I'm not saying this isn't a bad thing that happened, but I'm just thinking of easy solutions for both sides. (Thankfully, I don't use McAfee.)

Re:In my opinion...

Obviously, "reasonable expenses" (for consumers, not the big boys) come out to roughly a dollar off their next month's subscription, in McAffee dollars that can't be used to pay the repair guy. Or better yet, buy three months and get the fourth one half off!

I will believe it when I see it.

[khasim]

Maybe it will cost them a fortune. Or maybe they'll make everyone trying to file a claim jump through unreasonable hoops and end up paying almost nothing.

Extending a license for 2 years costs them NOTHING if the customer would have left.

And that's just for home users. There's still no word on other users (like school districts).

"Patch Fiasco"

[RevWaldo]

"Ladies and gentlemen, coming to to you all the way from Seattle, Washington, the one, the only - Patch Fiasco!"

or perhaps...

(Twelve bad guys lie dead or mortally wounded on the street, surrounded by astonished and bewildered townsfolk. One speaks up.)
- Who are you?
(the man lights a cigarette, drags it in and exhales, then adjust the brim of his hat.)
- My name... is Patch Fiasco. (turns around and starts walking away. music: mournful slide guitar)

Re:"Patch Fiasco"

[Chris+Mattern]

"Dr. Patch Fiasco?"

"Yeah, they started calling him that after he tried to cure his last cancer patient with the power of laughter. Turned out chemotherapy would've been a better choice."

Re:"Patch Fiasco"

or perhaps it's "Patch" Fiasco, the well-meaning but blundering surgeon whose heartwarming attempts to provide free medical care for the poor leads to a mass butchery the likes of which the world has never seen.

ObAutomotiveAnalogy

[Rogerborg]

At this point, an offer to pay "reasonable" expenses is about as generous as Ford apologizing for selling a car airbag that deploys as soon as you sit in the seat. Plus, it's covered in broken glass and rusty nails. Also, lemon juice.

It's nice that they're taking responsibility and all, but a bodyguard who beats up his own client isn't really the sort of person that you give second chances to.

Re:ObAutomotiveAnalogy

Better analogy: The airbag deploys as you're rolling down the highway, causing you to crash. You lose 3 fingers in the accident. Ford at first points out that this didn't happen to 99.5% of their other customers, and downplays the impact of the random air-bag deployment as "moderate to significant." Later, they apologize and offer to cover your "reasonable" towing and automobile repair expenses.

Solution to it all!

[Alexvthooft]

use Mac

Re:Solution to it all!

[Alexvthooft]

Not meant as such, quite new to slashdot. Just meant it as a joke!

Reasonable expenses.

[MindlessAutomata]

Come on guys, I hate McAfee as much as you do but "reasonable expenses" makes perfect sense and it's not something you can easily quantify everywhere... but we all know how ridiculous some potential charges are or how some stupid customers are. I can see some stupid, stupid people thinking they need to go out and buy a new 500 dollar computer to fix this problem.

Re:Reasonable expenses.

[slimjim8094]

I can see some stupid, stupid people thinking they need to go out and buy a new 500 dollar computer to fix this problem.

Replace "some stupid, stupid" with "a lot". There's a depressingly tremendous percentage of people who are convinced that the fix for a computer that's gotten slower over 2 years is a new computer. These are people with C2Ds with 2GB ram and 500GB hard drives.

Most people don't get the distinction between hardware and software. Most think that when the OS gets bogged down with craptons of spyware, the computer simply needs replacing; they just wear out over a few years. Dell obviously loves this, but it's tremendously wasteful.

By my estimations of my own compute repair, this is about 20% of users. Probably more - since the problem is that they don't call when the computer slows down, I wouldn't hear about it.

Incidentally, this is why Apple's doing so well. They want their computer to work like a microwave or TV - works indefinitely until it becomes inadequate for your needs, or breaks. Apple is perfectly happy to sell them something that works like that, and that's what us geeks don't understand.

Re:Reasonable expenses.

[barzok]

Incidentally, this is why Apple's doing so well. They want their computer to work like a microwave or TV - works indefinitely until it becomes inadequate for your needs, or breaks. Apple is perfectly happy to sell them something that works like that, and that's what us geeks don't understand.

I am a geek, and that is exactly what I want. I want to buy my computer and have it Just Work until it can't do what I need it to do anymore, then it'll be passed on to someone else with lesser computing demands or put into different service which suits its capabilities.

I know that when I buy a dSLR, my nearly 3 year old MacBook isn't going to cut it for very long, and I'll replace it because, well, what else can you do with a laptop when you've already maxed out the RAM but overall the computer isn't adequate for your needs?

So what am I missing?

Re:Reasonable expenses.

[slimjim8094]

The clear implication was "geeks who bitch out Apple for making an appliance". You clearly don't fall into that camp; neither do I. So one could easily deduce that the comment doesn't apply to the people it doesn't implicate.

It's a Slashdot comment, not a mathematical proof.

Re:Reasonable expenses.

Since geeks tend to be more pedantic than the population at large, perhaps it would behoove you to write "geeks that rag on Apple" rather than implying that all geeks like them.

Why?

[khasim]

If you pirate the software, you get all the downsides and none of the upsides.

You certainly wouldn't be getting any pay-out from McAfee for someone to fix your machine after the "pirated" software crashed it.

Re:Why?

[kalirion]

If you pirate the software, you get all the downsides and none of the upsides.

This is reversed for games, unfortunately.

Linux Anyone ?

[rderoko]

Love the affirmation of my decision to use Linux four years ago !

Ah yes.

[Petersko]

Nothing to say but... my sig.

Microsoft issue

IMO this is Microsoft's issue for not make core files accessible to be attack by any program whether its virus or mcaffe screwing up coding. I mean there is many options of user privlages within windows. Why not just make a "microsoft admin" rights for windows files so this crap stops happening. I don't know programming but think it should be easy enough.

Re:Microsoft issue

[LinuxIsGarbage]

Problem is AV software hooks in at file system / disk driver level.

Re:Microsoft issue

The problem is that other software vendors would bitch because they can't install components with the same privilege level as Microsoft, and that Microsoft is leveraging their monopoly somehow. Look at the bitching from Google over not being able to add stuff into Windows Search.

Easy to Fix

[MrTripps]

This problem is easy to fix now. Reboot into safe mode. Run two files (5959xdat.exe and SDAT5958_EM.exe). Reboot back into regular mode. Now if you have to go around to hundreds or thousands of machines to do that (like we did) it gets a little tiresome. I wouldn't be surprised if they get a class action attempt out of this, but the EULA will keep them safe.

The cure is much worse than the disease

[aarner]

Why the penny-pinching misers of corporate America haven't gotten wise to the incredible scam that's been perpetrated on them in the form of Anti-Virus software still amazes me. It would be easy to assume that there are kickbacks from Symantec/McAffee to the big corporate subscribers, or some other conspiracy. But then I'm reminded to not ascribe to malice that which stupidity explains. If my last three employers are representative, then the average Fortune 500 company has about 10 FTE positions tasked with ongoing maintenance and support of their A/V infrastructure. Then factor in the millions in licensing costs. The bandwidth to push out terabytes of signature updates monthly or weekly. The 30% performance hit off the top of every PC in the enterprise that on-access and resident scanning imposes. The lost productivity that wasted performance leads to. The soft costs in terms of user confusion caused by false positives, system crashes, application/utility conflicts with the A/V, etc.

And then realize that the punchline to this sick joke is that the stupid thing doesn't even work!

If I gave any reasonably competent Wintel PC/Software technician that list of symptoms above, and asked for a list of possible causes, near the top of everyone's like would be "malware infection" Contrast the potential problems caused by a malware infection in comparison to the guarantee that the issues above will affect a PC "infected" with one of these massively bloated A/V solutions.

Anti-Virus solutions are based on blacklists. Blacklists don't work. Anti-Virus programs cause the machine to exhibit the exact symptoms they were designed to prevent. It's cutting off your arm because of a hangnail. I'm sure someone more clever than I can come up with a car analogy. The medicine is worse than the disease.

One good thing about A/V software - since I started sharing the above rant with family members, especially the in-laws, the requests for tech support from me have gone way way down. I think that my anti-A/V views have gotten me labeled as some kind of tinfoil-hat-wearing nut who shouldn't be allowed anywhere near their computers.

Re:The cure is much worse than the disease

[Voyager529]

There is a distinct other side to what you're talking about. First off, your entire rant appears to reference Symantec and McAffee. Reading it through that lens, I can completely agree, especially the consumer versions of each. Sometimes I've wondered if Vista, Norton 360, McAffee Internet Security, and Crysis were all in some kind of crazed competition to see which could slow down a user's machine the most. Like you and presumably a sizeable number of other Slashdotters, I've walked into a person's obviously-infected machine that Norton/McAffee have given a clean bill of health. They both nag incessantly about how it's protecting your machine or how you only have 216 days left in your subscription and should renew now. At the risk of being told to speak for myself, I'll wager that you'll find Symantec/McAffee apologists in VERY short supply around here in that regard.

I personally have been very impressed with NOD32. The still-available-around-the-internet-and-supported-and-updated-for-2-more-years-but-no-longer-being-distributed-by-ESET-directly version 2.7 is among the most impressive pieces of software I've seen coded. it's 12MBytes, runs on every version of Windows from 95 to 7 x64 edition, takes up 34MBytes of RAM in the system tray, and is VERY effective. The newer versions are more user friendly and a bit more taxing on the system, but have the advantage of creating bootable rescue media and some other nifty features and is still an order of magnitude easier on the system than consumer-grade Norton or McAffee.

On the professional side, as much as it might cost in literal dollars for a Fortune 500 company to support the antivirus software, ultimately when a company shuffles a couple hundred billion dollars a quarter, I'm sure that in that context, the costs you mention are relatively trivial. With the possible exception of the United States Government, I'm calling [citation needed] on any company with SO many computers that they're spending seven figures on software updates for their AV.

Ten guys just for antivirus maintenance? I'm calling [citation needed] again. I could certainly see a large team being devoted to software management as a whole, but if they require ten people to oversee nothing but the AV app, they're likely doing it wrong. Does it require oversight? sure. I worked for a college campus that had several desktop support reps who all knew how to roll out patches and whatnot, but they weren't all doing it concurrently.

Now let's talk bandwidth. I'd buy that it could take a few terabytes of bandwidth to shuffle updates around over the course of a month for a few thousand computers getting a few updates on a daily basis. The question is this: would they need less bandwidth if they didn't use AV package? Similarly, is the AV patches using up so much bandwidth that it's become detrimental for regular work to take place on the LAN? I sincerely doubt either is the case.

30% of system resources being used during resident scanning, etc.? Again, either they're doing it wrong, using a thoroughly craptacular software title (though in the case of McAffee that may be accurate), or...yeah one of those two. I've never seen resident scanning peg my processor like that unless it actually found something. If they're running scans during the production day (which admittedly DO cause the processor to spike) instead of later on when the building is vacant, then one of those guys needs to be fired.

The soft costs are a crapshoot. What would the costs be if the user DOES get infected? How much productivity would they lose then? How much lost time would be spent troubleshooting that machine? Suppose the only alternative app for a given situation on the Mac/Linux platform is a half-baked, terrible-UI clone of what they've already paid for licensing for? Sure there's plenty of great software for Linux, and I use plenty of OSS myself. At my office though, we're running a apps that are niche apps (annual statement filing, spreadsheet collaboration, AS/400 access, electronic document filing

Re:The cure is much worse than the disease

[jimicus]

One good thing about A/V software - since I started sharing the above rant with family members, especially the in-laws, the requests for tech support from me have gone way way down. I think that my anti-A/V views have gotten me labeled as some kind of tinfoil-hat-wearing nut who shouldn't be allowed anywhere near their computers.

Frankly, if they persist in using Windows and they are the sort of people who need to ask for tech support, you are some kind of nut if you honestly think the cure's worse than the disease.

Epic Fail

[cyphercell]

I have sigs turned off.

Re:Epic Fail

[Lumpy]

epic fail

The lawyers.....

[8127972]

... Must just be licking their chops. Why?

1. They all but admitted they fracked up. They even used the word "faulty" in their post. What were they thinking?
2. Whatever their definition of "reasonable" is, it's not going to make everybody happy. That's sure to generate a few phone calls to lawyers.

Expect the the class action lawsuits to be filed shortly.

Re:The lawyers.....

[Renraku]

Rest assured that this was a planned and optimally timed move. They aren't going to fall on their swords over this and they aren't going to let every corporate IT department charge them the going rate for consulting fees plus lost productivity. Most likely they'll establish some reasonable number and say that it took an hour of work to fix it, and then offer each affected customer $20, or maybe some formula based on the amount of computers that one company had to fix the software on.

They'll point to their EULA and say, "We don't HAVE to do this, but we are. Read the EULA."

Interesting conflict of interests

[adamwright]

As one of the purveyors of worthless "Viruses/Cybercrime cost the economy TRILLIONS!!!" sky is falling nonsense, here's an interesting conflict of interests for McAfee. From a users perspective, the damage caused here will somewhat similar to the costs of cleaning up after a virus has damaged machines. Will they reimburse customers the many, many millions they claim viruses could cost companies when they sell them McAfee solutions? Or will IT support costs suddenly come down to these sensible "reasonable expenses" when they have to foot the bill?

Great News

[nurb432]

Get a bunch of fake receipts and retire.

Re:Great News

Get a bunch of fake receipts and retire.

in pound-me-in-the-ass federal prison?

pay McAfee!

if i had any money, i'd pay MCaffee to make more faulty updates.
the internet is a safer place without XP.
i kid : P

Re:If ever there was justification to Pirate McAfe

[Inda]

AVG burned us with proxies. Did you forget?

ToS

We should be happy they're doing anything at all. I'm sure it says somewhere in McAfee's terms of service that they are "Not responsible for damage caused by running this program".

Well played, sir.

[Petersko]

Epic Fail - "I have sigs turned off."

Well played.

question

was it "falsely identified" because there was no virus, or was it "falsely identified" because it was a virus a DRM vendor or some other "authorized body" put there?

Re:If ever there was justification to Pirate McAfe

[commodore64_love]

MicroSoft Explorer? That *is* a virus. ;-) (And unfortunately the only browser that works with my ISP's web compression.)

Re:If ever there was justification to Pirate McAfe

[xtracto]

Pirate McAfee?? are you serious?

<rant>
Why would someone sane want to have that piece of shit in their computers is beyond my mind. Really, I always thought that McAfee and Symantec DVDs/downloads include some kind of porn or coupon for a blowjob. Who the heck would install them?

There are SO MANY good alternatives (Kaspersky, Nod32, AVG, Avira)... shit right now I even think that Microsoft antivirus toy is a hundred times better than McAfee/NAV !

If I were AVG, Kaspersky or whatnot I would right now make an offer to give 1/2 price on the product to all the people that was fuckedup with McAffee's bug.
</rant>
Sorry for the rant

Re:Definitely an

[kiwimate]

As a grammar pedant myself, I lovingly craft a carefully formed response and kindly request that you stop being so pretentious and go with what the dictionary says.

Main Entry: virus
Pronunciation: \v-rs\
Function: noun
Inflected Form(s): plural viruses

Re:Definitely an

[commodore64_love]

So if I buy more than one Prius, do I say I own two Priuses, Prius, or Prii? Most of the folks at toyota-prius@yahoogroups like the last form, but the dictionary is unclear which is correct.

What bug?

[Livius]

But svchost.exe *is* a virus; there just isn't a way to remove it. Almost as big a security breach as iexplore.exe.

Re:What bug?

[Chris+Mattern]

But svchost.exe *is* a virus; there just isn't a way to remove it.

I find that this works wonders. Or, if you're not as hands-on, you may want this instead.

Re:If ever there was justification to Pirate McAfe

[GNUALMAFUERTE]

(And unfortunately the only browser that works with my ISP's web compression.)

What? It's the first time I've ever heard of an ISP that forces you to use a given browser. I assume your ISP has a proxy with deflate enabled ... but deflate is supported by virtually all browsers!

Care to explain a bit more? I believe you have material here to sue the fuck out of your ISP.

Re:If ever there was justification to Pirate McAfe

[pyrr]

Yeah, pirating McAfee would be not unlike stealing an old, high-mileage Geo Metro that has been rear-ended. And make your computer run just about as well as such a car, too.

Re:Definitely an

[foldingstock]

If you own one Prius and then actually want to buy a second, you have more severe problems than what to call the two cars.

Home users?

They're offering to pay for repairs for home (and home office) users. But wasn't the faulty product their Enterprise edition of McAfee AV? How many home users run Enterprise-level anti-virus? This sounds like a touchy-feely gesture in an effort to spin good PR while their Enterprise customers (the ones actually hurt by this) get nothing.

Re:Definitely an

[fat+bastard+of+doom]

I was always taught that, in the case of a proper name in a case like this, it would be Priuses. If you had a brand name called Fungus, for instance, the plural would be Funguses and not Fungi, and similarly the Ford Focus would be Focuses and not Foci. I could be wrong, but I don't feel like getting out a textbook.

How could QA miss that?

What I'm wondering is how QA could miss this? Or is their QA just that bad?

Re:Definitely an

[Sulphur]

Will the real Gauleiter of Grammar please stand up.

"Unfortunate?"

[westlake]

or, it's just a case of statistics being a bitch. given the number of updates that have to be pushed through the system, it's only a matter of time before the process lets a faulty one through

"Svchost.exe is a generic host process name for services that run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%\System32 folder. At startup, Svchost.exe checks the services part of the registry to construct a list of services that it must load." A description of Svchost.exe in Windows XP Professional Edition

Your chances of bricking Win XP when you quarantine svchost approach 100%.

Re:If ever there was justification to Pirate McAfe

[Critical+Facilities]

AVG burned us with proxies. Did you forget?

OK, I'll bite. Either I forgot or I never got the memo, what was/is the issue with AVG? I've been using it for years, and have installed it (with great success) on countless PCs for friends/family over the years.

I'm on McAfee's side...

[Temujin_12]

I've been on McAfee's side for this whole thing. They have to get some props for being the first AV vendor to come right out and admit that Windows itself IS the virus.

However, apparently the general population doesn't agree.

Don't worry McAfee, I agree with you.

Re:Definitely an

[lgw]

The key here is that the fuax-latin should follow the pattern "ius -> ii", not "us -> ii". Radius -> radii, good. Prius -> Prii, as smug-stupid as driving one (or two!) in the first place, but fits the pattern. Virus->virii, doesn't fit.

Priuses is correct, of couse, since it's a proper noun.

Re:Definitely an

[dmacleod808]

Am I the only one who read that last line as "Infected Form(s):plural viruses" DAMN MY CONTEXTUAL READING!

Heralding he next wave of the virus invasion

The next round of viruses are obviously going to contain portions of system binaries so that signatures will be more likely to misrecognize as they did here.

Re:Definitely an

[mister_playboy]

I also registered it that way. :)

Re:Definitely an

[Doggabone]

As a grammar pedant myself, I lovingly craft a carefully formed response and kindly request that you stop being so pretentious and go with what the dictionary says.

Main Entry: virus
Pronunciation: \v-rs\
Function: noun
Inflected Form(s): plural viruses

You might like this: http://linuxmafia.com/~rick/faq/plural-of-virus.html

Re:If ever there was justification to Pirate McAfe

[ElderKorean]

One thing that should come out of this is that McAfee are (likely) going to be fairly good at checking things like this in the future.

So are the other anti-virus companies too I suppose.

Re:If ever there was justification to Pirate McAfe

not only that 2 years ago something similar happened:
http://www.bit-tech.net/news/2008/11/12/avgi-bug-leaves-windows-unbootable/1

and we had this problem at work with mcafee and safe mode was still working
even normal boot worked but (essential) services couldn't be loaded, so the machine was acting
very funky