Slashdot Mirror
McAfee To Pay For PC Repairs After Patch Fiasco
Barence writes "McAfee has offered to pay for the PC repairs of consumers affected by last week's faulty antivirus update. The problematic patch falsely identified the SVCHOST.EXE Windows file as a virus, causing PCs running Windows XP SP3 to crash or enter endless reboot cycles. In a blog post addressed to 'Home or Home Office Consumers,' the company offered to reimburse PC repair expenses, though there was a notable caveat. 'If you have already incurred costs to repair your PC as a result of this issue, we're committed to reimbursing reasonable expenses,' the company said. 'Reasonable expenses' has yet to be formally defined."
Reimburse them ... or ... maybe what they should do is give the "victims" extended subscriptions instead ... that's probably exactly what they want ;-)
A 2 year extension? What, so they can have 730 more days to do it again?
What quality control system?
The epic fail was the initial bug. This response however is exactly what McAfee should be doing. Offering fairly spontaneously to reimburse people for their expenses incurred is good customer service and good damage control. It is also the ethical thing to do. When something is both the most ethical and most business-savvy course of action, that's a good thing. And that they are willing to do so when it essentially admits to the fact that they screwed up big time shows that they are willing to admit to their mistakes, something many people are not. When evaluating both corporations and people, look at how they respond to the serious failures and crises. McAfee has a good response.
Why would you willingly use McAfee in any way after this? Why not just go with AVG or Avast or MSE?
All it takes is some engineer to mistype a single keystroke (a "*" in Google's case) and down the whole system comes.
A single engineer to mistype a single keystroke + A director of quality that proposed/allowed a quality control methodology that didn't include a single check between the engineers coding and the public receiving a new version.
Laying blame on those who don't have a large scale responsibility is, very often*, wrong.
*: Yes, a dev could've set a logic bomb when suspecting he'd be fired. And even then most of the blame was on the one who lost control on the future firing info.
And people wonder why I rarely use virus software. The damage caused by the AVS is often worse than the actual virii or spybots. Seeing a "Windows XP can't boot" message is pretty damn annoying. I ended-up having to install KDE Ubuntu Linux instead, and never did recover my lost files (just videos fortunately).
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
Using the made-up "virii" as a plural for viruses makes you look like a retard.
At this point, an offer to pay "reasonable" expenses is about as generous as Ford apologizing for selling a car airbag that deploys as soon as you sit in the seat. Plus, it's covered in broken glass and rusty nails. Also, lemon juice.
It's nice that they're taking responsibility and all, but a bodyguard who beats up his own client isn't really the sort of person that you give second chances to.
If you were blocking sigs, you wouldn't have to read this.
Heh.... Doing the right thing almost always *ensures* you'll make less money -- at least in the world of computing.
I do on-site service too, and honestly, that's one reason I charge higher hourly rates than some of my competition. I've seen, first-hand, the way they leave a PC after they're supposedly done "cleaning up a spyware infection". Typically, they run a couple of their favorite programs on it, letting them run through and remove whatever they find, and they declare it "clean" - charging their fee and leaving.
I actually take the time out to test a system after I clean a virus/spyware issue, and if I see any evidence that, say, pop-up windows are still occasionally coming up in Internet Explorer, or error boxes are displaying from files that got deleted but not removed from the registry entries referencing them? I go back in and fix all of that. If I can't get it to where I'm satisfied it's 100% back to normal, I sometimes back up all their documents, bookmarks/favorites, Outlook email store, autocomplete files, photos, music, and whatever else - wipe the drive, and rebuild the whole machine.
Honestly, that stuff takes many HOURS to do right, and I can't really bill a person for all of the time that takes - so I just "cap" things at that point with what I think is a fair price, and "eat" the rest of it.
If I was less honest, I'd do what the other guys do and just do a quick, easy automated "once over" of things, take my money and run. Chances are good they'll call back and pay a second or third time to go back and mess with the remaining junk that was left behind anyway. And if not, at least I wasn't stuck putting in hours of unpaid work to do the job right....
But I dunno.... there's still something satisfying about knowing you did a job the best you could -- even if it usually goes relatively unappreciated.
Come on guys, I hate McAfee as much as you do but "reasonable expenses" makes perfect sense and it's not something you can easily quantify everywhere... but we all know how ridiculous some potential charges are or how some stupid customers are. I can see some stupid, stupid people thinking they need to go out and buy a new 500 dollar computer to fix this problem.
True, then again, accepting this payback probably excludes them from any other settlement. So a user has an option - get a refund for getting their computer fixed, or getting a coupon for a free 6 months of McAfee, but having to pay to fix their computer. The really dumb ones get a coupon and a broken computer.
Also, McAfee will probably hide behind the EULA for the class action, since the EULA probably also said they don't have to pay if they screw up your system anyhow.
or, it's just a case of statistics being a bitch. given the number of updates that have to be pushed through the system, it's only a matter of time before the process lets a faulty one through. that it was so egregious is, well, unfortunate.
Okay I work at a small firm so we don't have the problems or the tools to deal with the problems that you would have dealing with a thousand PCs. But how do you just reimage a PC remotely when the OS will not even boot?
I can only assume that you can buy PCs that have some advanced management tools built into the BIOS.
"and as all campus data was kept on centralized servers then you should have lost no data,"
That would be nice and ideal but how hard is it to enforce in practice? I would think enforcing strict policies like that on a university campus would be like herding cats. Yes for the Administration system it should be a piece of cake but what about systems in research labs?
Even with all of your suggestions sort of the testing of the antivirus update this is still a nightmare. I mean even in a small hospital you could be dealing with hundreds or thousands of systems that you would have to get back up and running.
While testing updates really should be a matter of course I am not sure that many people do that with antivirus signature files.
What I still don't get is this.
Why is it so easy to modify a critical OS system file! I mean really shouldn't it be just about impossible for any program to delete or modify system files? If we could fix that little issue it would do wonders for the security of most PCs.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
How about software prima donnas that think they are too good to make mistakes and say QA just gets in their way? I would say this is far more likely due to a software guy skirting the checks rather than there be no checks in place for an established company like McAfee
If a developer has the ability to skirt QA checks at all in any way QA is fundamentally broken. Who sets up a dev shop like that? Dev hands code to QA; QA hands code to production.
In any case, the most basic sort of automatic regression testing should have caught this (since it breaks the test machine on install). At any professional shop this would have been bounced on check-in, and never even made it as far as QA. And, again, software prima donna mindset doesn't matter - you check in, the BVT fails, the change is rolled back (or the "line is stopped").
Socialism: a lie told by totalitarians and believed by fools.
I stopped doing the virus removals all together. I just wipe and reload every time now. 99% of the time if you scratch the virus removals you save everybody money because most of the time you end up failing to remove the virus. Even if you don't the machine isn't going to be 'like new' when you are done. I only want my customers to have a 'like new' computer when I am done. I NEVER want to have to come back. I don't feel right about charging someone twice. Even if it isn't really my fault. Even though I'm warning them... I do basically the same thing though as you. I ask them questions about how they use the computer, "do they you have the disks that came with it?", etc. and "then reason I ask is because there are different ways to resolve the problem and the one I usually recommend is wiping and reloading" . "It's quick, easy, and you end up with a system that is like new. If your system is slow now, it'll be as fast as it was when it was new when were done-or almost probably (as long as you have enough ram /w sp3 / etc av updates), and other problems that you might experience that are artefacts you might still experience from even a successful virus removal won't be present". The thing is though- I usually charge almost as much as the rip off scam artist places like like best buy. Although not the on-site pricing just the 'in-store' pricing. So it is a premium service in that respect at a really good deal considering what they are getting.
It should not be possible for the coder to skirt QA. He should not have the security access to push the change out to production.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.