Slashdot Mirror

← Back to Stories (view on slashdot.org)

McAfee To Pay For PC Repairs After Patch Fiasco

Posted by CmdrTaco on from the in-over-their-heads dept.

Barence writes "McAfee has offered to pay for the PC repairs of consumers affected by last week's faulty antivirus update. The problematic patch falsely identified the SVCHOST.EXE Windows file as a virus, causing PCs running Windows XP SP3 to crash or enter endless reboot cycles. In a blog post addressed to 'Home or Home Office Consumers,' the company offered to reimburse PC repair expenses, though there was a notable caveat. 'If you have already incurred costs to repair your PC as a result of this issue, we're committed to reimbursing reasonable expenses,' the company said. 'Reasonable expenses' has yet to be formally defined."

13 of 212 comments (clear)

  1. $50! DENIED! by Anonymous Coward · · Score: 1, Interesting

    Let the billing and accounts recieveable fuckery begin!
    Mc's legal department and accounts are going to be looking for ANY reason to tell claimants to go play "Hide and go fuck yourself with that invoice."

  2. Reasonable cost? by areusche · · Score: 2, Interesting

    I'm pretty sure that reimburshing my IT department's lost money and time is pretty reasonable considering I spent two days walking to every computer on the campus.

    1. Re:Reasonable cost? by LWATCDR · · Score: 3, Interesting

      maybe you should put a Linux partition on all of the boxes with some remote access software?
      Not actually trying to be a smart ass but if you could do that then it might have been possible to fix the issue remotely.
      I am not sure since my office has a small network and we didn't have the problem. I would think that it should be possible to replace the missing file and disable the anti virus or maybe replace the definitions file remotely. Most modern Linux distros can mount NTFS partitions.

      Of course right now the idea of light clients and Windows terminal services probably doesn't sound so bad!

      --
      See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
    2. Re:Reasonable cost? by rabbit994 · · Score: 2, Interesting

      Completely impossible. Many AV vendors are now updating 2 or 3 times a day. Heck, Microsoft free AV gets updated daily and sometimes twice daily. Unless you skipped updates and only deployed every Monday update, you could possibly test but you would need a dedicated team to testing. What happens if some Javascript virus came out on Tuesday? Are you going to leave your users unprotected till next week? AV is unfortunately a system where sometimes you do have to pray and update. We do that at our job since we are media company, we have very liberal web filter and sometimes our users get infected even with auto updating. I'd be scared to see the damage if we didn't update as soon as Symantec update was released. BTW, Symantec sucks as bad as McAfee but suits pushed it on us.

    3. Re:Reasonable cost? by eth1 · · Score: 4, Interesting

      I would think enforcing strict policies like that on a university campus would be like herding cats. Yes for the Administration system it should be a piece of cake but what about systems in research labs?

      Sometimes it's best to let the cats herd themselves.

      I used to support a school full computers a few years ago. While a much smaller environment than a Uni, the faculty still talk to each other. One of the first things I did was set up imaging and easy network storage for the faculty. At first it was like herding cats - impossible to get them to take the time to make sure their important stuff was on the network storage. It took only two HD failures to change everyone's behavior. The first one, the teacher *wasn't* storing stuff on the network, and of course her tales of woe spread far and wide. I just made sure everyone knew why everything was lost.

      The second, the teacher *was* storing everything on her network drive, and when her HD failed, she was up and running by her next break, with everything intact, and she spread her tales of joy far and wide. I just had to put in a little extra effort so that everyone knew why it was so easy. Mysteriously, everyone was suddenly making sure all of their important stuff ended up on their network drive.

  3. Not gonna be enough.. by Hebbinator · · Score: 5, Interesting

    I don't see how this even begins to approach the amount they are in for.. they are going about it the wrong way. In signing up to pay home/ home office users, they are automatically assuming guilt for themselves (as if anyone wasn't sure that they were guilty in the first place?)

    First off, they are starting with home / home office users. This population will incur the highest cost per computer to fix - i.e. instead of paying 1 IT guy 30/hr to fix a bunch of computers in one place, this is one-at-a-time visits to Geek Squad (ugh) or whatever which will run 50+ per computer..

    This is just opening the door for future corporate lawsuits - i.e. "Clearly they have said that they were the cause of this issue and are willing to refund some of their users to the tune of X for just ONE computer. My company lost 1000 computers, I want 1000x dollars, plus lost productivity."

  4. Re:Definately an by Lord+Byron+II · · Score: 2, Interesting

    Didn't Google mark all websites as malware-infested about a year ago? All it takes is some engineer to mistype a single keystroke (a "*" in Google's case) and down the whole system comes.

  5. I was thinking this would be a boon for me... by chaffed · · Score: 5, Interesting

    I was thinking this would be a boon for me. I do in home and business support in my off hours, good spending money. However, due to my issues with McAfee, none of my regular clients use McAfee AV products.

    So, if I had recommended McAfee to my clients, I would be a rich person now. Damn, doing the right things doesn't make as much money!

    --
    What could possibly go wrong?
  6. Offtopic by Artem+S.+Tashkinov · · Score: 2, Interesting

    AV industry is just one big fuck up.
    Instead of building a true behaviour based, sandbox'y style AV solutions, they peddle their ugly products and never exchange their virus signatures leading to a situation when no AV can detect all existing viruses, and no AV is even remotely future-proof in defeating unknown malware types.
    And let this McAffee debacle become the next little step in embracing of open source OS'es by the corporate world.

    1. Re:Offtopic by Anonymous Coward · · Score: 1, Interesting

      FWIW, I knew an engineer working for McAfee in the early 90s (IIRC, was at least mid 90s) who had developed a virus detection system closely related to a sandbox / virtualization approach - it would detect malware based on what it did in a sandbox copy of the OS. According to him, it worked great, but after much internal high level debate the project was killed, as there was no business case for a virus scanner that didn't need high frequency updates (and the associated subscription fees.) He believed a set of patents were filed to lock up the concept, but I've never looked for such...

  7. I wonder.... by fuzzyfuzzyfungus · · Score: 2, Interesting

    What, if any, level of incompetence would (legally) be "indistinguishable from malice"...

    Obviously, by installing an AV product, you indicate a desire for it to perform certain operations on your system, and an acceptance of the fact that it will probably tank your I/O performance and so forth. And, in general, courts have generally accepted the notion that vendors are nominally, at best, liable for buggy software.

    In this case, albeit unintentionally, McAfee ended up committing several hundred thousand hack attacks. Disabling thousands of computers, including plenty that would fall under the CFA's definition of "protected computers".

    Thought experiment: If some punk kid had accidentally disabled some hundreds of thousands of computers(along the lines of that old accidental self-replicator worm, or something), what parts of the book would they be throwing at him right now? Are McAfee's actions just a desperate attempt to keep some of their burned customers, or do they fear something more serious here?

  8. I will believe it when I see it. by khasim · · Score: 2, Interesting

    Maybe it will cost them a fortune. Or maybe they'll make everyone trying to file a claim jump through unreasonable hoops and end up paying almost nothing.

    Extending a license for 2 years costs them NOTHING if the customer would have left.

    And that's just for home users. There's still no word on other users (like school districts).

  9. Re:Definately an by Bakkster · · Score: 2, Interesting

    Ignoring, of course, that this is only reimbursing the private-use of the program. As of now, the corporations who were affected quite severely financially (for following suggested security measures) are still out in the cold.

    --
    Write your representatives! Repeal the 2nd Law of Thermodynamics!