McAfee To Pay For PC Repairs After Patch Fiasco

Barence writes "McAfee has offered to pay for the PC repairs of consumers affected by last week's faulty antivirus update. The problematic patch falsely identified the SVCHOST.EXE Windows file as a virus, causing PCs running Windows XP SP3 to crash or enter endless reboot cycles. In a blog post addressed to 'Home or Home Office Consumers,' the company offered to reimburse PC repair expenses, though there was a notable caveat. 'If you have already incurred costs to repair your PC as a result of this issue, we're committed to reimbursing reasonable expenses,' the company said. 'Reasonable expenses' has yet to be formally defined."

Reasonable cost?

[areusche]

I'm pretty sure that reimburshing my IT department's lost money and time is pretty reasonable considering I spent two days walking to every computer on the campus.

Re:Reasonable cost?

[LWATCDR]

maybe you should put a Linux partition on all of the boxes with some remote access software?
Not actually trying to be a smart ass but if you could do that then it might have been possible to fix the issue remotely.
I am not sure since my office has a small network and we didn't have the problem. I would think that it should be possible to replace the missing file and disable the anti virus or maybe replace the definitions file remotely. Most modern Linux distros can mount NTFS partitions.

Of course right now the idea of light clients and Windows terminal services probably doesn't sound so bad!

Re:Reasonable cost?

[rabbit994]

Completely impossible. Many AV vendors are now updating 2 or 3 times a day. Heck, Microsoft free AV gets updated daily and sometimes twice daily. Unless you skipped updates and only deployed every Monday update, you could possibly test but you would need a dedicated team to testing. What happens if some Javascript virus came out on Tuesday? Are you going to leave your users unprotected till next week? AV is unfortunately a system where sometimes you do have to pray and update. We do that at our job since we are media company, we have very liberal web filter and sometimes our users get infected even with auto updating. I'd be scared to see the damage if we didn't update as soon as Symantec update was released. BTW, Symantec sucks as bad as McAfee but suits pushed it on us.

Re:Reasonable cost?

[LWATCDR]

Okay I work at a small firm so we don't have the problems or the tools to deal with the problems that you would have dealing with a thousand PCs. But how do you just reimage a PC remotely when the OS will not even boot?
I can only assume that you can buy PCs that have some advanced management tools built into the BIOS.
"and as all campus data was kept on centralized servers then you should have lost no data,"
That would be nice and ideal but how hard is it to enforce in practice? I would think enforcing strict policies like that on a university campus would be like herding cats. Yes for the Administration system it should be a piece of cake but what about systems in research labs?

Even with all of your suggestions sort of the testing of the antivirus update this is still a nightmare. I mean even in a small hospital you could be dealing with hundreds or thousands of systems that you would have to get back up and running.
While testing updates really should be a matter of course I am not sure that many people do that with antivirus signature files.

What I still don't get is this.
Why is it so easy to modify a critical OS system file! I mean really shouldn't it be just about impossible for any program to delete or modify system files? If we could fix that little issue it would do wonders for the security of most PCs.

Re:Reasonable cost?

[eth1]

I would think enforcing strict policies like that on a university campus would be like herding cats. Yes for the Administration system it should be a piece of cake but what about systems in research labs?

Sometimes it's best to let the cats herd themselves.

I used to support a school full computers a few years ago. While a much smaller environment than a Uni, the faculty still talk to each other. One of the first things I did was set up imaging and easy network storage for the faculty. At first it was like herding cats - impossible to get them to take the time to make sure their important stuff was on the network storage. It took only two HD failures to change everyone's behavior. The first one, the teacher *wasn't* storing stuff on the network, and of course her tales of woe spread far and wide. I just made sure everyone knew why everything was lost.

The second, the teacher *was* storing everything on her network drive, and when her HD failed, she was up and running by her next break, with everything intact, and she spread her tales of joy far and wide. I just had to put in a little extra effort so that everyone knew why it was so easy. Mysteriously, everyone was suddenly making sure all of their important stuff ended up on their network drive.

Reimburse?

[WrongSizeGlass]

Reimburse them ... or ... maybe what they should do is give the "victims" extended subscriptions instead ... that's probably exactly what they want ;-)

2 year extension?

[topham]

A 2 year extension? What, so they can have 730 more days to do it again?

Re:2 year extension?

[timeOday]

I actually think they deserve some credit for this. It will cost them a fortune. Better that they hadn't made the mistake in the first place, but then again, these things happen occasionally and cases of software companies paying for damages caused by their bugs are extremely rare.

Not gonna be enough..

[Hebbinator]

I don't see how this even begins to approach the amount they are in for.. they are going about it the wrong way. In signing up to pay home/ home office users, they are automatically assuming guilt for themselves (as if anyone wasn't sure that they were guilty in the first place?)

First off, they are starting with home / home office users. This population will incur the highest cost per computer to fix - i.e. instead of paying 1 IT guy 30/hr to fix a bunch of computers in one place, this is one-at-a-time visits to Geek Squad (ugh) or whatever which will run 50+ per computer..

This is just opening the door for future corporate lawsuits - i.e. "Clearly they have said that they were the cause of this issue and are willing to refund some of their users to the tune of X for just ONE computer. My company lost 1000 computers, I want 1000x dollars, plus lost productivity."

Re:If ever there was justification to Pirate McAfe

[LinuxIsGarbage]

Currently they are extending subscriptions by two years. Enough to prevent any successful bid by IT personnel to get higherups to approve a switch. Now whether they will cover the actual cost of lost productivity, not just of IT staff but by the company as a whole.

Re:Definately an

[Lord+Byron+II]

Didn't Google mark all websites as malware-infested about a year ago? All it takes is some engineer to mistype a single keystroke (a "*" in Google's case) and down the whole system comes.

Re:Definately an

[ByteSlicer]

It questions the entire quality control system.

What quality control system?

Re:Definately an

[JoshuaZ]

The epic fail was the initial bug. This response however is exactly what McAfee should be doing. Offering fairly spontaneously to reimburse people for their expenses incurred is good customer service and good damage control. It is also the ethical thing to do. When something is both the most ethical and most business-savvy course of action, that's a good thing. And that they are willing to do so when it essentially admits to the fact that they screwed up big time shows that they are willing to admit to their mistakes, something many people are not. When evaluating both corporations and people, look at how they respond to the serious failures and crises. McAfee has a good response.

Re:If ever there was justification to Pirate McAfe

[The+MAZZTer]

Why would you willingly use McAfee in any way after this? Why not just go with AVG or Avast or MSE?

Re:Definately an

[Thanshin]

All it takes is some engineer to mistype a single keystroke (a "*" in Google's case) and down the whole system comes.

A single engineer to mistype a single keystroke + A director of quality that proposed/allowed a quality control methodology that didn't include a single check between the engineers coding and the public receiving a new version.

Laying blame on those who don't have a large scale responsibility is, very often*, wrong.

*: Yes, a dev could've set a logic bomb when suspecting he'd be fired. And even then most of the blame was on the one who lost control on the future firing info.

Re:Definately an

[commodore64_love]

And people wonder why I rarely use virus software. The damage caused by the AVS is often worse than the actual virii or spybots. Seeing a "Windows XP can't boot" message is pretty damn annoying. I ended-up having to install KDE Ubuntu Linux instead, and never did recover my lost files (just videos fortunately).

I was thinking this would be a boon for me...

[chaffed]

I was thinking this would be a boon for me. I do in home and business support in my off hours, good spending money. However, due to my issues with McAfee, none of my regular clients use McAfee AV products.

So, if I had recommended McAfee to my clients, I would be a rich person now. Damn, doing the right things doesn't make as much money!

Re:I was thinking this would be a boon for me...

[King_TJ]

Heh.... Doing the right thing almost always *ensures* you'll make less money -- at least in the world of computing.

I do on-site service too, and honestly, that's one reason I charge higher hourly rates than some of my competition. I've seen, first-hand, the way they leave a PC after they're supposedly done "cleaning up a spyware infection". Typically, they run a couple of their favorite programs on it, letting them run through and remove whatever they find, and they declare it "clean" - charging their fee and leaving.

I actually take the time out to test a system after I clean a virus/spyware issue, and if I see any evidence that, say, pop-up windows are still occasionally coming up in Internet Explorer, or error boxes are displaying from files that got deleted but not removed from the registry entries referencing them? I go back in and fix all of that. If I can't get it to where I'm satisfied it's 100% back to normal, I sometimes back up all their documents, bookmarks/favorites, Outlook email store, autocomplete files, photos, music, and whatever else - wipe the drive, and rebuild the whole machine.

Honestly, that stuff takes many HOURS to do right, and I can't really bill a person for all of the time that takes - so I just "cap" things at that point with what I think is a fair price, and "eat" the rest of it.

If I was less honest, I'd do what the other guys do and just do a quick, easy automated "once over" of things, take my money and run. Chances are good they'll call back and pay a second or third time to go back and mess with the remaining junk that was left behind anyway. And if not, at least I wasn't stuck putting in hours of unpaid work to do the job right....

But I dunno.... there's still something satisfying about knowing you did a job the best you could -- even if it usually goes relatively unappreciated.

Re:I was thinking this would be a boon for me...

[bootup]

I stopped doing the virus removals all together. I just wipe and reload every time now. 99% of the time if you scratch the virus removals you save everybody money because most of the time you end up failing to remove the virus. Even if you don't the machine isn't going to be 'like new' when you are done. I only want my customers to have a 'like new' computer when I am done. I NEVER want to have to come back. I don't feel right about charging someone twice. Even if it isn't really my fault. Even though I'm warning them... I do basically the same thing though as you. I ask them questions about how they use the computer, "do they you have the disks that came with it?", etc. and "then reason I ask is because there are different ways to resolve the problem and the one I usually recommend is wiping and reloading" . "It's quick, easy, and you end up with a system that is like new. If your system is slow now, it'll be as fast as it was when it was new when were done-or almost probably (as long as you have enough ram /w sp3 / etc av updates), and other problems that you might experience that are artefacts you might still experience from even a successful virus removal won't be present". The thing is though- I usually charge almost as much as the rip off scam artist places like like best buy. Although not the on-site pricing just the 'in-store' pricing. So it is a premium service in that respect at a really good deal considering what they are getting.

Re:Definately an

Using the made-up "virii" as a plural for viruses makes you look like a retard.

Offtopic

[Artem+S.+Tashkinov]

AV industry is just one big fuck up.
Instead of building a true behaviour based, sandbox'y style AV solutions, they peddle their ugly products and never exchange their virus signatures leading to a situation when no AV can detect all existing viruses, and no AV is even remotely future-proof in defeating unknown malware types.
And let this McAffee debacle become the next little step in embracing of open source OS'es by the corporate world.

I wonder....

[fuzzyfuzzyfungus]

What, if any, level of incompetence would (legally) be "indistinguishable from malice"...

Obviously, by installing an AV product, you indicate a desire for it to perform certain operations on your system, and an acceptance of the fact that it will probably tank your I/O performance and so forth. And, in general, courts have generally accepted the notion that vendors are nominally, at best, liable for buggy software.

In this case, albeit unintentionally, McAfee ended up committing several hundred thousand hack attacks. Disabling thousands of computers, including plenty that would fall under the CFA's definition of "protected computers".

Thought experiment: If some punk kid had accidentally disabled some hundreds of thousands of computers(along the lines of that old accidental self-replicator worm, or something), what parts of the book would they be throwing at him right now? Are McAfee's actions just a desperate attempt to keep some of their burned customers, or do they fear something more serious here?

I will believe it when I see it.

[khasim]

Maybe it will cost them a fortune. Or maybe they'll make everyone trying to file a claim jump through unreasonable hoops and end up paying almost nothing.

Extending a license for 2 years costs them NOTHING if the customer would have left.

And that's just for home users. There's still no word on other users (like school districts).

"Patch Fiasco"

[RevWaldo]

"Ladies and gentlemen, coming to to you all the way from Seattle, Washington, the one, the only - Patch Fiasco!"

or perhaps...

(Twelve bad guys lie dead or mortally wounded on the street, surrounded by astonished and bewildered townsfolk. One speaks up.)
- Who are you?
(the man lights a cigarette, drags it in and exhales, then adjust the brim of his hat.)
- My name... is Patch Fiasco. (turns around and starts walking away. music: mournful slide guitar)

ObAutomotiveAnalogy

[Rogerborg]

At this point, an offer to pay "reasonable" expenses is about as generous as Ford apologizing for selling a car airbag that deploys as soon as you sit in the seat. Plus, it's covered in broken glass and rusty nails. Also, lemon juice.

It's nice that they're taking responsibility and all, but a bodyguard who beats up his own client isn't really the sort of person that you give second chances to.

Re:Definately an

[ComaVN]

Virusesii, obviously.

Reasonable expenses.

[MindlessAutomata]

Come on guys, I hate McAfee as much as you do but "reasonable expenses" makes perfect sense and it's not something you can easily quantify everywhere... but we all know how ridiculous some potential charges are or how some stupid customers are. I can see some stupid, stupid people thinking they need to go out and buy a new 500 dollar computer to fix this problem.

Re:Reasonable expenses.

[slimjim8094]

I can see some stupid, stupid people thinking they need to go out and buy a new 500 dollar computer to fix this problem.

Replace "some stupid, stupid" with "a lot". There's a depressingly tremendous percentage of people who are convinced that the fix for a computer that's gotten slower over 2 years is a new computer. These are people with C2Ds with 2GB ram and 500GB hard drives.

Most people don't get the distinction between hardware and software. Most think that when the OS gets bogged down with craptons of spyware, the computer simply needs replacing; they just wear out over a few years. Dell obviously loves this, but it's tremendously wasteful.

By my estimations of my own compute repair, this is about 20% of users. Probably more - since the problem is that they don't call when the computer slows down, I wouldn't hear about it.

Incidentally, this is why Apple's doing so well. They want their computer to work like a microwave or TV - works indefinitely until it becomes inadequate for your needs, or breaks. Apple is perfectly happy to sell them something that works like that, and that's what us geeks don't understand.

Epic Fail

[cyphercell]

I have sigs turned off.

Re:Definately an

[tlhIngan]

Maybe so. But being familure with the lawyer thing, I smell a big fat Class Action (where of course the lawyers get paid big fat checks, and the consumers get a coupon).

True, then again, accepting this payback probably excludes them from any other settlement. So a user has an option - get a refund for getting their computer fixed, or getting a coupon for a free 6 months of McAfee, but having to pay to fix their computer. The really dumb ones get a coupon and a broken computer.

Also, McAfee will probably hide behind the EULA for the class action, since the EULA probably also said they don't have to pay if they screw up your system anyhow.

Re:Definately an

[Bakkster]

Ignoring, of course, that this is only reimbursing the private-use of the program. As of now, the corporations who were affected quite severely financially (for following suggested security measures) are still out in the cold.

Re:If ever there was justification to Pirate McAfe

[Inda]

AVG burned us with proxies. Did you forget?

Re:Definately an

[jank1887]

or, it's just a case of statistics being a bitch. given the number of updates that have to be pushed through the system, it's only a matter of time before the process lets a faulty one through. that it was so egregious is, well, unfortunate.

What bug?

[Livius]

But svchost.exe *is* a virus; there just isn't a way to remove it. Almost as big a security breach as iexplore.exe.

Re:Definitely an

[foldingstock]

If you own one Prius and then actually want to buy a second, you have more severe problems than what to call the two cars.

Re:Definately an

[Chris+Mattern]

It's also more logical than the alternative.

Only if you flunked Latin. "Virii" is not the plural of "virus" however you slice it--in fact, it's even more complicated than it looks as "virus" is in fact *not* a second-declension noun in spite of the "-us" ending. Stick with "viruses" and you won't look like a moron trying to look sophisticated.

Re:Definately an

[Chris+Mattern]

His point is that instead of using a Latin form that is nonexistent, and wouldn't look like that even if it DID exist, you can use a perfectly good English (as in English, the language you're actually speaking) form that works, is correct, and doesn't make you look like a moron.

Re:Definately an

[lgw]

How about software prima donnas that think they are too good to make mistakes and say QA just gets in their way? I would say this is far more likely due to a software guy skirting the checks rather than there be no checks in place for an established company like McAfee

If a developer has the ability to skirt QA checks at all in any way QA is fundamentally broken. Who sets up a dev shop like that? Dev hands code to QA; QA hands code to production.

In any case, the most basic sort of automatic regression testing should have caught this (since it breaks the test machine on install). At any professional shop this would have been bounced on check-in, and never even made it as far as QA. And, again, software prima donna mindset doesn't matter - you check in, the BVT fails, the change is rolled back (or the "line is stopped").

Re:Definately an

[smash]

It should not be possible for the coder to skirt QA. He should not have the security access to push the change out to production.