McAfee update kills Windows
Users of McAfee's anti-virus products have been given a nasty shock: a false-positive reading that kills Windows.
First spotted by the guys over at Gizmodo following a surge of comments on micro-blogging service Twitter, and later confirmed by Engadget and The Register, the issue stems from a false positive contained within the 5958 virus definitions and triggered on machines running Windows XP Service Pack 3.
Users who received the faulty update - initially released yesterday at 1400 and then quickly removed from the update servers - will have found that the rather important Windows service svchost.exe was categorised as a virus. If the default option to quarantine the file is selected - or if the software is configured to do so automatically - the system will crash.
Describing the issue as causing "moderate to significant performance issues" on affected systems, McAfee has posted instructions on both removing the faulty virus definition and on repairing a damaged Windows install.
This is hardly the first time a signature-based anti-virus has gone haywire and caused havoc on the very PCs it was designed to protect, of course. Just last month BitDefender Antivirus crashed 64-bit Windows systems due to a similar faulty signature update, and back in January Kaspersky Anti-Virus ended up blocking Google AdSense by mistake. Unfortunately, such issues are a by-product of the complex balancing act signature-based detection systems must perform: too permissive and you'll miss new and modified viruses; too strict and you'll falsely classify legitimate files as malware.
Do you think the time has come to solve the virus problem a different way, or are these false positive issues just something modern computer users need to expect from time to time? Share your thoughts over in the forums.
Previous Article
46 Comments
Discuss in the forums ReplyMaybe they need to input a list of files that the scanner is not to touch.
To be honest though this shouldn't have been much of an issue, as virus scanners usually give you the option of not having it perform any action on a potential virus until you give the say so. If you haven't selected that option, then more fool you. Mine always flags up cracks but it wont touch them unless I say otherwise.
I don't use firewalls nor anti-virus's.
Never had a problem.
a mac user by any chance?? :)
Me neither......
Just out of curiosity i installed AVG the other week and did a full scan, 700Gb's worth and came up totally clear, and that's after 'going commando' for the last 14mths of daily use...
I promptly uninstalled AVG....
The best anti virus you can get is common sense......and its free.
(1) Buy the version of Windows with "Software Restriction Policy". (Usually named "Professional" or "Business" editions). Set it to "Disallow". This will only allow executables to run in "Program Files" and "Windows" directories. You can add more rules to suit your needs.
(2) Only use Administrator when installing/updating/fixing issues. (Password this account.)
(3) Always use Limited/Standard User for day-to-day use. (Password this account as well)...Combining with (1) will cause a Catch-22 for malware. => Where I can run; I cannot save. Where I can save; I cannot run.
(4) Always scrutinize every application/executable BEFORE you install. (Buy legit commercial, check user reviews of freeware, only get software from developer's website, etc.)
(5) Always stay up-to-date. Including third-party software like Java, Flash, Adobe Reader, etc.
(6) Familiarise yourself with the various social engineering tricks.
(A malware's most vulnerable point is getting the user to execute code. If that isn't allowed to happen; infection cannot occur!)
In the last 2 years of applying this approach; No infections. No malware. No BS applications running in the background...The only thing I worry about is hardware failure. (This is typically overcome by selecting quality parts.)
Even so, I thought the point of AV software was to keep your system running
Every AV solution in the last 5 years have caused "friendly fire" incidents such as this. This is why I don't trust AV solutions.
They are a danger to the computer user; and malware writers can easily bypass them by simply re-packaging existing malware...Re-craft existing malware to exploit new holes. (Saves you time...And adds more work for AV companies).
The AV approach to security is the reason why we still have crap floating on the web.
When more people apply what I've suggest; Windows infection numbers will fall.
(Granted, it'll put a number of people out of work; but that's just tough titties! Serves them right for being part of a dodgy industry!)
I would say not being able to boot your system is fairly severe. Surely you should be able to seek compensation from McAffee over this?
Hustler you do realise AVG wouldn't find anything even IF your computer is riddled with viruses? It's a piece of crap..
Microsoft Security Essentials is worth a go as its free, Malware Bytes Anti-Malware is also good..
Thank you very much, MS. As much as I hate McAfee for being the resource killer it is, at least it found the malicious software!
Surely this all could've been avoided if people didn't download the update as soon as it was released? A 6 hour wait probably could've saved a lot of people a lot of trouble.
Seen numerous PC's of friends using AVG free and paid, Avast, Avira, all riddled with malware and viruses and all aformentioned programs did (as you say) F all. I am not sure if the people in question willfully let programmes like 'Anti Virus XP' take over their pc by clicking the boxes it pops up, but then these AV progs should block it.
As we know, best AV prog is called being Savvy.
True, although it increases workload for IT departments - especially difficult for companies without the resources to dedicate to a lab to test updates before rolling out to the live environment.
yeah...yeah...yeah.....heard it all before, fact is no matter what anti virus product i could have used, someone like you would always pop up to say its 'a piece of crap'........use this or use that...
McAfee & Norton are as bad as or worse than the majority of viruses and have been for almost 20 years now.
You know MS SE is explicitly designed to work with a home user? In fact the liscence agreement forbids you from using it for work.
In other words, you really don't have a leg to stand on complaining.
Doesn't change the fact the product didn't work though does it.....
Well I meant more to just let the update test itself in the wild, then hope that the AV company will remove it in a timely matter. Either way, we've had an email from the university now in which they said they perform their updates at 5pm, so they didn't get the update from McAfee as soon as it was released anyway.
Really though, and I know it's been said before, the AV companies should be more on the ball with this. There should be some legal responsibility put upon them to ensure proper testing across all OS' they list as compatible. I bet McAfee don't even bother testing on XP anymore, even though the majority of their corperate users run it.
its easy to fix if you have a usb thmubdrive and a unaffected PC to get the svchost file from or if your lucky you can just restore it from quaranteen but that was only possible on the 10% of the 200+ pc's we had to fix
Hence, no doubt, the Internet Explorer 8 commercial I saw the other day, along the lines of "I received an e-mail from my mother. I clicked the link and IE8 informed me that the website wasn't the real website of my bank. I closed the window, and there, I'm safe."
I guess complacency and blindly trusting the company who made the software has become the norm. I'm really glad I don't work in IT support!
Still sucks IMHO.
I use them because they work, I fix computers every single day and those are the products that remove the viruses..
Take almost any computer with AVG and install any of the main paid antiviruses and I'll damn near guarantee you that something will be there, most people are just not aware of what's good and what's bad on the web.
also the free one doesn't offer the same level of protection as the paid for version
tie that with, the fake av products telling the end user that they have 300 infections, click here to fix your unbroken computer and it doesn't matter what antivirus you have, you clicked to allow it and hey presto av product bypassed
i drop in a SAS, MBAM, spyware doctor and spybot scan every now and then which have always been clean
I steer clear from AVG as drastically slows down the PC plus have come across several issues with it some of which causing BBC and CCN webpages not to load in one instance
Naturally - but scanning it is one thing, prompting to quarantine it as this update did is immeasurably stupid. There are quite a few necessary windows files that are targeted by virus writers and it's nothing new. But given the scope of the effects, this wasn't a simple oversight with a minor system file; it was gross negligence with regards to a lynchpin system file. If a particular quarantine could result in the system not being able to function (i.e. a file that was required for windows to operate), then the AV program needs to tell the user so - AND prompt the user to create a restore point before applying the quarantine.
I can see the occasional false positive on a relatively obscure file, but there is no worthwhile excuse I can see for this particular screw-up.
ESET Nod32 is probably the best virus software in the world, I highly recommend it.
And all these companies where against MS locking down the original 64bit core from virus companies,lol, the irony
Or if it is a system file thats needs to be sorted, at least give the user the option to reinstall file, from windows update, maybe?
Mandrivia, fadora, ubuntu ect
and don't log in as SuperUser.
Done.
(free OS, No viruses, no problems)
And best for businesses because you can't install all the online gambling software that workers get caught with in the US.
I've never liked McAfee.
I tried Ubuntu a while back. There are some software titles and certain hardware devices I use on a near daily basis at work, and often away from the office when I'm working from home. These titles won't run on Linux. It was fun messing about with Ubuntu, but since I'm not savvy with Linux I found it very time consuming to find and install all the programs I normally use (or free/Linux friendly alternatives of those programs). The Ubuntu forums are loaded with requests from people trying to get this piece of hardware functioning, or that program installed and [i[completely[/i] functional. A good AV solution is sometimes the least of their problems.
After reading so many IT geeks bemoaning working the help desk because users can't figure out their Windows boxes, I'd hate to see the comments when they have to take over all the help calls coming in when the secretary can't figure out the sudo command.
Sorry, but pithy comments such as "use X and you'll be problem free" don't take into consideration that the majority of computer users rely on AV programs much in the same way that they rely on nanny-state governments. They need the computer to take as much control, but not appear as though it's taking over (Windows Vista User Account Control, anyone?). When a person relies on an AV program to filter out all the spam while he surfs for prOn, he's trusting that the company makes every effort to release a quality product. Sometimes, sh*t happens, and you end up
electing an idiot warmongerclicking the wrong link, or the update crashes your machine.Yeah, it would be nice if software companies would only release programs that worked 100% of the time. I also want my washing machine to run forever.
As to vendors not providing Linux versions of their software. This will change over time but you can always get your IT dept to run it on WINE or virtualised it.
However, each time I found that everything took me so much longer to do, because it wasn't windows. Almost every task I wanted to perform had to be preceded by an often lengthy learning process, during which I discovered various ways in which linux is different from windows.
Now, I'm not necessarily saying that's a bad thing, but it is a huge factor. For most people, switching their production machines to linux would be disastrous. It is also worth bearing in mind that many small companies do not have a dedicated IT department to set things up and teach people how to do the things they need to get done. It's easy to say "Just switch to linux", but for most people that is even more work than putting up with McAffee ruining their pcs.
For the record, I continue to tinker with linux, and I hope the day will soon come when I am competent enough to be able to run it as a primary OS on my machines.