Users of McAfee's anti-virus products have been given a nasty shock: a false-positive reading that kills Windows.
A bad virus definition update has left a number of McAfee customers worldwide with systems that will no longer run.
First spotted by the guys over at Gizmodo
following a surge of comments on micro-blogging service Twitter, and later confirmed by Engadget
and The Register
, the issue stems from a false positive contained within the 5958 virus definitions and triggered on machines running Windows XP Service Pack 3.
Users who received the faulty update - initially released yesterday at 1400 and then quickly removed from the update servers - will have found that the rather important Windows service svchost.exe
was categorised as a virus. If the default option to quarantine the file is selected - or if the software is configured to do so automatically - the system will crash.
Describing the issue as causing "moderate to significant performance issues
" on affected systems, McAfee has posted instructions
on both removing the faulty virus definition and on repairing a damaged Windows install.
This is hardly the first time a signature-based anti-virus has gone haywire and caused havoc on the very PCs it was designed to protect, of course. Just last month BitDefender Antivirus crashed
64-bit Windows systems due to a similar faulty signature update, and back in January Kaspersky Anti-Virus ended up blocking
Google AdSense by mistake. Unfortunately, such issues are a by-product of the complex balancing act signature-based detection systems must perform: too permissive and you'll miss new and modified viruses; too strict and you'll falsely classify legitimate files as malware.
Do you think the time has come to solve the virus problem a different way, or are these false positive issues just something modern computer users need to expect from time to time? Share your thoughts over in the forums