INSECURITY VENDOR McAfee has admitted that a recent antivirus update is rendering PCs inoperable.
The update, 5958 DAT, was released by the firm early on Wednesday and it didn't take long for reports to surface that users were experiencing blue screens of death (BSoDs) and DCOM errors shortly after applying the update. The update seems to affect Windows XP SP3 users, with the post update security scan recording false positives, misdiagnosing machines as infected with W32/wecorl.a malware.
Since then the company has been in damage control mode with its executive vice president, Barry McPherson attempting to quell the flames by saying that the problem has affected only "less than one half of one percent" of the firm's enterprise customers and even fewer consumers. That might be so, but given that large firms typically deploy the same security software throughout their inventories, a single "account" can represent hundreds or even thousands of now useless computers.
McPherson's first post generated replies from irate customers, including one asking for the company to come clean about the problem, saying, "Why not just admit the f'up and say you're sorry? You jacked up untold hundreds of thousands if not millions of computers." Another customer whose firm apparently spends $9,000 per year on McAfee products said, "I've been asked by upper-management to look at other products and another email-filtering service." Similar sentiments are repeated many times, with users saying that they have lost money trying to fix McAfee's mistake.
Later on Wednesday McPherson reacted to those posts, claiming that after working 14 hours straight, he takes the comments on his blog "very seriously". Presumably it's hard to ignore when you have a number of loyal customers threatening to take their business elsewhere. Various quick fixes have been suggested, including replacing the svchost.exe from a working Windows XP machine. However a reader points out that after the firm's software deletes the svchost.exe on the affected machine you can't even copy and paste the replacement svchost executable. Unsurprisingly the frustrated and angry user called the fix "BS" after saying that the problem cost "hundreds of man hours".
McPherson claims that he has been talking to "hundreds of colleagues" and emailing thousands in order to find the best way to fix these issues. He also admits that Wednesday 21 April was not his or McAfee's "favourite day". We think McPherson will find that many of his customers share that sentiment, given that his firm disabled their primary means of making a living, with one comment urging that McPherson have "red hot pokers plunged into his eye sockets".
The update has since been pulled from the firm's servers, though that will be of little consolation to those who have had to spend time and money fixing their machines.
This unmitigated disaster for McAfee goes to highlight that insecurity firms can compete, effectively, with the malware authors when it comes to bringing down PCs. The difference being that, unlike malware, you have to pay for McAfee's products. µ
We've had no luck so you don't have to...
Oh Microsoft... not again...
Hmmm... says Microsoft
No way, Norway