Slashdot Log In
McAfee Anti-Virus Causes Widespread File Damage
Posted by
Roblimo
on Mon Mar 13, 2006 10:02 AM
from the who-can-you-trust? dept.
from the who-can-you-trust? dept.
AJ Mexico writes, "[Friday] McAfee released an anti-virus update that contained an anomaly in the DAT file that caused many important files to be deleted from affected systems.
At my company, tens of thousands of files were deleted from dozens of servers and around 2000 user machines. Affected applications included MS Office, and products from IBM (Rational), GreenHills, MS Office, Ansys, Adobe, Autocad, Hyperion, Win MPM, MS Shared, MapInfo, Macromedia, MySQL, CA, Cold Fusion, ATI, FTP Voyager, Visual Studio, PTC, ADS, FEMAP, STAT, Rational.Apparently the DAT file targeted mostly, if not exclusively, DLLs and EXE files." An anonymous reader added, "Already, the SANS Internet Storm Center received a number of notes from distressed sysadmins reporting thousands of deleted or quarantined files. McAfee in response released advice to restore the files. Users who configured McAfee to delete files are left with using backups (we all got good backups... or?) or System restore."
Related Stories
[+]
Security Vendor McAfee to Pay $50 Million Fine 229 comments
goombah99 writes "RedHerring.com reports that Security Vendor McAfee has agreed to pay a fine of fifty million dollars stemming from false SEC filing. McAfee cooked its books, overstating its revenues one year by 131%, or half a billion dollars. The method employed was 'channel stuffing' in which compliant re-sellers are effectively paid to buy and hold inventory they may never sell. The shipped goods are booked as revenue and the payments disguised in the books. When it caught up with them, McAfee's stock price crashed, wiping out a billion dollars of shareholder capitalization. The story quotes an analyst saying this maybe the swan song for the once dominant vendor."
[+]
Apple: McAfee Feigns Fear at Mac Security 403 comments
conq writes "BusinessWeek reports that McAfee has just come out with a report which asks the question 'Is Mac OS X the Next Windows?'." They appear to be attempting to scare consumers into buying anti-virus software for OSX. Blogger Arik Hesseldahl breaks down their claims: "First off, Mac users on average pay more for their computers, are self-selected because they tend to know more about technology than your average PC buyer, and by and large are a bit more affluent than those who buy cheapo commodity Windows PCs ... When you take into account the ongoing growth in general PC ownership, even if Apple pushes its annual unit sales to 12 million or more by 2010, its share of the overall market will still account for about 4%, leaving Windows the far more tasty target."
[+]
The Dark Side of Paid Search 125 comments
Tough Lefty writes "A new study by McAfee's SiteAdvisor Web ratings finds that sponsored results from some of the biggest names in the search engine business contain spyware, spam, scams and other Internet menaces. The key findings were that major search engines returned risky sites in their search results for popular keywords and sponsored results contained two to four times as many dangerous sites as organic results. Overall, MSN search results had the lowest percentage (3.9%) of dangerous sites while Ask search results had the highest percentage (6.1%). Google was in between (5.3%). Check the comprehensive study for all the data."
[+]
Ask Slashdot: Alternative Enterprise Anti-Virus Solutions? 148 comments
Darth_brooks asks: "I admin for a great non-profit organization that has spent the last year rebuilding after a massive fire. We've got a pretty tight system running now, especially compared to the unmanaged chaos that existed before the fire. Firefox for surfing and T-bird for for e-mail, WSUS for updates, and we're slowly replacing Office with OpenOffice. But out anti-virus solution (command AV, a holdover from our old system) is not cutting the mustard. Specifically the management console isn't exactly reliable, and we just don't feel like we're getting our money's worth. What alternatives can the Slashdot crowd suggest?"
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Help! (Score:5, Funny)
Re:Help! (Score:5, Funny)
NO!
You're going to need some virus protection from your virus protection from your virus protection to be absolutely safe.
Thankfully, I am offering those at very reasonable prices. Buy one now and receive a free fragment from the Eiffel tower as a value-added gift.
Parent
The real irony here.... (Score:5, Insightful)
Parent
Re:Help! (Score:5, Informative)
You only need that headless pentium 3 (even a pentium pro could make it!) that you are using to rest your feet
Of course that is if you use Windows (for whatever reason, I also do it).
Parent
New school excuse (Score:5, Funny)
Parent
The Risk (Score:5, Insightful)
Did they forget to include that the risk of installing McAfee Anti-Virus for any user : High?
Wait a minute, it is identifying some system files that Windows put on my machine! I guess the Mac & 'nix freaks are right, Windows really is a virus. I hope it's only a matter of time before my next virus definition assesses Internet Explorer & Windows Media Player as full blown Trojan viruses distributed as malware with my OS.
Re:The Risk (Score:5, Insightful)
'they will delete your files'.
In one fell swoop it seems as though McAfee may have deleted more files
than all the viruses it has removed would have.
Parent
Comical recovery instructions from McAfee (Score:5, Informative)
This probably would have worked great on my machine if it weren't for the fact that half of the files McAfee quarantined were *System Restore files*.
Apparently McAfee hasn't heard of a novel concept called "testing". (I like how they've posted a list on their website of the false positive files, now 7 pages long and still woefully incomplete; they ought to just admit it's going to take a random assortment of exes and dlls on any machine.)
Combine this with the fact that the default settings on a McAfee install are to quarantine without prompting, and IMHO McAfee is the most dangerous virus I've ever had on my machine.
Parent
Does this mean... (Score:5, Funny)
Surprisingly, it didn't quarantine itself (Score:5, Funny)
Not surprised (Score:5, Interesting)
Saw it coming (sort of) (Score:5, Interesting)
Just last week, in response to: The Trouble With Software Upgrades [slashdot.org] I posted a question [slashdot.org] asking what do you do to protect yourself from automatic updates that go bad... but I got no responses. In light of the current situation, I'd really appreciate hearing some responses, here.
Re:Saw it coming (sort of) (Score:5, Insightful)
Parent
Good catch (Score:5, Interesting)
It seems to have "infected" all of Adobe's recent product install CDs. Once it "infects" your computer it displays a popup whenever you open an Adobe app. As far as I can tell, there's no way to shut this off in the latest versions. So I've paid $x00 dollars for Acrobat, and it comes with a virus.
Where should users turn? (Score:5, Insightful)
Furthermore, a lot of virus scanners have an option to "auto-update". Imagine if an entire company had this option turned on.
Virus scanners have always been a bad solution to the problem of viruses. They don't fix the problem at its root. Instead of ensuring their operating system has no known security holes, users now rely on virus scanners to just catch everything that comes through. Any determined attacker could still just craft a custom virus to attack any host they desire. Since the virus scanner companies wouldn't have come across that particular virus, it wouldn't get picked up.
Would you fix the holes in a boat with sticky tape instead of checking that the boat doesn't have holes before you put it in the water?
I haven't had any problems (Score:5, Funny)
Ye don't always get what ye pays for (Score:5, Insightful)
Likewise, the perception is that the more expensive the software (and the bigger the box it comes in) the more protection you are afforded. And that the company won't suddenly decide to change direction / stop supporting the software / etc.
Yet time and time again this is shown not to be true. McAfee uninstalls arbitrary files on your computer (how'd that get through testing?) and just tells users to re-install from backup... exactly the kind of calamity the software is supposed to prevent. Part of WinNT5 was found to violate someone's patent, and anyone using that particular (admittedly rare) function had to pony up to the original patent holder or write a workaround.
As far as I can tell, the "little guys" software tends to be better in general than the big boys. Why? Because they're still trying. Before Norton was Symantec, they struggled to create an amazing toolkit of software tweaks that really did some great things. Now that their position is secure, they've hardly updated the suite to even work with XP, let alone taken advantage of the fixes and hacks that smaller houses have found. McAfee, once a nimble little company making a great little product, has been bloating for years. The more developers you add to a project, the less anyone knows about what the system is doing.
A free alternative that has been around for a long time:
AVG Antivirus [grisoft.com]
There are others. Please post 'em below.
A tool for media giants (Score:5, Interesting)
Pretty obvious to me that it was just waiting to find files that media companies didn't like people to have on their own private property so I'm guessing that they must have gotten McAfee to agree to do their dirty work for them and call stuff they don't like a virus and automatically delete the file regardless of settings.
But that's just my conspiracy theory.
Anti-virus as virus? Yeah, I knew that already. (Score:5, Interesting)
I worked on a consulting job two years ago, and they told me I could use my own PC. No problem - except that, when I got there, they wanted to check it for virii. In an XP world, I was running Windows ME. So they loaded up Norton on my machine, and ran it for about 3 hours.
Result? Nothing. No junk of any kind. Completely clean.
Why? It helped that I had the free version of Zone Alarm, and the firewall on my DSL router definitely helped, but I think the biggest reason I had no problems was
- Mozilla instead of IE
- Eudora instead of Outlook.
Completely clean, that is, except for the antivirus. That monster kept interrupting my work. It took a great deal of effort to get the beast out of my system.
Re:who-can-you-trust? (Score:5, Insightful)
Do you really think Open Source AV can't fsck up your PC if there are bugs in it? And let's be honest, how many people actually look at the source of programs (updates) they install? I am a programmer, and I never looked the code of an Open Source program I installed for the sake of "Let's make sure this update won't fsck up my PC". I look at the code because I am curious to see how they do certain things, or I want to change some annoying aspect of it.
Parent
Re:who-can-you-trust? (Score:5, Funny)
Closed source is teh $at4n... go linux, w00t!
Parent
Re:Don't use anti-virus! (Score:4, Interesting)
If you keep your system updated, use a firewall, and just generally understand how the typical virus/worm/trojan works, you're 99.9% protected. However, there's always the possibility that someone will get clever enough to get through that, so I use AVG just to be on the safe side.
Parent
Re:Don't use anti-virus! (Score:5, Insightful)
I've used it at home for a little over four years and worked with it for three years as an administrator. I have NEVER had a virus on any XP system I was responsible for.
In fact, the only virus I've ever had a problem with was an infected Windows 2000 domain controller that was SUPPOSED to be managed by corporate IT. They hadn't updated it in well over a year and wouldn't let me touch it until it started crashing (and those geniuses had it as the exchange server as well...again, I couldn't change that).
In both cases, I didn't go to extreme measures to secure the systems. I used automatic updates, both a standalone firewall and Windows Firewall, and antivirus (AVG Free at home, Symantec Corporate at work). That, and I educated my users on what NOT to open from their e-mail.
A good way to teach your users not to open strange attachments is to give them a dummy one that will just let you know who opened the file. I arranged with management to do this one day...send out a trojan-like e-mail with a script that would write a file with the username in it to one of the network shares and see who opened it.
The next day I unplugged one of the network switches for fifteen minutes at the beginning of the day, told them it was because some people had opened "virus e-mails" (management knew the truth) and then plugged it back in. I talked to the people who had opened the "virus" e-mails and gave them an in-depth training session on why it's a bad thing to open every attachment you get on e-mail. From then on, they wouldn't touch anything that was even remotely suspicious.
Three years, nearly 100 users, and ZERO penetration on my systems. It's not rocket science.
Parent
Same as with safety belts (Score:5, Insightful)
The problem is, you never know. It's not only foolishness that gets a trojan onto your system. They come with presumably legit software, even from reputable companies. An infected driver CD is all it takes. Shareware CDs or other CDs slapped on magazines, do you think they have a lot of time to make just perfectly sure the programs are clean? A lot of shareware comes bundled with adware, do you read all those EULAs? And do you think they tell the full truth? Can you read through the legalese?
I won't get into system bugs and other exploits.
So yes, you don't really need safety belts. But it sure feels a bit more secure with them.
Parent
Re:CTX undo file (Score:5, Insightful)
Parent