McAfee Retracts Lowball Bug Damage Estimate 233
bennyboy64 writes "McAfee has changed its official response [warning: interstitial] on how many enterprise customers were affected by a bug that caused havoc on computers globally. It originally stated the bug affected 'less than half of 1 per cent' of enterprise customers. Now McAfee's blog states it was a 'small percentage' of enterprise customers. ZDNet is running a poll and opinion piece on whether McAfee should compensate customers. ZDNet notes a supermarket giant in Australia that had to close down its stores as they were affected by the bug, causing a loss of thousands of dollars."
I wonder (Score:3, Interesting)
...If McAfee has a clause in their EULA somewhere that limits their responsibility, and should that be the case, if it is legally enforcable.
Maybe someone with access to said EULA could look it up?
Microsoft once pushed their accountability as a selling point for the Windows Server platform against Linux, if I recall well -- however their maximum responsibility was something like 50$. I wonder what is McAfee's stance in this regard.
Necessary Evil (Score:2, Interesting)
Re:XP SP3 (Score:3, Interesting)
Getting real about things here (Score:5, Interesting)
First, McAfee blew this big time, that such a bug made it to production shows a complete breakdown in their internal processes. XP with SP3 is the number one OS combination in enterprise environments, and should have been the first thing that they tested on. Without doubt McAfee has liability on this and needs to get aggressive about damage control with clients.
That being said, every one of these clients that was hit by this is just as guilty as McAfee is! They are in no better shape and those responsible need to be going management review for their failure. Enterprise Management 101 - nothing goes into production that has not been tested in a lab for pre-pilot and a small group of production computers for pilot! This is as basic as enterprise management gets. Every single environment that was taken down by this shows professional incompetence by their requisite IT departments.
The only question is if it is the fault of management for failing to allow the budget and support needed for a lab for testing or if it is the fault of the IT staffer who never tested things as they should. This is without doubt one of the most public examples of IT incompetence to make the news in years. This is a case of sheer and utter incompetence by every affected party and no pity should be given. If pity were to be given, give it to the poor desktop techs that have to go around making apologies and manual fixes for everything.
Made quite a mess of some college networks, too. (Score:5, Interesting)
I am sure they "forgot" to count third party AV. (Score:2, Interesting)
Re:Really? (Score:3, Interesting)
Nah - this is Coles. That'd be one of the "big two" Australian grocery retailers, with thousands of stores nationwide. I expect that 'loss of thousands of dollars' was many, many thousands (either that or it only affected a very small number of stores for a very small time before getting fixed).
Actually I used to work at Coles (it was my first job!). Our store was the smallest one in the state but still had revenue of ~$300,000 a day...
Re:AV on POS computer?? (Score:2, Interesting)
Re:Necessary Evil - bull (Score:1, Interesting)
Don't businesses run their own update server and categorize, verify, and deploy those updates based on what software THEY have running?
If you're telling me that a hospital IT system is setup to take any and all updates directly from vendors( McAfee, Microsoft, etc ) all I can say is they get what they deserve for doing that and it's nobodies fault but their own. Let me guess, this is how most Windows shops are run these days and that is why Windows admins cost much less than *nix admins. IMO
so 4 hours of corporate downtime for this one issue. And why do you not have a few machines configured to represent your standard corporate computers and run the updates on them before expecting some other company to have tested their update with _your_ software configuration? Does Microsoft Windows not give you the power to push out updates locally? The very first time I setup a classroom configuration using Linux it dawned on me that I did not want every computer doing auto updates so I mirrored the Ubuntu repo, setup a cron to keep that updated, and configured all the lab computers to pull from a secondary local mirror where I'd move updates over as they got tested. dah.
LoB
Re:XP SP3 (Score:2, Interesting)
I suspect that after this event, lots of enterprise customers will adopt the stance you propose ... either that or they'll abandon McAfee altogether.
The company I work for got hit by this. My personal machine was spared (not running XPSP3), but many, many of my colleagues were down for an entire day or longer while this was getting figured out and cleaned up. A quick back-of-the-envelope calculation for lost productivity at my company alone would easily climb into 7 digits ... possibly even 8 digits. Now multiply that by the number of corporate customers that got hit.