Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Security Bug IT

McAfee Retracts Lowball Bug Damage Estimate 233

Posted by kdawson from the had-our-fingers-crossed dept.
bennyboy64 writes "McAfee has changed its official response [warning: interstitial] on how many enterprise customers were affected by a bug that caused havoc on computers globally. It originally stated the bug affected 'less than half of 1 per cent' of enterprise customers. Now McAfee's blog states it was a 'small percentage' of enterprise customers. ZDNet is running a poll and opinion piece on whether McAfee should compensate customers. ZDNet notes a supermarket giant in Australia that had to close down its stores as they were affected by the bug, causing a loss of thousands of dollars."
This discussion has been archived. No new comments can be posted.

McAfee Retracts Lowball Bug Damage Estimate More

McAfee Retracts Lowball Bug Damage Estimate

Comments Filter:

  • I wonder (Score:3, Interesting)

    by mr_da3m0n ( 887821 ) on Friday April 23, 2010 @10:32AM (#31955090) Homepage

    ...If McAfee has a clause in their EULA somewhere that limits their responsibility, and should that be the case, if it is legally enforcable.

    Maybe someone with access to said EULA could look it up?

    Microsoft once pushed their accountability as a selling point for the Windows Server platform against Linux, if I recall well -- however their maximum responsibility was something like 50$. I wonder what is McAfee's stance in this regard.

  • Necessary Evil (Score:2, Interesting)

    by RayRuest ( 1417225 ) on Friday April 23, 2010 @10:37AM (#31955168)
    It could only effect that few if the policies were set up update infrequently (ever few days or so). My policies are set to check for updates and push them frequently, so I got bitten. I have less than 100 desktops but am a 1 person shop. 4 hours of sneaker net repairs and corporate downtime. Thanks McAfee. There was at least 1 hospital in the area that had to resort to turning non-critical patients away. Don't these things get testing before release? These products are a necessary evil... they don't need to be more evil than the purpose they are attempting to provide.

  • Re:XP SP3 (Score:3, Interesting)

    by GIL_Dude ( 850471 ) on Friday April 23, 2010 @10:41AM (#31955226) Homepage
    It really depends on the intersection of folks running McAfee along with SP 3 in the enterprise. My company is just finishing a migration to Vista, but we still do have about 15,000 Windows XP SP3 desktops (not done deploying yet). However, late last year, I was at a MS Global Accounts meeting (35 very large companies) and NONE of the rest of them had deployed SP 3 for their XP machines. They were all on SP 2 and were harping on Microsoft about the end of support for SP 2 that was fast approaching. None of them wanted to deploy SP 3. It was flabbergasting to me, but they just didn't want to do it. So none of those companies were impacted - even if they ran McAffee.

  • Getting real about things here (Score:5, Interesting)

    by onyxruby ( 118189 ) <onyxruby&comcast,net> on Friday April 23, 2010 @10:50AM (#31955380)

    First, McAfee blew this big time, that such a bug made it to production shows a complete breakdown in their internal processes. XP with SP3 is the number one OS combination in enterprise environments, and should have been the first thing that they tested on. Without doubt McAfee has liability on this and needs to get aggressive about damage control with clients.

    That being said, every one of these clients that was hit by this is just as guilty as McAfee is! They are in no better shape and those responsible need to be going management review for their failure. Enterprise Management 101 - nothing goes into production that has not been tested in a lab for pre-pilot and a small group of production computers for pilot! This is as basic as enterprise management gets. Every single environment that was taken down by this shows professional incompetence by their requisite IT departments.

    The only question is if it is the fault of management for failing to allow the budget and support needed for a lab for testing or if it is the fault of the IT staffer who never tested things as they should. This is without doubt one of the most public examples of IT incompetence to make the news in years. This is a case of sheer and utter incompetence by every affected party and no pity should be given. If pity were to be given, give it to the poor desktop techs that have to go around making apologies and manual fixes for everything.

  • Made quite a mess of some college networks, too. (Score:5, Interesting)

    by ProdigyPuNk ( 614140 ) on Friday April 23, 2010 @10:50AM (#31955386) Journal
    A buddy of mine is in IT at a college in the area. This affected almost all of their computers. Although it's harder to put a dollar figure on, the students and professors were NOT happy when all of the computer labs on campus went down, along with a "server" or two. Ever seen professors gets mad ? Now imagine your an IT guy and the professors can't access their online grade books that you pushed them into using. I really think McAfee is going to have a big problem on it's hands come contract renewal time. Pissed off IT people have long memories!

  • I am sure they "forgot" to count third party AV. (Score:2, Interesting)

    by JaCKeL 1.0 ( 670980 ) on Friday April 23, 2010 @10:52AM (#31955428)
    We use Sonicwall's security services, their anti-virus is a crippled version of Mcafee business. And we've been hit hard: Machine where going down but WITHOUT any explanation or any warning messages (this version is silent to the user) and since svchost was killed, no chance of getting in the event monitor or using any tools, it took me couple of hour to figure it was the AV. I am sure they "forgot" to add all those third party security solution who rebrand Mcafee solutions. What is making me mad is the way they try to play with "numbers" (a small percentage, half of a percent...) and the way they hide everything and to act like it didn't happen(go navigate on their website and try to find any information about this bug, they even closed their support form in the peak of the crisis). C'mon if you screwed up, at least PLAY FAIR and be sorry, we might forgive you.Pplaying the ostrich game will make us angrier.

  • Re:Really? (Score:3, Interesting)

    by Cimexus ( 1355033 ) on Friday April 23, 2010 @10:57AM (#31955498)

    Nah - this is Coles. That'd be one of the "big two" Australian grocery retailers, with thousands of stores nationwide. I expect that 'loss of thousands of dollars' was many, many thousands (either that or it only affected a very small number of stores for a very small time before getting fixed).

    Actually I used to work at Coles (it was my first job!). Our store was the smallest one in the state but still had revenue of ~$300,000 a day...

  • Re:AV on POS computer?? (Score:2, Interesting)

    by Scyth3 ( 988321 ) on Friday April 23, 2010 @11:41AM (#31956192)
    Typically the POS desktops are talking directly to a server in the backroom. The server in the backroom is typically where a manager will check their emails (via Outlook), take training via a web site, etc. and it's also where the database for the POS client desktops is stored. Every night that small store server submits the data to a main server at the "home base". So, if the virus scan is on the server (typically is), and the machine goes down, then the business is effectively closed. It's not that the POS machines had a virus scanner on them, it's that the server does since it's used as a work machine for the manager as well. That's how one of the biggest auto part chains in the US operates. It wouldn't surprise me to see this elsewhere.

  • Re:Necessary Evil - bull (Score:1, Interesting)

    by Anonymous Coward on Friday April 23, 2010 @11:42AM (#31956214)

    Don't businesses run their own update server and categorize, verify, and deploy those updates based on what software THEY have running?

    If you're telling me that a hospital IT system is setup to take any and all updates directly from vendors( McAfee, Microsoft, etc ) all I can say is they get what they deserve for doing that and it's nobodies fault but their own. Let me guess, this is how most Windows shops are run these days and that is why Windows admins cost much less than *nix admins. IMO

    so 4 hours of corporate downtime for this one issue. And why do you not have a few machines configured to represent your standard corporate computers and run the updates on them before expecting some other company to have tested their update with _your_ software configuration? Does Microsoft Windows not give you the power to push out updates locally? The very first time I setup a classroom configuration using Linux it dawned on me that I did not want every computer doing auto updates so I mirrored the Ubuntu repo, setup a cron to keep that updated, and configured all the lab computers to pull from a secondary local mirror where I'd move updates over as they got tested. dah.

    LoB

  • Re:XP SP3 (Score:2, Interesting)

    by oldspewey ( 1303305 ) on Friday April 23, 2010 @12:57PM (#31957284)

    I suspect that after this event, lots of enterprise customers will adopt the stance you propose ... either that or they'll abandon McAfee altogether.

    The company I work for got hit by this. My personal machine was spared (not running XPSP3), but many, many of my colleagues were down for an entire day or longer while this was getting figured out and cleaned up. A quick back-of-the-envelope calculation for lost productivity at my company alone would easily climb into 7 digits ... possibly even 8 digits. Now multiply that by the number of corporate customers that got hit.

Slashdot Top Deals

I have hardly ever known a mathematician who was capable of reasoning. -- Plato

Close