McAfee Retracts Lowball Bug Damage Estimate 233
bennyboy64 writes "McAfee has changed its official response [warning: interstitial] on how many enterprise customers were affected by a bug that caused havoc on computers globally. It originally stated the bug affected 'less than half of 1 per cent' of enterprise customers. Now McAfee's blog states it was a 'small percentage' of enterprise customers. ZDNet is running a poll and opinion piece on whether McAfee should compensate customers. ZDNet notes a supermarket giant in Australia that had to close down its stores as they were affected by the bug, causing a loss of thousands of dollars."
XP SP3 (Score:4, Insightful)
I thought this affected anyone running XP SP3, which I expect would be a majority of enterprise desktops, not less than half of one percent.
Re:XP SP3 (Score:5, Insightful)
I guess less than half of 1% of all corporate customers are customers of McAffee.
The right wording is everything.
Re: (Score:2)
yeah, the media spin is strong with mcafee.
Reality? It affected everyone who has automatic updates on mcafee for enterprise, which roughly translates to a large majority of enterprise customers. Usually from a security perspective it's seen as bad form to not have updates available as soon as possible.
It also shows that mcafee's quality control is nothing short of crap. It's known that viruses do rename as svchost sometimes, but clearly they didn't test the heuristics here.
Re: (Score:2, Interesting)
I suspect that after this event, lots of enterprise customers will adopt the stance you propose ... either that or they'll abandon McAfee altogether.
The company I work for got hit by this. My personal machine was spared (not running XPSP3), but many, many of my colleagues were down for an entire day or longer while this was getting figured out and cleaned up. A quick back-of-the-envelope calculation for lost productivity at my company alone would easily climb into 7 digits ... possibly even 8 digits. Now mu
Re: (Score:2)
I would guess there are more than that because of previous licensing. Luckily their licensing ran out on us and we switched to Norton since McAfee hasn't really done much since 2003. There enterprise stuff has really sucked for a while now but we had to wait to get out of the deal with them because of "you know" the economy.
Re: (Score:2)
I really wouldn't trust Norton any more then McAfee.
Honestly - I don't know what the right answer for a corporate entity is... There is just something really scummy about both companies that I don't like.
Re: (Score:3, Informative)
Microsoft Forefront is what I'd suggest.
Re: (Score:3)
Re: (Score:2)
> Honestly - I don't know what the right answer for a corporate entity is...
Sophos is another good choice. But really any choice is better than Norton or McAfee. Avoid these at all costs.
Re: (Score:2, Informative)
Re: (Score:2)
Re: (Score:2)
Re: (Score:3, Informative)
You should also add to this the statistic of how many corporations use their own distribution server (middleman). Even if clients poll daily, the corporation as a whole may only deliver updates weekly or may stagger updates to ensure they are tested in the wild before pushing them out to corporate clients.
Not only this, but many Administrators manually review virus' before they are cleaned. I have caught a few false positives by doing manual checks.
Re: (Score:3, Funny)
The plural of virus is viruses. Also, there's no reason to capitalize administrators here.
I know, I should proof-read more often.
Oh well, we all make mistakes - some larger than others (McAfee).
Only under certain conditions. (Score:2)
Well, one condition - that the v8.7 McAfee app scanned the svchost.exe file of a WinXPsp3 machine.
Which could happen under three situations:
1. You manually launched a scan.
or
2. A scheduled scan launched.
or
3. A setting in your policy said "scan processes on enable".
Re: (Score:2)
In most enterprise environments McAfee is going to have real time protection against running processes. Can you point me to an enterprise environment where this wouldn't be the case?
Yep. (Score:2)
It is "real time protection" even if that setting is set to "off".
McAfee's documentation specifically mentions turning it off because there is a high processor utilization bug still in it. Although you'd need to read the "read me" file that came with the patches.
Other than that, unless you choose the highest security setting, it is off by default in a BRAND NEW VANILLA install. But not if you had upgraded
Re: (Score:2)
> McAfee's documentation specifically mentions turning it off because there is a high processor utilization bug still in it. Although you'd need to read the "read me" file that came with the patches.
And stupid me thought that high processor utilization is a "feature" of McAfee. Seriously, if it is bug, why has it been there for years if not decades?
Re: (Score:2)
We're talking about McAfee running on Windows. Way to be off-topic and ignorant yourself.
That isn't to say Unix and Linux boxes never run anti-virus protection. Some just run on mail servers to protect against virus attachments. But when you run anti-virus in a *nix environment, you often still run real time protection.
Re: (Score:3, Interesting)
Re: (Score:2)
None of them wanted to deploy SP 3. It was flabbergasting to me, but they just didn't want to do it.
Some fucktard in a suit gets told that they don't care about problems caused by not running SP3, running SP3 requires a bunch of money to get spent and if he spends it he doesn't get a new BMW 7 series this year.
Really, so many of these decisions have nothing to do with rationality. At some high level it comes down to some guy in a suit angling for a new car, a new house or some other luxury/status symbol.
Re: (Score:2)
At my work we run XPSP3 and McAfee, had no problems here.
@WithinRafael on Twitter (from www.withinwindows.com) was trying to reproduce it and had problems, I think he recently succeeded but hasn't provided details yet.
Re: (Score:2)
He tried to reproduce it and had problems? The summary of the problem made it seem like all svchost.exe's would get deleted no matter what.
I wonder what sort of specific conditions had to be met? Not that I like coming to the defense of McAfee... But has this been overblown?
Re: (Score:2)
He tried to reproduce it and had problems? The summary of the problem made it seem like all svchost.exe's would get deleted no matter what.
I wonder what sort of specific conditions had to be met? Not that I like coming to the defense of McAfee... But has this been overblown?
We were hit by this but I called the guy who manages the AV server and told him to halt any updates and roll back to 5957. Only about 15 systems were hit with it, but none of them had SVCHOST deleted. I was able to isolate one and it was fine since we didn't have the "scan process" enabled. Here is an e-mail I sent to my department:
1. It was on 5958, but everything was running fine.
2. Since I knew there was a fix, I ran an on-demand scan.
3. McAfee picked up SVCHOST.EXE as a virus, and it tried to delete it but the clean failed.
4. Since the clean failed, all I had to do was manually run SVCHOST.EXE from the command line, force an update by right-clicking on the McAfee icon in the systray, and reboot. I ran another memory scan and there were no red flags.
And for this:
I wonder what sort of specific conditions had to be met? Not that I like coming to the defense of McAfee... But has this been overblown?
Specific conditions had to be met, but they were broad. The following were necessary:
- Windows XP SP3
- Real-time Scanning Enabled
- Definitions version 5958
Re: (Score:2)
Re: (Score:2)
You had to be running versions 8.7 or 8.9 it seems to be affected. 8.0 or 8.5 did not exhibit this problem, even if the virus definitions were updated to 5958.
It wouldn't surprise me if the enterprise rollouts of McAfee often used 8.5 (released in Nov 2006) rather than 8.7 (released in Sep 2008) or newer.
Re: (Score:2)
Presumably at least a few enterprise customers have enough brains to internally test updates before rolling them out. I expect McAfee doesn't consider those customers "affected".
Re: (Score:2)
Everyone that received the patch running XP SP3, yes. However, where I work, they download the patches in the morning and deploy them later on in the evening. So yes, there is a window of attack there, but it saved us from having to go through every SP3 machine and copying the deleted OS file. Basically, everyone else that gets the patches instantly are 'our' guinea pigs.
Re: (Score:2)
It also affected W2K3 servers.
Really? (Score:3)
A chain of supermarkets close down, and they only lose thousands
of dollars? Really? I would expect that figure to be a lot higher than that for a single store... Think about all the fresh produce that'll go bad (that have daily deliveries). Think of the power usage (lights, refrigerators). And that's assuming that they aren't paying any of their employees while the store is closed. I'd imagine the loss would be on the order of tens of thousands of dollars per store. Not thousands of dollars across all of the stores...
Re:Really? (Score:5, Funny)
Re: (Score:2)
Re: (Score:3, Interesting)
Nah - this is Coles. That'd be one of the "big two" Australian grocery retailers, with thousands of stores nationwide. I expect that 'loss of thousands of dollars' was many, many thousands (either that or it only affected a very small number of stores for a very small time before getting fixed).
Actually I used to work at Coles (it was my first job!). Our store was the smallest one in the state but still had revenue of ~$300,000 a day...
Re: (Score:2)
And what about the IT costs? I guarantee you, there is now an effort underway in all major businesses to (1) test new anti-virus patches before rolling them out, (2) re-review all anti-virus software being used, (3) developing and testing mitigation plans for another failure. All of this is VERY expensive.
Here's another example: Airlines shut d
Re: (Score:2)
At least one of our customers were affected as they run our point of sale software on XP Pro SP3 and used McAffee as their anti-virus. That was the IT environment they chose, we told them we prefer OSX as our first choice/Linux as second choice, but they already had a previous POS solution deployed on Windows.
They've requested price quotes on the OSX and Linux hardware solutions.
I'm still wondering ... (Score:5, Insightful)
... why they didn't test the new dat file against Windows system files.
Seriously, we pay them a LOT of money for their product licenses and they cannot even test against known system files?
No, not possible. (Score:2)
There's no magic here. They have a signature that matches a specific version of svchost.exe.
They did not test the scan engine with that dat against that version of the file.
That's all it is.
Re: (Score:2, Funny)
Re: (Score:2)
The machines which had not crashed were the machines that had not scanned svchost.exe yet. The problem still wouldn't have happened if they tested against svchost.
Re: (Score:3, Insightful)
I wonder (Score:3, Interesting)
...If McAfee has a clause in their EULA somewhere that limits their responsibility, and should that be the case, if it is legally enforcable.
Maybe someone with access to said EULA could look it up?
Microsoft once pushed their accountability as a selling point for the Windows Server platform against Linux, if I recall well -- however their maximum responsibility was something like 50$. I wonder what is McAfee's stance in this regard.
Re: (Score:2)
By the time you are dealing with large enterprise customers, you aren't dealing in EULAs anymore, you're dealing in negotiated contracts where the legal department of each company goes over each and every clause in the contract.
I was talking with some of our IT folks as this unfolded (as my work machine was one of the ones affected) apparently after we were bitten badly by a vendor bug a few years ago, we re-negotiated with most of our software vendors. Our contracts now include penalty clauses for this sor
Re: (Score:2)
I think they would still have a case even with that EULA. A victory for McAfee in the courts would set an incredibly bad precedent.
My employer dodged a bullet on this one. (Score:2)
Everything here is windows xp sp3 with McAfee installed.
Fortunately for us, all software updates are filtered through and managed by an internal server due to security restrictions on some of the work we do for the government.
Re: (Score:2)
all software updates are filtered through and managed by an internal server due to security restrictions on some of the work we do for the government.
And this is a perfect example of why an internal server to distribute updates is a Good Thing(TM). Hey, the government got something right!
Re: (Score:2)
Hey, the government got something right!
Whoa there, pardner! Before jumping to any wild conclusions, re-read what he said.
...on some of the work we do for the government.
That most likely means contractor, not actual government employee.
The gov't didn't do something right. The world is not going to end. Moped Jesus was not spotted on I-55 heading west.
Re: (Score:2)
Necessary Evil (Score:2, Interesting)
Re: (Score:2)
In the many millions of dollars... (Score:2)
Heck I was at a small IT security trade event yesterday and like a quarter of the attendees had to cancel because they were dealing with the aftermath...
McAfee had almost a 50% corporate AV market share, and nearly all of those companies still run many XP SP3 boxes. If 10% pulled the DAT before it was yanked, that's a metric buttload of machines...
My estimate (Score:2)
Is that it would only take 1 oil and gas company who usually handles Million Dollar deals. Lets see.
International Corporation... Lets say 3000+ Employees... lets say just half the company goes down. Rule of thumb is 1 IT guy for every 100 computers (but we all know thats in a perfect world).
So, the simplest way to get out of downtime is to go into safe mode and disable the Antivirus, right? Lets say it takes on average 5 minutes to walk to each machine and preform the steps. 500 minutes, or 8.3repeating hou
Re: (Score:2)
Chances are this will put McAfee out of business for more than a day, so I guess it all balances out.
Re: (Score:2)
Re:Testing before deploying? (Score:4, Insightful)
I know assumptions are bad, but is it really that big a stretch to assume the vendor tests their updates on their supported platforms?
It's not like these were weird corner-cases.
Re: (Score:2)
I'm not a windows administrator. I'm on the sidelines.
So you can take your flawed logic and shove it right back up your ass, AC.
Re: (Score:2)
i've been using Winders since the mid 1990's along with AV software. I have never seen an issue where a definition update has caused something like this. i've seen plenty of times where you can't run an old version on a new OS or issues with games or some software. but letting something out like this into the wild just shows that there was no testing done just to make sure it's OK
AV on POS computer?? (Score:5, Insightful)
I feel sorry for that super market chain but: wtf is AV doing on a POS computer?
POS should be a dedicated computer, running one and only one application (the POS software), on a thoroughly shielded LAN, talking to only a centralised server (or small network of servers if one is not enough) that collects the sales data and distributes prices etc. That server should itself be connected only to the POS network and a corporate LAN. In other words: no direct access out of the Internet, no web browsing, no local storage of any data files, no downloading, nothing that could have the most remote risk of a virus.
Or am I missing something here?
Re:AV on POS computer?? (Score:4, Funny)
That it was in Australia?
Re:AV on POS computer?? (Score:4, Funny)
wtf is AV doing on a POS computer?
This setup also seems somewhat redundant, since McAfee's AV itself is a POS.
Exactly what I was thinking (Score:3, Informative)
McAfee must have had a really good sales guy to convince a Project manager that the POS machines needed AV, either that or who ever developed the POS machines didn't decide to secure them with Enhanced Write Filter, SteadyState, DeepFreeze or some other disk write protection so every time the machine is rebooted it loses all its write cache.
Even though it is Windows, there is absolutely no need for AV when the application is so limited.
Sorry. PCI Rears its ugly head again. (Score:5, Informative)
Even though it is Windows, there is absolutely no technical need for AV when the application is so limited.
Fixed that. I am afraid that the Payment Card Industry (PCI) differs from your opinion.* In their infinite wisdom**, PCI has decreed that ALL computers need to be running AV. After, all, if it is good for the desktop, it must be good for the servers, right? And since a virus can be spread from anywhere to anywhere, all computers need to have their own protection.
I know it seems silly, but many of the PCI Audit Drones actually believe this. I spent hours trying to convince an auditor that we did not need AV on a Linux server that cannot accept email and has no internet connection. If the PCI Audit Drone finds a computer without AV, you fail the PCI Audit. If you fail the Audit, you get marked as failing on a public web site. If you fail enough times, you lose your ability to accept credit cards. So the need to have AV on a POS is there, it is just not a technical need.
*Reality
**For very, very small values of infinite
Re: (Score:2, Insightful)
However, when you have 200,000+ POS machines, management wants an AV.
I hate McAfee, I hate using a AV instead of isolating a machine from removable media and the Internet. I hate spending money on AV when we could use it on something else. But when a franchise manager on the other side of the world lets one of his employees use the wifi or a printer or something, I'm glad there's an AV to protect my ass. Even though there shouldn't be a way the POS machines get a virus, the AV is kind of like ca
Re: (Score:2)
the AV is kind of like car insurance: It protects you from accidents
Since when does insurance protect you from accidents? It only compensates you when an accident happened already. If you want to have a car analogy then you should compare AV with seat belts or air bags, that are prevention measures.
Re: (Score:2)
Re: (Score:2)
Most small businesses that are service related have at least one Point Of Sale machine up front at their physical store, but the person operating it is also the person who makes appointments, so they just about have to be able to bring up a scheduler and appointment manager. A separate terminal for appointments is a serious cost, as would be keeping separate people to operate it, or training across skill sets (your cosmetologist or hair stylist or auto mechanic now needs to be trained to schedule appointmen
Re: (Score:2, Interesting)
Re: (Score:2)
> Or am I missing something here?
Slavish adherence to corporate IT policies which require AV software on any system which can run it?
c.
Re: (Score:2)
You're missing nothing except one minor point: no POS system - or anything else in the chain - should be running Windows. This should be a non-issue. My advice to the Australian grocery chain is to fire whomever in the IT department thought this was a reasonable idea.
Re: (Score:3, Insightful)
LoB
Re: (Score:2)
It's required by PCI-DSS. Anything that is touching Credit Card data has to be running AV. Our e-commerce servers run on FreeBSD. Guess what, they're running ClamAV. Not because there are viruses for FreeBSD, but it's a PCI requirement.
Re: (Score:2)
It is generally accepted practice that windows systems _require_ av, wether it does much good or not is highly debatable (i do a lot of incident response work - ie identifying the source of a breakin, and every system that i get to investigate has some kind of av installed slowing it down)... Infact, i have often had people complain about linux or mac systems without av installed. It's very hard to fight against "standard practices" even when those practices are blatantly flawed.
Ideally such devices wouldn'
Which is more harmful? (Score:5, Funny)
McAfee or being part of a botnet?
Re: (Score:2)
What, no Cowboy Neal option?
Re: (Score:2)
All your svchost belong to us.
Re: (Score:2)
Depends, do you host scientology websites?
Getting real about things here (Score:5, Interesting)
First, McAfee blew this big time, that such a bug made it to production shows a complete breakdown in their internal processes. XP with SP3 is the number one OS combination in enterprise environments, and should have been the first thing that they tested on. Without doubt McAfee has liability on this and needs to get aggressive about damage control with clients.
That being said, every one of these clients that was hit by this is just as guilty as McAfee is! They are in no better shape and those responsible need to be going management review for their failure. Enterprise Management 101 - nothing goes into production that has not been tested in a lab for pre-pilot and a small group of production computers for pilot! This is as basic as enterprise management gets. Every single environment that was taken down by this shows professional incompetence by their requisite IT departments.
The only question is if it is the fault of management for failing to allow the budget and support needed for a lab for testing or if it is the fault of the IT staffer who never tested things as they should. This is without doubt one of the most public examples of IT incompetence to make the news in years. This is a case of sheer and utter incompetence by every affected party and no pity should be given. If pity were to be given, give it to the poor desktop techs that have to go around making apologies and manual fixes for everything.
Re:Getting real about things here (Score:5, Informative)
As a matter of fact I do expect that. I have designed and set up processes for patch management, software distribution and similar testing for large enterprise environments for years. I have done so everywhere from very large financial institutions to health-care and government. The fact that you need to test daily does not change any principal of what I have said. For any enterprise not to have a dedicated lab to do exactly this kind of testing, or ever worse, not to to use it is sheer and utter incompetence.
In no case should an automated update for an environment ever be released into production without testing. Even Microsoft gets this point and allows you to disable automatic patching to ensure that proper testing can be conducted. I'm not trying to sound harsh, but in all seriousness if you can't learn why testing /every/ production change is necessary from this debacle, than you do not belong in enterprise management. It really is that simple.
Re: (Score:2)
How much is your organizations downtime worth? When you have a computer go down, how much is the downtime for computer per hour? If that computer is in a factory your downtime could easily be in the ten's of thousands of dollars per hour. How much is your downtime for a financial computer worth? How much money does your call center lose per hour for downtime? Perhaps you don't care about how much money your company loses for downtime, but you might care about the workers who can no longer perform their job
Made quite a mess of some college networks, too. (Score:5, Interesting)
I am sure they "forgot" to count third party AV. (Score:2, Interesting)
Oblig. xkcd (Score:5, Insightful)
Damage Limitation (Score:3, Informative)
"McAfee Interwebs Secrutiny has detected that your outgoing mail to customerservices@mcafee.com, subject "You f**king idiotic t**tballs of a son of a ****** in the ******** with a hatstand!!!!" has been detected as Offensive Spam and will be deleted. Thank you for Trusting in McAfee! [TM]"
On a more serious note, I ran into a few small shops that were badly hit, but most of the people I know who work in the enterprise have a time delay before the updates hit the machines, which is usually a hangover from the last time $av_vendor bollocksed up an update.
Personally, I'm still a believer in most AV's being worse that the viruses themselves, and don't run any on my windows boxes - I don't think I've used a single one that hasn't fucked up at some point. Most of my colleagues feel the same way (and, IMHO, by the time it's hit your filesystem and you have that 20% chance of the AV detecting it, it's already too late anyway) and the only reason we run it at work is because of compliance issues... that and the majority of machines being a poorly patched IE6. Yay!
Compensate customers? (Score:2, Funny)
Poll? Opinion piece??? This is fucking America. Spare me the nonsense, show me the lawyers.
what it did to my 11'000 computers (Score:4, Informative)
we have 11K computers
only XP SP3 computers were impacted
whether running Virus Scan 8.7 or 8.5
but in fact less than 100 computers were impacted,
1% compared to our total
one thing that helped
was employees had started to leave after work when update propagated
and they shutdown computer when they leave
it could have been a nightmare
we were very lucky
Re:what it did to my 11'000 computers (Score:5, Funny)
who the
fuck taught you to
type? your
line spacing is the
strangest thing i've ever seen and
your reluctance to use punctuation and the
shift key (except for one comma that
snuck through) boggles the
mind
Re: (Score:2)
This Is Just To Say
by William Carlos Williams
I have eaten
the plums
that were in
the icebox
and which
you were probably
saving
for breakfast
Forgive me
they were delicious
so sweet
and so cold
Worse than the disease? (Score:3, Insightful)
When was the last virus outbreak that caused this much damage?
Damages? (Score:2)
New TV AD (Score:2)
Re: (Score:2, Funny)
Re:McAfee (Score:5, Funny)
I, too, not run Avast Home. Me switch to MS Security Essentials.
Re: (Score:2)
This was hardly the fault of Windows.
100% third-party problem, here... troll.
Not Windows' fault, but still its problem... (Score:4, Informative)
( Title after the VirtualDUB developer's excellent post entitled "Just because it is not your fault does not mean it is not your problem"; http://www.virtualdub.org/blog/pivot/entry.php?id=245 [virtualdub.org] )
Here's the thing.. it's not Windows' fault that some random program deletes svchost.exe , just as it isn't Windows' fault that any app or user can delete ntldr (e.g. a badly designed uninstaller).
But it -is- a Windows problem because without those, it won't start up. So why is Windows even allowing these files to be deleted?
I can't delete by hiberfil.sys even though all it is, is pre-allocated space for the hibernation functionality. If I deleted it, nothing would be lost, and upon hibernation it could re-allocate the required space or tell the user the drive is too full and they're SOL. But no - I simply can't delete it. But I -can- delete vital system files.
So, no.. it's not Windows' fault that McAfee's virus scanner deleted the file. It -is- Windows' problem that they -can- in the first place.
I realize that sometimes there may be a need for a 3rd party application to modify a system file - however rare - but then provide this through a proper mechanism that backs up the original and deletes/replaces on reboot only, with the option to deny the change on boot-up. ( System Restore points only go so far as you'll need the Windows CD/DVD in order to get to the restore utility if you can't boot into Windows anymore. It's also an overly complex solution to the simple problem of renaming files on bootup. )
Re: (Score:2)
The whole point of an antivirus solution is to remove viruses. Viruses can get in deep (and even above) the OS - so to function they require the access they have.
Sure, other programs don't need the access... I'll take your point here on this condition.
Don't take me as an apologist though. I'm a Windows hater. I just don't like it when people point blame completely on someone who isn't (in the indicated case) wholly at fault.
Fun to bash, but.. (Score:2)
a) Windows has serious flaws that exacerbate the problem (only recently did they get something roughly sudo like that is still laughably trivial to bypass, and even then poor third-party implementations that haven't grown out of the Win9x days further torture things), nothing short of disciplined users can do anything to get rid of anti-virus market. So long as a user is actually allowed to execute what they want on a system, some stupid thing will convince them to execute it, and damage/manipulate any dat
Re: (Score:2)
> So long as a user is actually allowed to execute what they want on a system
BTW, who even thought that was a good idea? Corporate users get a PC for a purpose, and all required applications should be provided. And even if not, a white list should cover 99% of all required software.
Of course as a user I know that things are not that simple. If the only provided browser is IE6 (actually IE7 since recently), Java, Flash, Acrobat, Quicktime and WinZip are all outdated, and the command line is disabled, then
Re: (Score:2)
software running without admin/root priviledges CANNOT break havoc in anything but the user account
If that user account is a POS terminal communicating credit card information to banks, controlling it could be just as bad as gaining root access.
Re: (Score:2)
Try telling that to the PCI-DSS folks (Payment Card Industry, aka if you're running E-Commerce/Point of Sale/anything that touches credit card data). They make running anti-virus part of the requirement REGARDLESS of OS. Running on OSX, Linux, or FreeBSD? Doesn't matter. You still HAVE to run AV software on each terminal that touches credit card data.
Re: (Score:2)
there's no need to run an anti-virus
Only if the user isn't prone to open random attachments which may be executable (experience shows that that this doesn't hold). So long as he does, then you need AV software on any OS.
a third-party party software does NOT need to know the admin/root password to do its job
This has been the case since Windows NT. The key part that you've missed is "well-writte third-party software". Most Windows software was not, historically, well-written in that respect, largely because the primary platform was Win 9x, which didn't have the notion of user accounts to begin with.
Nonetheless, pretty much all sof
Re: (Score:2)
So if McAfee (and the security industry on