McAfee Error: Little Relief in Sight?

McAfee is scrambling to undo the damage done by a faulty antivirus update that brought down Windows XP computers around the world, but the situation looks grim according to other vendors.

Amrit Williams, CTO of security management system company Big Fix, told USA Today that there's no way to automate the process of fixing affected computers. Every machine will need to be repaired individually, he said, noting the process could take days or weeks.

McAfee's antivirus upgrade causes computers running Windows XP Service Pack 3 to shut down within a minute of starting up. The problem was caused by virus definition file 5958, which quarantined svchost.exe, a vital system file. McAfee says the update only hit 0.5 percent of its customers' computers, but the damage is widespread, hitting hospitals and municipal services along with countless companies large and small. There's a significant backlash on Twitter.

Few of McAfee's competitors are willing to rub salt in the wounds, though. Mel Morris, chief executive at Prevx, told SC Magazine that false positives like the one plaguing McAfee will continue to escalate over time, as malware makers aim to mimic core operating system components.

Ashar Aziz, founder and CEO of network security firm FireEye, told USA Today that the signature-based approach to virus scanning, which identifies malicious files based on hash marks or algorithms, is "broken." He said that anti-virus software can't keep up with the tens of thousands of threats generated every day.

As for the current problems for McAfee customers, there are a couple things to watch out for: Graham Cluley, senior technology consultant for Sophos, noted to SC Magazine that hackers are taking advantage of the situation by putting malicious content on search engine-optimized Web pages, so when people hunt for a fix with Google or Bing, they could wind up on a page that does more damage (see this McAfee blog post for the proper solutions).

Peter Schlampp, vice president of marketing and product management for computer forensics firm Solera Networks, warned that McAfee's bad update could haunt networks for days, weeks, or months to come. Without a full network diagnostics (which, of course, Solera provides), any computers that downloaded the update but aren't used on a daily basis could surprise technicians down the line, he said.

Calls and messages to four McAfee representatives were not immediately returned Thursday morning.

Subscribe to the Security Watch Newsletter

Comments