After last week's McAfee false-positive fiasco, the company has promised to reimburse affected users. Or, at least, some of them. Probably not you, anyway. Still, they're very sorry. Very very sorry indeed. In IT Blogwatch, bloggers study the fine print.
Your humble blogwatcher selected these bloggy morsels for your enjoyment. Not to mention it's Wally's fault...
John Oates sends this quick update:
An update ... issued by McAfee last week falsely labelled part of ... Windows ... as a virus.
If you have already spent money on fixing your machine then McAfee said it was "committed to reimbursing reasonable expenses". Details ... will be posted here, in the next few days. MORE
John Lister expands:
The key word there is “reasonable”: the company will almost certainly take a case-by-case approach rather than have a blanket policy. ... The compensation will go beyond refunds and may cover some of the resulting repair or replacement costs.
The refund and compensation offers are specifically listed as being for “Home and Home Office Consumers”. The fallout among business users could be far more significant, and it’s probably understandable that McAfee isn’t making any promises in that regard. MORE
McAfee CEO David DeWalt eats humble pie:
We deeply regret the impact this may have had on you. ... Even among the vast majority of customers who did not experience operating disruptions, the mere possibility created an unwelcome distraction. ... We are continuing to work diligently until we are sure that every last user node among each and every one of our customers is back in action. ... Our sincere apologies.
Our next and equally important priority is ... to make sure this never happens again. ... We sincerely apologize. ... We will work hard to restore and continue earning your full confidence in our company, our products and our brand. MORE
Leigh Goessl sounds sympathetic:
McAfee staff worked around the clock to fix the problem that led to ... a continuous reboot cycle. ... In other instances the dreaded blue screen appeared and ... rendered systems completely down and unusable.
To date McAfee has not explained how the defective update went into release and many customers are still pretty angry and suffering the fallout from this disruption. MORE
Larry Seltzer asks the questions:
You might well ask what McAfee is doing scanning Windows system binaries. ... I know I did. ... McAfee scanned the file because the false positive occurred in a memory scan of the svchost.exe process; this caused it to flag the file.
Other vendors are spouting off about this, and some of the talk is misleading or distasteful. ... There is a lot to be said for [another vendor's] approach, but to imply that they are immune from false positives due to programmer or testing error is just plain dishonest. ... Business is business I guess. MORE
Seth Rosenblatt rages against the MFE machine:
I recommend that you look elsewhere for your computer's security. ... corporations should be accountable for their actions, and users have choices. In the security realm, there are at least a dozen top-shelf paid and free security suites. Choose any one of them.
I say all this in light of the fact that McAfee's consumer security suite has made some impressive improvements this year. ... [But] McAfee's ... plan to reimburse home users ... doesn't excuse the incredible spread of damage that the update caused in the first place, nor the tone-deaf handling of the situation. MORE
But John E. Dunn is more forgiving:
At least be fair. McAfee is far from the first antivirus vendor to have screwed up in this way. ... The best example is probably the 2008 incident when AVG’s antivirus software took against the user32.dll file. ... The argument, then as now, was how many people had been affected.
Rather than blame McAfee, perhaps we should be blaming the incredible complexity of the current antivirus software model. ... [It] is failing us, not because it gives false positives, which are pretty rare on the whole, but because it simply doesn’t spot all the malware out there. ... The odd false positive looks inevitable ... unless we adopt a whitelisting approach to apps that would of course be extremely constricting. MORE
Don't miss out on IT Blogwatch:
Richi Jennings is an independent analyst/consultant, specializing in blogging, email, and security. A cross-functional IT geek since 1985, you can follow him as @richi on Twitter, pretend to be richij's friend on Facebook, or just use good old email: email@example.com. You can also read Richi's full profile and disclosure of his industry affiliations.
This story, "McAfee Tries to Make Amends for Update Fiasco" was originally published by Computerworld.