![]() The setting Price referred to, "Scan Processes on enable," is off by default in most installations of VirusScan 8.7.īut not all. ![]() "I've not seen any reports from customers who had left this setting disabled," said Samantha Price, a manager of McAfee's global threat response team, in a message on the firm's support forum for VirusScan Enterprise. If you're running an older version, including the earlier Enterprise 8.5, you were in the clear.Ī McAfee manager shed some additional light on why some Windows XP SP3 systems were clobbered, while others kept on running. Only machines running VirusScan 8.7 were affected, users reported and McAfee confirmed. Why were only some crippled? Good question. There are, however, scattered reports on the McAfee support forum of Vista machines also going down. McAfee also said even older editions - such as Windows 98 - were unaffected. Other version of Windows XP, including SP1 and SP2, were not nailed by the update, nor were systems running Windows 2000, Vista, Windows 7, Windows Server 2003 and Windows Server 2008. What machines were affected? Only PCs running Windows XP Service Pack 3 (SP3), says McAfee. Most also lost all network capability, and some were unable to "see" USB drives, a major problem since recovery may require the reinstallation of svchost.exe, something that could be done more easily by walking a flash drive from one crippled computer to the next. When users applied the update, then rebooted, they were toast: The machines crashed and rebooted repeatedly. Why did the PCs crash and burn after getting the bad update? Without svchost.exe - a generic host process for services that run from other Windows DLLs (dynamic link libraries) - a Windows PC won't boot properly. Think of the snafu as if the police pinned a crime on a suspect based on flawed DNA testing, only to find out they'd got the wrong guy. In some cases, the update actually deleted the file. ![]() Instead, it went rogue, wrongly fingered the critical "svchost.exe" file in Windows XP Service Pack 3 (SP3) as malware, and then quarantined it by removing it from its normal location. Wednesday's update - McAfee pushes daily updates to its corporate customers - was meant to detect and destroy a relatively minor threat, the "W32/wecorl.a" virus. I'm still hoping to get confirmation from Intel, where at least one anonymous source says "tens of thousands of PCs" were hit.Ī report from Australia says 10% of the cash registers at the country's largest supermarket chain were knocked out, forcing the closure of 14-18 stores.What happened? Short answer: McAfee screwed up. Unfortunately, using this method, you have no way to determine if some of the files you are restoring are vital system files or virus files. All users had at least two and some had up to 15. You must boot to safe mode, then installl the extra.dat, then manually run the vscan console. This issue affected a large number of users and is not resolved by simply replacing svchost.exe. company says that "hundreds of users" in his organization were impacted: Moving clients to something with more centralized control ASAP."Ī report from a university IT pro says 1200 PCs on his network were knocked out.Īnother e-mail from an IT pro at a large U.S. Horrible clean up too as no network access. ![]() One correspondent says he just fixed over 300 PCs: "Looked so much like Blaster from way back. Update: I'm beginning to hear directly from people who were affected by this coloassal screw-up. If you've been affected by this issue, leave a comment in the Talkback section, I'll add further details as I come across them. It's the second major security headache for Intel in six months, following a widely publicized breach of its systems in China around New Year's. (Intel acknowledged the " recent and sophisticated incident occurred in January 2010" in its 10-K report filed with the SEC earlier this year.) Ironically, one company that was apparently affected by this issue is Intel, which was identified by the New York Times. When a company as large as McAfee is this sloppy with its public response to a high-profile issue, it makes you wonder how tightly the engineering, development, and support sides of the business are being operated. ![]() Security is serious business, and details matter. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |