back to article McAfee false-positive glitch fells PCs worldwide

IT admins across the globe are letting out a collective groan after servers and PCs running McAfee VirusScan were brought down when the anti-virus program attacked their core system files. In some cases, this caused the machines to display the dreaded blue screen of death. Details are still coming in, but forums here and here …


This topic is closed for new posts.


  1. Henry 9

    How long does it take some people to learn?

    McAffee has been a terrible product for many years. Any professional IT support person should have learned that years ago. Any professional IT support people using McAffee products in business should be fired for incompetence.

  2. Jeremy Chappell

    Worse than the disease!

    Great, what a truly epic fail. You run AntiVirus software to protect your computer, and it does the exact opposite. We've successfully created a giant monoculture (with Windows) and now we're creating them with single choices of AntiVirus. I guess the logical (though damn annoying) conclusion is: "don't put the same AntiVirus on all your machines".

    Of course, you could probably extend this advice to applications...

    Maybe scatter a few Macs here and there?

  3. jake Silver badge

    @Jeremy Chappell

    "I guess the logical (though damn annoying) conclusion is: "don't put the same AntiVirus on all your machines"."

    Nah. The real answer is to turn off automatic updates. The IT staff should test anything that goes onto corporate computers BEFORE rolling it out to the masses. Home users with a clue (yeah, yeah, yeah, I know, no need to yell!) should check IT news before updating.

    That's not to excuse McAfee from proper testing before rolling out av.dat updates.

    And of course, the real answer is to run secure-by-design software in corporate environments. Home users are on their own, by definition.

    Agree on scattering a few Macs here & there. Maybe more than a few.

  4. Anonymous Coward
    Thumb Up

    There are alternatives to Microsoft...

    the obvious one is Ubuntu, but PC-BSD is great as is DesktopBSD. The latter needs more programmers on board to keep it alive and it is a very worthwhile product.

    It's sad that one OS can be so dominant that problems like this are just accepted. You have to have an AV to run on a "professionaly" written OS and the apps for it are so bloated as to be barely functional under any load and require new hardware every, what?, 3 years just to remain functional.

    The IT community can do little as it's management that decide what is purchased.

    Thumbs up for McAffee helping to prove that Windows OS is unsustainable.

    Anonymous because I may have to work with that crap OS server side.

  5. Sitaram Chamarty

    very happy to hear this

    I am tired of people switching to open source because of the "economic climate". I keep telling them cost is only the third reason to switch to Linux etc., and that security and reliability are the first two reasons.

    So this feels good. "Schadenfreude" is too mild to describe what I'm feeling Maybe "gleeful". Even "gloating" :-) I hope this happens in larger enterprises, and I hope it somehow magically doesn't happen when they test in the IT department before pushing it out to 20,000 desktops :-)

    And @Henry9: you may well be right but the real problem is the need for AV in the first place. Ask yourself where that came from

  6. John Doe 1
    Thumb Down

    Epic FAIL...

    ...was McAfee's response -- just take a look at user pk02137's post at the McAfee support forums:

    Pretty good story there; over 8,000 desktops and 150 servers. Ouch. These things do happen, but McAfee's response could have had been better. Much better.

  7. Darryl Parvin


    Strikes again! And when it isn't destroying your system, it's setting the Guinness Book Of Records fastest time for getting compromised by a rootkit and/or trojan. It's sole benefit is ... er... none really.

  8. Darryl Parvin
    Thumb Up


    "Any professional IT support people using McAffee products in business should be fired for incompetence."

    I agree... Goldman Sachs uses it globally, so there you go. The Indian phone helpdesk insisted my flatmate download it onto my... MY laptop when she rang them up for remote access. They didn't bother asking whose machine it was, of course. And GS does use the older engine too (cheap bastards), so it would've shoncked my laptop into the BSOD. Lucky I stopped her in time otherwise...

  9. Anonymous Coward
    Black Helicopters

    Cybersecurity - Diversity

    The are massive risks of catastrophic failure with any system monoculture. Those leading the cybersecurity initiatives recently announced by the US and UK governments are well advised to reflect on this.

    A level of diversity in hardware/software platforms and security solutions must be encouraged and preserved. In a cyberwar, system diversity will limit the effects of friendly fire and vastly reduce the weak opponent's chances of carrying out a "cyberspace spectacular".

    Black Helicopter: because it's cyber-relevant. A complete formation of black helicopters would be more appropriate.

  10. Joe H.

    5301 engine doing just fine on boxen with DAT 5664

    Apparently this is only affecting folks on the 5100 engine. Official support has ended for 5100.

    Could McAfee have bothered to test the DAT 5664 with a few boxen running the 5100 engine before forcing it out the door as a sort of a quality assurance initiative? If, and when, they found *something bad*, perhaps a delay in the release whilst sending out stern reminders? For the sake of their own CYA for instance.

    That sort of fluff markets to the paying masses better than crippling the systems of anyone who hasn't had a chance to roll out the new engine due to the labors of change control scheduling.

    Unfortunately, it appears that lots of folks were running 5100, and on *big* *important* servers no less.

    We need a horror story thread here, methinks.

  11. mechBgon

    Not their first epic fail, either

    I remember when VirusScan Enterprise false-positived on excel.exe back in 2006, and deleted everyone's Excel executables on our fleet. Fortunately, Office had been installed from an Administrative Installation Point, so it repaired itself on-the-fly.

  12. gollux


    Day off for everyone else while the IT department gets its rear handed to it on a platter for choosing the product.

  13. Anonymous Coward
    Anonymous Coward

    @Henry 9

    "Any professional IT support people using McAffee products in business should be fired for incompetence."

    If the "professional IT support people" made the choice to use it yes. But I've had to deal with crap software bought by some pointy haired boss because it came with a free plasma TV (delivered to his house). When word somehow leaked there was a major shit storm. Not over wasting a pile of cash on software that didn't work, but over who should get the TV...

  14. This post has been deleted by its author

  15. Anonymous Coward
    Anonymous Coward

    McAfee should be held accountable

    If you're going to sell a product, you should be held accountable for damage inflicted by a defective product. That applies to McAfee, Microsucks and everyone else.

    FWIW, McAfee does sell some anti-software to support O/Ss that other companies such as Symantec/Norton do not support, so system admins may be using McAfee because there is little other option.

  16. Max Watson

    System Rollback

    Windows PCs should be able to perform a System Restore via booting from a Windows install CD. This should undo the actions of the anti-virus program and may even reverse updates to the virus definitions.

  17. Robert E A Harvey
    Gates Horns

    @ Max Watson

    Last time I did a system restore from a windows boot disk it rolled back SP3, 2, 1 and all the security updates. It took a couple of days to get the machine anything like working safely.

    I own two paid-for backup systems that will make a bootable recovery disk from the current image. Because of anti-piracy both require the windows boot disk to be inserted before they start. On my older machines they reject it as counterfeit.

    I have been using Suse since 8.2, and am currently migrating everything to either Suse 11 or Ubuntu and will never, ever, build or buy another windows computer.

  18. Anonymous Coward
    Anonymous Coward

    So Linux as usual is the answer to all problems - Not

    I can see from several comments, that this would never happen to a open-source machine

    Opps! talk about shooting your own foot.

  19. Anonymous Coward
    Anonymous Coward

    Ah, the good old days!

    I can remember the time when a 20Mb hard disk was huge and McAcfee was the virus hunter of choice in the DOS world.

    For the last ten years and most probably the foreseeable future my belief has been that I wouldn't touch it with a barge pole. I say sack those responsible for allowing this horrendous creature on unfortunate victims PCs. How many times does this have to happen?

  20. Tom Knapen
    IT Angle


    But computers running windows are cheap, eh? Anyone know whether these massive productivity losses happening about once a year are factored into the total cost of ownership of a device?

    Boy, that would give Linux and Macs a boost..

  21. finnbarr

    @Henry 9

    "Any professional IT support people using McAffee products in business should be fired for incompetence."

    I have to agree with the previous poster.

    It isn't the IT staff who choose crapware like this. It's some moronic manager who hasn't got the faintest clue.

    However, it *is* the IT staff who have to take the brunt of it when it fails.

  22. Anonymous Coward

    Ubuntu may have other problems

    But certainly not this one. Happy to write this from my Acer Aspire A150 running Ubuntu 9.04

    And yes, I completely agree with the poster about diversity. At work everything we have is Windows, and while we are not running McAfee, we're standardized on a single AV vendor on something like 12000 workstations and 1500 servers.

    A snafu of this caliber will literally stop the company on its knees. But everybody is happy with this situation.

  23. Yes Me Silver badge

    AVG too

    AVG seems to have developed an allergy to a two-year-old exe for NetStat this morning. I guess the signature method of identifying trojans is reaching its sell-by date. Too many trojans = too many signatures = too high a chance of matching legitimate binaries.

    Back to drawing board please.

  24. jake Silver badge


    "I can see from several comments, that this would never happen to a open-source machine"

    Uh ... no. FOSS isn't inherently secure.

    However, this would never happen to a secure-by-design system.

    Learn the difference. It's kind of important.

  25. jake Silver badge

    AC 07:03 concatenating history?

    "I can remember the time when a 20Mb hard disk was huge and McAcfee was the virus hunter of choice in the DOS world."

    Somehow, my version of history doesn't match yours. Maybe it's me ...

  26. Anonymous Coward
    Big Brother


    Sounds like some disgruntled employee's last day at McAfee and they turned it trojan! I use a Mac and it hosts any virtualised XP sessions I need to run.

  27. slack
    Gates Horns

    @Max Watson

    "Windows PCs should be able to perform a System Restore via booting from a Windows install CD."

    Whilst that may be true can you imagine the hassle and expense that will cause an organisation like the one above with 8,000 affected machines going into a holiday weekend (in the USA)?

    Heads should roll at McAfee over this cock-up.

    /Gates, coz it's all his fault really

  28. Mage Silver badge


    All AV is worse than the disease.

    Money invested in training, mail servers that eat executables, decent firewalls and email clients that won't load remote images, activeX or remote HTML or run java etc.. Block all emails with executables.

  29. system

    RE: There are alternatives to Microsoft...

    "It's sad that one OS can be so dominant that problems like this are just accepted. You have to have an AV to run on a "professionaly" written OS"

    Take the sort of windows users who need antivirus every day to save them. Running as root, opening and running email attachments from strangers, accepting and running any file that supposedly comes from a friends message client and absolutely clueless about source code. Do you really believe they will be any better off with *nix? Under those conditions, I fail to see how nix could perform any better. It might actually do worse, as certain people who should know better tell nix noobs that they don't need antivirus and other stuff.

    Replacing the entire operating system to solve an issue with one app for little to no other benefit is not professionalism, it's just fanaticism.

    PS. The "IT community" you mention includes windows professionals. It isn't just made up of nix fanboys. There is not even a consensus that anything should "be done" about windows

  30. Anonymous Coward

    Never their fault...

    McAffee is getting the bad news now.

    When was it that AVG 8 was crapping over systems?

    Have fun trying to get your money back when you're a paying customer suffering from this dreck.

  31. Alan W. Rateliff, II
    Paris Hilton

    @Joe H.

    AVG Free is a competent solution for the home user, but it is not licensed for any other than home use. Even if it was, the networked editions (Network, SBS, etc.) are MUCH better for an IT environment. Additionally, the paid version offers better overall protection and update propagation than the Free Edition, not to mention you get support.

    Disclaimer: I am an AVG Gold Reseller, and became one back with v6 after watching McAfee eat a couple of machines right before my eyes and Norton become a beached whale, and just being generally impressed with AVG. I have to say I am quite proud to be, and to have been, a part of AVG as the product continues to mature.

    As for the engine vs. DAT file, while McAfee ended support for the 5100 engine, you would think the system could be coded in such a way as to recognize when an engine becomes dated. Maybe a notice distributed in the DAT to upgrade the engine would be nice. No AV vendor is immune from mistakes, but some of them are just forehead-slappers.

    Paris, the paid version offers support.

  32. WinHatter

    McAfee not that bad.

    At least it rightfully targeted "Files belonging to Microsoft Internet Explorer" which should be the default behaviour.

    McAfee is pooh as is Norton, AVG might be free but is still a pain, Clamwin does the trick for me as it does not continuously grind in the HDD in the background.

  33. dave 81

    McAfee - the choice of the ignorant.

    McAfee are now, and always have been the AV vendor that will crash your computer. I have been uninstalling McAfee since windows 98, and every time the machine ran faster, BSOD's became a freak occurrence. Any sys-admin who willing runs McAfee obviously lied on his CV.

  34. matt 83

    RE: daftvader

    If a machine has Sophos installed then it isn't open source ;)

  35. Andus McCoatover

    I blame El Reg.

    ..Since the Reg has put a # sign after every comment title, obviously all us lusers/commentards are now root, and are free to knacker our systems with impunity.

  36. Anonymous Coward
    Thumb Down

    I remember when Dr Solomon's was the best AV.

    Then McAfee bought it (or someone else did and bought McAfee)

  37. Anonymous Coward

    4th July

    No insight on this particular SNAFU, but, as the other half works for a very large US insurance company, I can say that the trend for these people is to push out now what should be left to next week.. BUT 4th of July means that they cut back on the testing, in an attempt to clear the next build window.

    My advice, after waiting at home with a three year old, wondering why her mums working late is, DON'T FUCKING PUSH UNTESTED CRAP OUT.

    For God's sake, if you have a release near a holiday, delay it until after.. you'll do less damage.

    Twats. My three year old agrees.

  38. Fred Flintstone Gold badge

    Remember that TCO story?

    You see, THIS is the kind of crap you need to add to Windows TCO cost calculations. The never ending absorption of bandwidth, the incessant mothering of systems so they stay more or less up, the endless streatm of security problems, the ceaseless interruptions be[Windows would like to reboot, Yes/no]cause updates need it (apps, OS, Java, anti-virus) - it goes on and on. A Windows based platform appears to spend more time coming up with excuses to interrupt people than to do any work, and this is called "enhancing" productivity?

    Add to that the compulsory change of user interface with every release with the promise (but never delivery) of better productivity and it becomes really, really hard to defend not switching.

    Retraining? What exactly did you have to do switching Vista? Office 2007? How much time did your tech staff spend looking what new devils they had to fight now? Have you found the "insert field" function in Word yet (hint: it's not in the ribbon)? Only in select cases has the upgrade been justified (Excel acquired some decent tools - if you can find them, and when you realise that you may need to switch them off again).

    New equipment? Well, no, not for "that Linux thing" - those people don't code with the assumption that crappy, inefficient code is masked by throwing new hardware at it. And they have heard of async coding and real multitasking so .. the .. ma.. ch .. in .. e.. doesn't sl..ow down because you opened another app.

    Security? Segregation is part of it's heritage, not imported later. No, it's not perfect either but you have a much longer run up time before it gains prominence as a platform to hack (it's also harder). What do you think you could do with, say, a year of uninterrupted staff productivity?

    So there. With a honest TCO calc the picture may look bleak for the continued use of MS products. Aren't you glad nobody does them?

  39. proto-robbie
    Paris Hilton


    So soon after the OS X AV software article. This reflects many of the comments there, mainly to say "if it ain't broke, don't fix it".

    Paris, on much the same basis.

  40. tony72

    Oh dear!

    My users are always complaining about this or that problem with McAfee, which is our company mandated av product (and it's still not as bad as Norton). So far, no one has noticed that neither myself or the IT manager will have it on our machines - I run Comodo (with only the core av functions enabled, and heuristics off). If this affects us, I suspect I'll need to go into hiding for a while.

  41. Somerset John

    McAffee carp

    Like the previous poster I remember Dr Solomon's. McAffee bought it out with the sole intention of removing it from the market. I've never touched any of their software since.

    I used to use AVG until I ran into a few (admittedly minor) problems with it. Switched to a product called Avira. Like AVG it's free for the home user. Never had a problem with its auto update, don't have a problem with its nag screen (this only appears once a day, not every time you switch the machine on) and it has provided me with completely adequate protection. If you're a home user I'd recommend having a test run with it.

    (Disclaimer....I don't work for them, don't know anyone who does work for them, don't have shares in them, etc.)

  42. Henry 9

    Rough draft - I thought it was obvious ...

    I'm not sure if this is going to show up as Henry 9 but I am he who posted the first comment.



    Hey. The problem with this type of comment platform is that we are all posting rough drafts of our ideas. Had I taken a few hours to put the comment aside and review it later, as one would do with a business proposal or a school essay, I might have fleshed it out a bit more. On the other hand it seems obvious to me that the only people who should suffer the consequences of a bad decision are the people who were authorized to make that decision.

    Once again ... DUH!

  43. Doug Glass

    So? What's Your Point?

    They're a corporation trying to:

    1. Grow the company.

    2. Increase the bottom line.

    3. Increase stockholder equity.

    Everything else is secondary, if not tertiary or lower, so the push is to get the product on the street to get/keep the revenues flowing.

    That's their nature.

  44. Robert E A Harvey


    Yes, people have rootkitted lnuxes. There have been a few stories of infection.

    But there are dozens of distros, there is Solaris, BSD, and perhaps if a few years time HP will rediscover unix.

    A diverse ecosystem is always going to have higher natural immunity than a monovarietal monoculture.

  45. Aaron 6

    fun with a bad AV package

    More fun with an AV package that needs to be binned. The amount of times I've had people bring brand new laptops to me that are running dog slow and I uninstall macafee or norton and put a decent AV package on and see the machine run so much better. That alone should be enough to flag up their poor QA testing, then this comes along and just makes me laugh.

    I've already talked to several customer's today all having problems caused by this bug, I've recommended they install the package peruse a refund and bill the computer engineer bill's to fix their broken systems to mcafee. They may not choose to pay it but id love to see these cases goto the small claims court and see what comes of it from there.

    On the point of people going on about operating systems that don't need AV, no operating system doesn't need AV, mac's have AV and even apple recommend you have it. Just because windows is the platform of choice for most vx'ers does not mean your safe if ignore basic system protection.

  46. Anonymous Coward

    Doesn't McAffee do this every couple of years or so?

    If memory serves, isn't this at least the third time McAffee has released a pattern file that causes the AV to clobber Windows in some way? I remember about 4 years ago, doing contract work, when we had to rejoin almost EVERY machine to the domain after a McAffee update. Was a lot of fun trying to walk some users that barely understood English through the process of disjoining the machine, rebooting, using an admin pw (which we had to give out) to rejoin these to the domain, then rebooting again.

  47. Anonymous Coward
    Anonymous Coward

    @Alan W

    The same AVG I swore by up till the beginning of the year?

    The same AVG that suddenly got a serious case of bloat and started crippling slower PCs? "mutter mutter mutter LINK SCANNER mutter mutter"

    The Same AVG that in fact, did exactly the same as this and made the same screwup a few months back?

    That AVG?

  48. Doug

    re: How long does it take some people to learn? #

    "McAffee has been a terrible product for many years", Henry 9

    What doesn't it do different than the others apart from scanning files for known patterns ?

  49. Doug

    insert free adveret for msOffice .. :)

    re: Not their first epic fail, either

    "Fortunately, Office had been installed from an Administrative Installation Point, so it repaired itself on-the-fly", mechBgon

  50. RW

    Cybersecurity - Diversity: you left out Standards

    If you have a truly diverse network with machines running a variety of OSes and a number of versions of each OS, it's also important that they all adhere strictly to standards. Otherwise data exchange becomes a nightmare.

    The conflicts and inconsistencies between Wurd for Windows and Wurd for Mac are a legendary example of the evils of proprietary standards - especially when MS doesn't seem know how to write software adhering to their very own! (The truth is probably that even within MS, there is in fact no single, documented standard for the format of a Wurd file. Didn't some MS honcho say within the last couple of years that Windows comprises billions of lines of code, much of it ancient legacy code that no one understands anymore?)

    Inconsistencies between web browsers (mainly between IE on the one hand and the rest of the world on the other) are another famous, ongoing failure to honor standards.

    Someone tell me: Sun nailed MS in court for "extending" Java; do other organizations that set standards stipulate that "extensions" invalidate any system's claim to adhere to whatever standard is involved?


This topic is closed for new posts.

Other stories you might like