back to article McAfee false-positive glitch fells PCs worldwide

IT admins across the globe are letting out a collective groan after servers and PCs running McAfee VirusScan were brought down when the anti-virus program attacked their core system files. In some cases, this caused the machines to display the dreaded blue screen of death. Details are still coming in, but forums here and here …


This topic is closed for new posts.
  1. Henry 9

    How long does it take some people to learn?

    McAffee has been a terrible product for many years. Any professional IT support person should have learned that years ago. Any professional IT support people using McAffee products in business should be fired for incompetence.

  2. Jeremy Chappell

    Worse than the disease!

    Great, what a truly epic fail. You run AntiVirus software to protect your computer, and it does the exact opposite. We've successfully created a giant monoculture (with Windows) and now we're creating them with single choices of AntiVirus. I guess the logical (though damn annoying) conclusion is: "don't put the same AntiVirus on all your machines".

    Of course, you could probably extend this advice to applications...

    Maybe scatter a few Macs here and there?

  3. jake Silver badge

    @Jeremy Chappell

    "I guess the logical (though damn annoying) conclusion is: "don't put the same AntiVirus on all your machines"."

    Nah. The real answer is to turn off automatic updates. The IT staff should test anything that goes onto corporate computers BEFORE rolling it out to the masses. Home users with a clue (yeah, yeah, yeah, I know, no need to yell!) should check IT news before updating.

    That's not to excuse McAfee from proper testing before rolling out av.dat updates.

    And of course, the real answer is to run secure-by-design software in corporate environments. Home users are on their own, by definition.

    Agree on scattering a few Macs here & there. Maybe more than a few.

  4. Anonymous Coward
    Thumb Up

    There are alternatives to Microsoft...

    the obvious one is Ubuntu, but PC-BSD is great as is DesktopBSD. The latter needs more programmers on board to keep it alive and it is a very worthwhile product.

    It's sad that one OS can be so dominant that problems like this are just accepted. You have to have an AV to run on a "professionaly" written OS and the apps for it are so bloated as to be barely functional under any load and require new hardware every, what?, 3 years just to remain functional.

    The IT community can do little as it's management that decide what is purchased.

    Thumbs up for McAffee helping to prove that Windows OS is unsustainable.

    Anonymous because I may have to work with that crap OS server side.

  5. Sitaram Chamarty

    very happy to hear this

    I am tired of people switching to open source because of the "economic climate". I keep telling them cost is only the third reason to switch to Linux etc., and that security and reliability are the first two reasons.

    So this feels good. "Schadenfreude" is too mild to describe what I'm feeling Maybe "gleeful". Even "gloating" :-) I hope this happens in larger enterprises, and I hope it somehow magically doesn't happen when they test in the IT department before pushing it out to 20,000 desktops :-)

    And @Henry9: you may well be right but the real problem is the need for AV in the first place. Ask yourself where that came from

  6. John Doe 1
    Thumb Down

    Epic FAIL...

    ...was McAfee's response -- just take a look at user pk02137's post at the McAfee support forums:

    Pretty good story there; over 8,000 desktops and 150 servers. Ouch. These things do happen, but McAfee's response could have had been better. Much better.

  7. Darryl Parvin


    Strikes again! And when it isn't destroying your system, it's setting the Guinness Book Of Records fastest time for getting compromised by a rootkit and/or trojan. It's sole benefit is ... er... none really.

  8. Darryl Parvin
    Thumb Up


    "Any professional IT support people using McAffee products in business should be fired for incompetence."

    I agree... Goldman Sachs uses it globally, so there you go. The Indian phone helpdesk insisted my flatmate download it onto my... MY laptop when she rang them up for remote access. They didn't bother asking whose machine it was, of course. And GS does use the older engine too (cheap bastards), so it would've shoncked my laptop into the BSOD. Lucky I stopped her in time otherwise...

  9. Anonymous Coward
    Black Helicopters

    Cybersecurity - Diversity

    The are massive risks of catastrophic failure with any system monoculture. Those leading the cybersecurity initiatives recently announced by the US and UK governments are well advised to reflect on this.

    A level of diversity in hardware/software platforms and security solutions must be encouraged and preserved. In a cyberwar, system diversity will limit the effects of friendly fire and vastly reduce the weak opponent's chances of carrying out a "cyberspace spectacular".

    Black Helicopter: because it's cyber-relevant. A complete formation of black helicopters would be more appropriate.

  10. Joe H.

    5301 engine doing just fine on boxen with DAT 5664

    Apparently this is only affecting folks on the 5100 engine. Official support has ended for 5100.

    Could McAfee have bothered to test the DAT 5664 with a few boxen running the 5100 engine before forcing it out the door as a sort of a quality assurance initiative? If, and when, they found *something bad*, perhaps a delay in the release whilst sending out stern reminders? For the sake of their own CYA for instance.

    That sort of fluff markets to the paying masses better than crippling the systems of anyone who hasn't had a chance to roll out the new engine due to the labors of change control scheduling.

    Unfortunately, it appears that lots of folks were running 5100, and on *big* *important* servers no less.

    We need a horror story thread here, methinks.

  11. mechBgon

    Not their first epic fail, either

    I remember when VirusScan Enterprise false-positived on excel.exe back in 2006, and deleted everyone's Excel executables on our fleet. Fortunately, Office had been installed from an Administrative Installation Point, so it repaired itself on-the-fly.

  12. gollux


    Day off for everyone else while the IT department gets its rear handed to it on a platter for choosing the product.

  13. Anonymous Coward
    Anonymous Coward

    @Henry 9

    "Any professional IT support people using McAffee products in business should be fired for incompetence."

    If the "professional IT support people" made the choice to use it yes. But I've had to deal with crap software bought by some pointy haired boss because it came with a free plasma TV (delivered to his house). When word somehow leaked there was a major shit storm. Not over wasting a pile of cash on software that didn't work, but over who should get the TV...

  14. This post has been deleted by its author

  15. Anonymous Coward
    Anonymous Coward

    McAfee should be held accountable

    If you're going to sell a product, you should be held accountable for damage inflicted by a defective product. That applies to McAfee, Microsucks and everyone else.

    FWIW, McAfee does sell some anti-software to support O/Ss that other companies such as Symantec/Norton do not support, so system admins may be using McAfee because there is little other option.

  16. Max Watson

    System Rollback

    Windows PCs should be able to perform a System Restore via booting from a Windows install CD. This should undo the actions of the anti-virus program and may even reverse updates to the virus definitions.

  17. Robert E A Harvey
    Gates Horns

    @ Max Watson

    Last time I did a system restore from a windows boot disk it rolled back SP3, 2, 1 and all the security updates. It took a couple of days to get the machine anything like working safely.

    I own two paid-for backup systems that will make a bootable recovery disk from the current image. Because of anti-piracy both require the windows boot disk to be inserted before they start. On my older machines they reject it as counterfeit.

    I have been using Suse since 8.2, and am currently migrating everything to either Suse 11 or Ubuntu and will never, ever, build or buy another windows computer.

  18. Anonymous Coward
    Anonymous Coward

    So Linux as usual is the answer to all problems - Not

    I can see from several comments, that this would never happen to a open-source machine

    Opps! talk about shooting your own foot.

  19. Anonymous Coward
    Anonymous Coward

    Ah, the good old days!

    I can remember the time when a 20Mb hard disk was huge and McAcfee was the virus hunter of choice in the DOS world.

    For the last ten years and most probably the foreseeable future my belief has been that I wouldn't touch it with a barge pole. I say sack those responsible for allowing this horrendous creature on unfortunate victims PCs. How many times does this have to happen?

  20. Tom Knapen
    IT Angle


    But computers running windows are cheap, eh? Anyone know whether these massive productivity losses happening about once a year are factored into the total cost of ownership of a device?

    Boy, that would give Linux and Macs a boost..

  21. finnbarr

    @Henry 9

    "Any professional IT support people using McAffee products in business should be fired for incompetence."

    I have to agree with the previous poster.

    It isn't the IT staff who choose crapware like this. It's some moronic manager who hasn't got the faintest clue.

    However, it *is* the IT staff who have to take the brunt of it when it fails.

  22. Anonymous Coward

    Ubuntu may have other problems

    But certainly not this one. Happy to write this from my Acer Aspire A150 running Ubuntu 9.04

    And yes, I completely agree with the poster about diversity. At work everything we have is Windows, and while we are not running McAfee, we're standardized on a single AV vendor on something like 12000 workstations and 1500 servers.

    A snafu of this caliber will literally stop the company on its knees. But everybody is happy with this situation.

  23. Yes Me Silver badge

    AVG too

    AVG seems to have developed an allergy to a two-year-old exe for NetStat this morning. I guess the signature method of identifying trojans is reaching its sell-by date. Too many trojans = too many signatures = too high a chance of matching legitimate binaries.

    Back to drawing board please.

  24. jake Silver badge


    "I can see from several comments, that this would never happen to a open-source machine"

    Uh ... no. FOSS isn't inherently secure.

    However, this would never happen to a secure-by-design system.

    Learn the difference. It's kind of important.

  25. jake Silver badge

    AC 07:03 concatenating history?

    "I can remember the time when a 20Mb hard disk was huge and McAcfee was the virus hunter of choice in the DOS world."

    Somehow, my version of history doesn't match yours. Maybe it's me ...

  26. Anonymous Coward
    Big Brother


    Sounds like some disgruntled employee's last day at McAfee and they turned it trojan! I use a Mac and it hosts any virtualised XP sessions I need to run.

  27. slack
    Gates Horns

    @Max Watson

    "Windows PCs should be able to perform a System Restore via booting from a Windows install CD."

    Whilst that may be true can you imagine the hassle and expense that will cause an organisation like the one above with 8,000 affected machines going into a holiday weekend (in the USA)?

    Heads should roll at McAfee over this cock-up.

    /Gates, coz it's all his fault really

  28. Mage Silver badge


    All AV is worse than the disease.

    Money invested in training, mail servers that eat executables, decent firewalls and email clients that won't load remote images, activeX or remote HTML or run java etc.. Block all emails with executables.

  29. system

    RE: There are alternatives to Microsoft...

    "It's sad that one OS can be so dominant that problems like this are just accepted. You have to have an AV to run on a "professionaly" written OS"

    Take the sort of windows users who need antivirus every day to save them. Running as root, opening and running email attachments from strangers, accepting and running any file that supposedly comes from a friends message client and absolutely clueless about source code. Do you really believe they will be any better off with *nix? Under those conditions, I fail to see how nix could perform any better. It might actually do worse, as certain people who should know better tell nix noobs that they don't need antivirus and other stuff.

    Replacing the entire operating system to solve an issue with one app for little to no other benefit is not professionalism, it's just fanaticism.

    PS. The "IT community" you mention includes windows professionals. It isn't just made up of nix fanboys. There is not even a consensus that anything should "be done" about windows

  30. Anonymous Coward

    Never their fault...

    McAffee is getting the bad news now.

    When was it that AVG 8 was crapping over systems?

    Have fun trying to get your money back when you're a paying customer suffering from this dreck.

  31. Alan W. Rateliff, II
    Paris Hilton

    @Joe H.

    AVG Free is a competent solution for the home user, but it is not licensed for any other than home use. Even if it was, the networked editions (Network, SBS, etc.) are MUCH better for an IT environment. Additionally, the paid version offers better overall protection and update propagation than the Free Edition, not to mention you get support.

    Disclaimer: I am an AVG Gold Reseller, and became one back with v6 after watching McAfee eat a couple of machines right before my eyes and Norton become a beached whale, and just being generally impressed with AVG. I have to say I am quite proud to be, and to have been, a part of AVG as the product continues to mature.

    As for the engine vs. DAT file, while McAfee ended support for the 5100 engine, you would think the system could be coded in such a way as to recognize when an engine becomes dated. Maybe a notice distributed in the DAT to upgrade the engine would be nice. No AV vendor is immune from mistakes, but some of them are just forehead-slappers.

    Paris, the paid version offers support.

  32. WinHatter

    McAfee not that bad.

    At least it rightfully targeted "Files belonging to Microsoft Internet Explorer" which should be the default behaviour.

    McAfee is pooh as is Norton, AVG might be free but is still a pain, Clamwin does the trick for me as it does not continuously grind in the HDD in the background.

  33. dave 81

    McAfee - the choice of the ignorant.

    McAfee are now, and always have been the AV vendor that will crash your computer. I have been uninstalling McAfee since windows 98, and every time the machine ran faster, BSOD's became a freak occurrence. Any sys-admin who willing runs McAfee obviously lied on his CV.

  34. matt 83

    RE: daftvader

    If a machine has Sophos installed then it isn't open source ;)

  35. Andus McCoatover

    I blame El Reg.

    ..Since the Reg has put a # sign after every comment title, obviously all us lusers/commentards are now root, and are free to knacker our systems with impunity.

  36. Anonymous Coward
    Thumb Down

    I remember when Dr Solomon's was the best AV.

    Then McAfee bought it (or someone else did and bought McAfee)

  37. Anonymous Coward

    4th July

    No insight on this particular SNAFU, but, as the other half works for a very large US insurance company, I can say that the trend for these people is to push out now what should be left to next week.. BUT 4th of July means that they cut back on the testing, in an attempt to clear the next build window.

    My advice, after waiting at home with a three year old, wondering why her mums working late is, DON'T FUCKING PUSH UNTESTED CRAP OUT.

    For God's sake, if you have a release near a holiday, delay it until after.. you'll do less damage.

    Twats. My three year old agrees.

  38. Fred Flintstone Gold badge

    Remember that TCO story?

    You see, THIS is the kind of crap you need to add to Windows TCO cost calculations. The never ending absorption of bandwidth, the incessant mothering of systems so they stay more or less up, the endless streatm of security problems, the ceaseless interruptions be[Windows would like to reboot, Yes/no]cause updates need it (apps, OS, Java, anti-virus) - it goes on and on. A Windows based platform appears to spend more time coming up with excuses to interrupt people than to do any work, and this is called "enhancing" productivity?

    Add to that the compulsory change of user interface with every release with the promise (but never delivery) of better productivity and it becomes really, really hard to defend not switching.

    Retraining? What exactly did you have to do switching Vista? Office 2007? How much time did your tech staff spend looking what new devils they had to fight now? Have you found the "insert field" function in Word yet (hint: it's not in the ribbon)? Only in select cases has the upgrade been justified (Excel acquired some decent tools - if you can find them, and when you realise that you may need to switch them off again).

    New equipment? Well, no, not for "that Linux thing" - those people don't code with the assumption that crappy, inefficient code is masked by throwing new hardware at it. And they have heard of async coding and real multitasking so .. the .. ma.. ch .. in .. e.. doesn't sl..ow down because you opened another app.

    Security? Segregation is part of it's heritage, not imported later. No, it's not perfect either but you have a much longer run up time before it gains prominence as a platform to hack (it's also harder). What do you think you could do with, say, a year of uninterrupted staff productivity?

    So there. With a honest TCO calc the picture may look bleak for the continued use of MS products. Aren't you glad nobody does them?

  39. proto-robbie
    Paris Hilton


    So soon after the OS X AV software article. This reflects many of the comments there, mainly to say "if it ain't broke, don't fix it".

    Paris, on much the same basis.

  40. tony72

    Oh dear!

    My users are always complaining about this or that problem with McAfee, which is our company mandated av product (and it's still not as bad as Norton). So far, no one has noticed that neither myself or the IT manager will have it on our machines - I run Comodo (with only the core av functions enabled, and heuristics off). If this affects us, I suspect I'll need to go into hiding for a while.

  41. Somerset John

    McAffee carp

    Like the previous poster I remember Dr Solomon's. McAffee bought it out with the sole intention of removing it from the market. I've never touched any of their software since.

    I used to use AVG until I ran into a few (admittedly minor) problems with it. Switched to a product called Avira. Like AVG it's free for the home user. Never had a problem with its auto update, don't have a problem with its nag screen (this only appears once a day, not every time you switch the machine on) and it has provided me with completely adequate protection. If you're a home user I'd recommend having a test run with it.

    (Disclaimer....I don't work for them, don't know anyone who does work for them, don't have shares in them, etc.)

  42. Henry 9

    Rough draft - I thought it was obvious ...

    I'm not sure if this is going to show up as Henry 9 but I am he who posted the first comment.



    Hey. The problem with this type of comment platform is that we are all posting rough drafts of our ideas. Had I taken a few hours to put the comment aside and review it later, as one would do with a business proposal or a school essay, I might have fleshed it out a bit more. On the other hand it seems obvious to me that the only people who should suffer the consequences of a bad decision are the people who were authorized to make that decision.

    Once again ... DUH!

  43. Doug Glass

    So? What's Your Point?

    They're a corporation trying to:

    1. Grow the company.

    2. Increase the bottom line.

    3. Increase stockholder equity.

    Everything else is secondary, if not tertiary or lower, so the push is to get the product on the street to get/keep the revenues flowing.

    That's their nature.

  44. Robert E A Harvey


    Yes, people have rootkitted lnuxes. There have been a few stories of infection.

    But there are dozens of distros, there is Solaris, BSD, and perhaps if a few years time HP will rediscover unix.

    A diverse ecosystem is always going to have higher natural immunity than a monovarietal monoculture.

  45. Aaron 6

    fun with a bad AV package

    More fun with an AV package that needs to be binned. The amount of times I've had people bring brand new laptops to me that are running dog slow and I uninstall macafee or norton and put a decent AV package on and see the machine run so much better. That alone should be enough to flag up their poor QA testing, then this comes along and just makes me laugh.

    I've already talked to several customer's today all having problems caused by this bug, I've recommended they install the package peruse a refund and bill the computer engineer bill's to fix their broken systems to mcafee. They may not choose to pay it but id love to see these cases goto the small claims court and see what comes of it from there.

    On the point of people going on about operating systems that don't need AV, no operating system doesn't need AV, mac's have AV and even apple recommend you have it. Just because windows is the platform of choice for most vx'ers does not mean your safe if ignore basic system protection.

  46. Anonymous Coward

    Doesn't McAffee do this every couple of years or so?

    If memory serves, isn't this at least the third time McAffee has released a pattern file that causes the AV to clobber Windows in some way? I remember about 4 years ago, doing contract work, when we had to rejoin almost EVERY machine to the domain after a McAffee update. Was a lot of fun trying to walk some users that barely understood English through the process of disjoining the machine, rebooting, using an admin pw (which we had to give out) to rejoin these to the domain, then rebooting again.

  47. Anonymous Coward
    Anonymous Coward

    @Alan W

    The same AVG I swore by up till the beginning of the year?

    The same AVG that suddenly got a serious case of bloat and started crippling slower PCs? "mutter mutter mutter LINK SCANNER mutter mutter"

    The Same AVG that in fact, did exactly the same as this and made the same screwup a few months back?

    That AVG?

  48. Doug

    re: How long does it take some people to learn? #

    "McAffee has been a terrible product for many years", Henry 9

    What doesn't it do different than the others apart from scanning files for known patterns ?

  49. Doug

    insert free adveret for msOffice .. :)

    re: Not their first epic fail, either

    "Fortunately, Office had been installed from an Administrative Installation Point, so it repaired itself on-the-fly", mechBgon

  50. RW

    Cybersecurity - Diversity: you left out Standards

    If you have a truly diverse network with machines running a variety of OSes and a number of versions of each OS, it's also important that they all adhere strictly to standards. Otherwise data exchange becomes a nightmare.

    The conflicts and inconsistencies between Wurd for Windows and Wurd for Mac are a legendary example of the evils of proprietary standards - especially when MS doesn't seem know how to write software adhering to their very own! (The truth is probably that even within MS, there is in fact no single, documented standard for the format of a Wurd file. Didn't some MS honcho say within the last couple of years that Windows comprises billions of lines of code, much of it ancient legacy code that no one understands anymore?)

    Inconsistencies between web browsers (mainly between IE on the one hand and the rest of the world on the other) are another famous, ongoing failure to honor standards.

    Someone tell me: Sun nailed MS in court for "extending" Java; do other organizations that set standards stipulate that "extensions" invalidate any system's claim to adhere to whatever standard is involved?

  51. Joe H.

    @Alan W. Rateliff, II

    I use the AVG on my traveling lapdog, and McAfee on my home pc that the missus uses. When I bought the lapdog, it came with AVG free. When it expired I reloaded it and checked the box to say I would participate in development, so far, so good. It has been 4 months and counting and this thing has not been any trouble at all.

    As far as large networked environments go, it is obvious that paying for the right to use comes with much needed support.

    As far as the DAT update spitting up a dialog box saying "Your version of the Engine is out of date, and this DAT update is about to destroy your machine, continue, Yes/No?" Is likely something they could have done had they tested it before releasing it.

    Terminator, obviously the machines and their programmers are to blame.

  52. Anonymous Coward

    McAfee not to blame here, lusers that never update ever are...

    This issue only affects people running the 5100 engine. McAfee stopped supporting the 5100 engine way back at the beginning of 2008. Even it's replacement, the 5200 engine is no longer supported. No longer supported means that they no longer test their daily dat releases against it to check for false positives.

    Do people expect them to go on checking the 10,000 new detections added to the Dats every day against every single version of their product ever released, despite making very clear statements and giving very clear notice regarding end of support dates?

  53. Roger Stenning

    I wouldn't touch McAfee if you paid me

    Or Norton, come to that. Sophos *maybe*, but McCrapy?

    Get real.

    There are free AV products for the PC out there that are just as effective, and frankly better managed, than McCrapy will ever be.

    Also - can anyone answer this one - why has practically no-one mentioned another part of system protection - take REGULAR backups of your system? That's most definitely a major part of protecting your system from screwups, and I'm very surprised that more haven't mentioned that!

    Grenade, as without adequate PC protection routines, you're playing with one without a pin!

  54. Anonymous Coward

    Oh dear...

    Icon says it all.

  55. Tim Brown 1

    No AV, no hassle.

    I'll probably get shouted down for this, but I've given up running anti-virus software completely in the home. I DON'T advise this if you're the sort of user that clicks any exe you see in your email, (or uses IE as your main browser).

    However if you're the sort of person with a clue (and you read The Register, so you probably are), then relying on your own common sense and a GOOD firewall (one that notifies you of unauthorised outgoing connections) will protect you just as well as relying on some dubious AV software.

  56. Fred 24

    Whats antivirus?

    Before I learned-the hard way- I used to use an odd piece of software that helped to slow the response of my pc to something of 10 years older, and still would not protect my files.

    Then after learning, after all the cost, after all the b.s. from the software supplier I simply switched to Ubuntu: 2 years of NO antivirus, and NO problems! Lesson learned. Just accept the facts and move on.

  57. Anonymous Coward

    A bowser full of schadenfreude

    I wonder whether my last company has had a problem with this - I shall have to find out from my friends who still work there.

    Why? Because my old boss used to start doing things about 5 minutes after it became critical (Proactive is that funny yoghurt stuff his wife eats) and although he used to claim he documented everything, it was handwritten in an A4 pad. There were a stack of these in the office and even he couldn't find anything when he needed it so no one else had a chance.

    The antivirus he had bought many years before was McAfee and although the DAT files were constantly updated the main program itself was very old. Even when the company was making a lot of money the AV wasn't updated despite the anti-spam addon often crashing the exchange server.

    And 50% of the users work remotely around the entire country. Most of these have worked their way up from the shop floor so IT is something they don't like dealing with but know they have to. If their machines are blue screening they will be turning the air just as blue as they are fighting for survival in an industry heavily affected by the recession.

    I am so glad I hit the escape key...

  58. Russell Burnell
    Thumb Up

    Sophos AV

    I've been using Sophos AV for years on various client sites with none of these itsn't the cheapest AV around but there seems to be a reason for that.....because it's bloody good!

    Can't see why people use the failure of McAfee to start bashing's just the AV vendor being a tit and nothing to do with the Windows OS........get over it!

  59. Bob 13

    It got us too.

    It took down our BES server and our server team is still working on it. This isn't the first problem McAfee has caused, so I have no idea why the server team is still using it.

    Of course, it's their problem to fix too, so what do I care?

  60. Toastan Buttar
    Thumb Up

    Anyone thinking of ditching AV completely on Windows

    You can find all you need to know here:

    Summary: Running as Limited Users most of the time and only using an Admin account to install software/drivers will make your XP-and-onwards system very secure. I've been happily running XP for over 2 years this way without infection. It takes about 20 minutes to set up and is a helluva lot easier than installing and getting used to a Linux distro.

  61. Anonymous Coward
    Anonymous Coward


    Didn't they do this a few years ago as well?

  62. James O'Brien


    Im with you Henry 9. What I want to know is why is it that Norton and McAfee who USED to be the best at what they did (when all they really focused on was the AV package) decided to put their collective heads up their asses all for the sake of a dollar? The trend I notice is that it seems that the more these AV companies start looking out for the shareholder. Problem with this concept is that the more crap like this happens the more that people will start to shy away from them and the only way they can keep their names in front of people is to make deals with the manufactures to have their software preinstalled. Oh well hope some more people learn from these things as they continue to happen.

    /Can someone explain to me why when journalists call someplace they always expect an immediate response and if they dont get one you tend to see this "A McAfee representative in the US didn't immediately respond to phone calls seeking comment." in the article? Mainly curious as it seems like the PR people or whoever is called should be at their beck and call....never understood it. Thanks

  63. Dan Goodin (Written by Reg staff)

    @James O'Brien

    Hey James,

    Not sure if your question is just bait. Assuming it isn't, here's the answer:

    In journalism, as in many other aspects of life, there are real-time deadlines. So what to do when it's time to hit to publish button and you still haven't gotten an answer to your question? Do you:

    a) lay out the fact that you indeed asked the company for their side of the story and didn't get a response by press time (i.e. an "immediate response")? or

    b) not mention it at all and let readers wonder if you bothered to email the company at all?

    No, companies aren't at journalists' beck and call. But they have a right to have their voice heard in stories that directly concern them. I was only trying to make sure it was clear I tried to give them that opportunity and for whatever reason had not gotten a response by press time.

    The reason we say didn't "immediately respond" is to make it clear that there wasn't a whole lot of time between the time we asked and the time the story was published. In the case of this story, it was about 2 and a half hours.

    Make sense?

  64. Jimbo 7


    "This issue only affects people running the 5100 engine. McAfee stopped supporting the 5100 engine way back at the beginning of 2008. Even it's replacement, the 5200 engine is no longer supported. No longer supported means that they no longer test their daily dat releases against it to check for false positives."

    I totally agree with you. I quite don't get so many angry users. You should keep your AV software up to date as well. I remember people patching XP with Win2000 files because they saw similar bug going on ... at the same time it's easy to be critical without knowing $0 budgets some IT folks have to deal with ....

    McAffee was great product back in the MS DOS age after they acquired pretty amazing Dr Solomon's Antivirus (I loved that tool back in MS DOS 3.0 age)

    ahhh the old days

  65. Anonymous Coward

    How many more times?

    I can remember at least three similar incidents where McAfee FPs on some critical Windows DLL and auto-bricks a gazillion PCs.

  66. asdf
    Thumb Up

    Re: Tim Brown 1

    >'ll probably get shouted down for this, but I've given up running anti-virus software completely in the home.

    Actually you would be correct about the general technical level on the site probably, but no antivirus for many or most in here would be a no go. The reason is most of us are savy enough to not have to pay for software (haha anybody preaching ethics is either a hypocrite or owns software company stock). One risk of being a pirate is dodgy websites and executables. Without piracy and porn no way the internet is worth more than a few dollars a month.

  67. M Gale


    "Block all emails with executables."

    In a perfect world this would work.

    Unfortunately too many people want HTML email and documents that can contain scripts. Plus you never know when the next bright idea is going to come out of Redmond for including "active" capability inside some otherwise safe format.

    Badgers because.. I can.

  68. Anonymous Coward
    Anonymous Coward

    McAfee should do better

    Yes system admins should be running current McAfee software and doing regular updates, but it's irresponsible and unacceptable to crash systems using year old software. I mean come on McAfee and every other software and O/S supplier most definitely has a responsibility to support their product for year(s). I'll bet there are some lawsuits over this deal.

  69. Fuzz

    Why do McAfee allow updates to unsupported software?

    I don't get this, if McAfee are no longer testing the updates on older versions of the software then the older versions of the software shouldn't allow the updates to be applied.

    Also why isn't the AV engine updated along with the Virus updates?

    To the people saying that all updates should be tested before being pushed out, I agree with this for updates to applications or drivers but AV updates can happen several times a day you have to trust your AV supplier that their updates will work correctly with their software. If you don't, then you're using the wrong AV program.

  70. Anonymous Coward

    @Jake: RE: AC 07:03 concatenating history?

    > "I can remember the time when a 20Mb hard disk was huge and McAcfee was the virus hunter

    > of choice in the DOS world."


    > Somehow, my version of history doesn't match yours. Maybe it's me ...

    It's you. I can remember when 10MB hard was big deal and certainly then McAfee was the av of choice. You could catch a virus off those 5 1/4 inch floppies back then. Praise the gods for the arrival of Linux! A proud user since before Windows 3.2!

  71. Richard 12 Silver badge

    Abject fail on the part of McAfee

    If the engine is no longer supported, why is it still downloading updates?

    If the engine is known to download updates, why are these updates not tested against it?

    Sorry, but the excuse "Oh, that engine isn't supported" is complete and total rubbish. If it's not supported, IT MUST NOT DOWNLOAD AND OPEN A FILE THAT IT DOESN'T UNDERSTAND.

    Even if you aren't going to support everything you ever made, you still have a duty not to break it.

    It is *trivial* to do version checking at the top of a file. Are McAfee saying that they don't know how?

    AVG does that - a while after the 7.0 engine went obsolete, it stopped downloading new updates and told me so.

  72. Anonymous Coward
    Thumb Down

    I don't use anti-virus crap at all

    I've never had a problem in 8 years now.

    Why bother?

  73. John Dooley

    Yea stay away from free anti-virus

    Poetic justice, coming just after they dissed free anti-virus users.

  74. Bill The Cat

    Never Update Over A Weekend!

    Never update over a weekend -- especially a holiday or 3 day weekend. This has been the rule of IT for decades. Any company that does a major pushes on a Fridays should be seriously reconsidered. No excuse for this one.

  75. Pete Hinch


    So this IT guru correctly diagnoses the problem: an AV update is trashing every machine it touches. So he celebrates by switching on his laptop and letting it connect to the internet?

    To put it as politely as possible - I can think of better tactics...

  76. N2

    House of cards

    Just beggars belief that McAfee could cause such a problem, do they test their updates?

    But where do you put the blame, McAfee for its update or Microsoft for its continuing to deploy technologies riddled with exploits?

  77. Anonymous Coward

    Monday is just round the corner...

    ...and we shall see what the fallout is like. Luckily my work used the v8.5i engine, so we haven't got any BSOD's.

    This sort of thing is not good - because you'll never know when those sons of fun will decide to target v8.5i and higher with their pranks...

    Going to suggest to damagement that we look at alternatives ASAP.

    Terminator - terminating dumb software.

  78. N2
    Thumb Down

    @ Max Watson

    Dont make me fucking piss myself,

    When in Gods name has any self respecting virus ever not managed to rip right through everything in its path and install to the system restore directory? something to do with raw socket access or what but every decent virus writes straight to it, when you are denied access until you change permissions.

    How utterly hopeless is that?

    & as for 'system restore ' it seldom works anyway.

  79. Anonymous Coward
    Anonymous Coward

    IT Support

    Pity they all got fired due to cutbacks.

  80. CalmHandOnTheTiller


    The Lusers and sysadmins having all the nightmares are the ones running an old engine. So old that it's actually 2 versions too old. That's like compalining when your seatbelt pre-tensioners and airbag fail to work when you've ignored both recall notices saying that they must be replaced or you're going to go through the windscreen when you have an accident.

  81. Neoc

    @James O'Brien

    "Mainly curious as it seems like the PR people or whoever is called should be at their beck and call....never understood it. Thanks"

    Actually James, that"s *exactly* what the Public Relations department is for - answering questions from the Media. Not the Engineering Dpt, not the Publicity Dpt (though they may want to put a spin on it), but the *Public* *Relations* Dpt. This is their Raison D'etres.

    The fact they didn't answer tells me they were caught with their trousers at half mast and hadn't even planned a canned response in case of emergencies. (How hard can it be to state "We are aware of this problem and are working to rectify it"?).

    Sack the person whose job it was to hold the store at the time - s/he obviously cannot do the job satisfactorily.

  82. Mark Pawelek

    It must've been sabotage

    The only way this can be explained is that someone working for McAfee must've sabotaged this update.

    The change that a virus would have the same "fingerprint" as a system file is minimal and the chance that McAfee would just roll out the update without testing is tiny. That leaves only one logical explanation.

  83. Max Watson


    I wasn't suggesting a restore would remove a virus. Just undo the modifications to the system files that McAfee has done so you can boot your system properly again.

  84. Anonymous Coward
    Gates Horns

    @Aaron 6

    "no operating system doesn't need AV"

    Er, wrong.

    Please. Do yourself a favour and find out what the differences between Windows and Linux/OSX are BEFORE you post mindless rubbish like that.

    The ONLY reason to run AV on either OSX or Linux is as a courtesy to any Windows users you may (unintentionally) pass infected forwarded emails onto.

    Privilege escalation using buffer overflow vulnerabilities are not viruses, they are exploitations.

    To infect a Linux/OSX box would require running code in order to install. This requires deceiving the user into installing it in the first place. Cus guess what? Linux distros aren't so fucking stupid as to allow remote sites to install to the root file system.

    Seeing as Windows boxes are rarely set up correctly and are almost always left with an unexplained Administrator Account as default, Microsoft are completely and totally 100% responsible for this current mess.

    They've had umpteen iterations of Windows now and they refuse pointblank to use a decent Unix-like model for security, choosing instead to repeat the same retarded mistake over and over again.


    Absolutely none at all.

  85. jake Silver badge

    @AC 09:37

    I tried to reply. Apparently being polite isn't acceptable.

  86. Stuart Vine

    @Never Update over a Weekend

    It's an old IT project management mantra as well - never launch anything on a Friday - unless you want to spend all weekend trying to fix it.

  87. Magilla


    Someone at McAfee has decided to try to fix the root of the problem.

  88. david 12 Silver badge

    @Alan W. Rateliff, II #

    "Disclaimer: I am an AVG Gold Reseller,"

    ... Then you will know that last week AVG identified Visual Studio 6 as a virus?

  89. Anonymous Coward

    Whiney Comments

    Top 5 whiney comments from this thread.

    1. Ohhh my linux box is safe, join us. We love you. Please?

    2. IT guys must test things before releasing it. Agreed, but AV updates can be daily. Not all companies are big enough to have staff assigned to testing only.

    3. It's Windows's fault.

    4. Don't release an update before I go on holiday. (Selfish a**hole?)

    5. I'm not running any AV and i'm fine

  90. Toastan Buttar


    Sir, you are a potty mouth. Sit on the naughty step until you learn to speak properly (and until you can actually name a piece of Malware which can "rip right through everything in its path and install to the system restore directory").

  91. This post has been deleted by its author

  92. Anonymous Coward

    IT Support

    who is this anonymous coward person? he contradicts himself (or herself) all the way down the page.

    FWIW - any IT Support person running out of support AV software should be sacked.

    and don't worry - the DATS won't install on 5100 or 5200 after 31/12/2009.

  93. Fred Flintstone Gold badge

    @ Neoc

    "Sack the person whose job it was to hold the store at the time - s/he obviously cannot do the job satisfactorily."

    I think you're forgetting the fact that it was weekend, most PR shops don't open 24/7. El Reg did the right thing (and McAfee still have right of reply as well).

    In this case the issue is with McAfee emergency management procedures which appear not to include external communication (I'm still assuming they have emergency handling processes to start with). It thus appears they may need to talk to us about disaster planning as theirs appears to suffer deficiencies.. Just putting out a canned statement isn't enough, you need to follow up with some facts or report status.

    Bottom line: PR is important, but don't assume the company isn't dealing with the problem because they forgot to manage the press coverage. I would prefer them concentrating on solving the issue..

  94. Paul 71

    Less of the hyperbole please

    To everyone who says the best solution is to just not use antivirus: You clearly don't work in an organisation with any actual users.

    As for McAfee, this incident was definitely a massive fail on their part but I do think lazy sys admins should take the blame for not updating their engine even though it hasn't been supported for quite some time.

    Furthermore, while McAfee is definitely a pain in the arse sometimes (for example, we've discovered a problem here on 'older' machines where performing DAT updates takes up 100% CPU and absolutely kills a machine for 5 minutes every day - McAfee have told me this is normal behaviour) but I have it on good authority that their management/deployment solution (epo) is pretty much unmatched by it's rivals.

    Lastly, I just want to point out that in my experience people (users mainly, but IT people as well) have a tendency to blame every problem that arises on McAfee (or whatever AntiVirus product is installed) even if it is completely obviously unrelated.

  95. Steven Davison

    @ matt 83

    "If a machine has Sophos installed then it isn't open source ;)"

    This is incorrect.

    Sophos provide CID downloads for Linux, Solaris, HP-UX, Netware, FreeBSD, AIX, Mac OSX and Various Windows systems...

    While the product may not be open source, the OS can be.

  96. Mark Eaton-Park

    McAfee did it on purpose, I reckon

    What is the latest version of AV that can be installed without corporate secure download access, unpatched 5100.

    A gentle kick in the ribs for any accounts not paying their McAfee update fees perhaps?

    Hmm, I wonder

  97. Ed Blackshaw Silver badge

    Alternative antivirus

    I used to use AVG Free, but that seems to have gone the way of the bloatware over the past year. Now I use Avast! Antivirus on my home PC, also free. I would recommend it - it seems to have a smallish footprint and not require the constant attention that AVG now seems to need.

    We use McAfee at work. It is a well known fact that we won't get much done on a Friday afternoon, when the weekly scan kicks off, and the best thing to do after turning your machine on in the morning, is to go and make a cup of tea...

  98. James O'Shea

    visual studio

    quote "Then you will know that last week AVG identified Visual Studio 6 as a virus?" unquote

    <gasp!><shock!><horror!>You mean that it's _not_?!</horror!></shock!></gasp!>

  99. Greg J Preece

    @Tim Brown

    Nope, I'm with you mate. No AV installed on my only Windows machine. Slows things down and annoys me, and I never get infections anyway. Every now and then I run an online scan just to check, and it never finds anything.

  100. Alan W. Rateliff, II
    Paris Hilton

    @david 12, @Ed Blackshaw

    Most of my "constituents" are using 2002 or later, most of them using 2005. So I have not had the opportunity to cross this particular issue. Even so, when AVG removes an offending binary it is placed in the Virus Vault, which can be restored and set to ignore in the event of false positives. FAQ 1203 tells you how to deal with false positives, including submitting them to AVG.

    AVG Free tends to be a little more "in your face" than the full editions. Anything free has a trade-off. I am running Internet Security on my production laptop and I never see it.

    But that is not to say that I do not have some objections to the AVG system. In particular, as IT I frequently advocate against the use of browser tool bars as multiple tool bars can conflict with each other, and older or poorly coded ones can simply stop the browser from working (*ahem* Lexmark.) So AVG introduces the AVG Toolbar. Not exactly a happiness for me, and I certainly expressed that to them.

    As for any other problems I have with AVG, I submit my concerns and they are quickly answered. I often field feedback from my, and from other, users and get them up to AVG which, again, deals with them in a timely manner. I even go so far as to send ElReg articles up through my support channels, though I believe some folks in the chain are regulars here already.

    Believe me, AVG listens to you. I think it is one of the few software vendors which still does. Even the LinkScanner debacle (on which you can find my opinion in other Reg articles) was dealt with based upon user and non-user feedback.

    And I fall back upon my previous statement that no AV vendor is perfect, and doubly so for software vendors as a whole. But that does not excuse them from completely disabling a system. And given that, I believe that AVG has never rendered a system non-bootable by its own actions.

    In any case, my intention is not to hijack this article to push AVG, but rather to answer to what I can.

    Paris, a little more in-your-face as well.

  101. Reality Dysfunction

    Mcafee have finally aknowledged this

    Mcafee have finally aknowledged this... after 3 days

    I am a sysadmin using the product and no I did not have meltdown as I manage to keep things up to date (well as up to date as I can given how old some of our hardware is)

    Mcafee may be a bit of a hog on CPU around update time (ameliorated with later patchesand versions) but compared to sophos/symantec the admin interface is a milion times better and although Kaspersky have an OK one their support offering is a little too Russian for most people.

    Still Mcafee ruined my friday and weekend as I ran round explaining why I was rolling back DATS on 10000 machines when there wasnt even an offical notification of a problem etc etc and then impinged on my beer time as I had to keep checking stuff all weekend for free.

    Bad communication ruins an average AV with a good managment tool.

    PS free avast and comodo at home of course.

  102. Anonymous Coward
    Anonymous Coward


    The Engine IS updated along with the DATs. I administer McAfee via ePO so have some idea of how it works. The only way a person can be running engine 5100 with dat 5664 is if:

    1. They're running unmanaged (i.e. no ePO) and have turned off automatic updating and are manually downloading the DAT only package from time to time and installing that; even if you're not paying your support contract you'd still get engine updates with the DAT updates; the SDat which includes the engine is freely downloadable. It'd be naughty, because you have to tick a box saying "honest I have a support agreement", but if you can get the DATs, you can get the engines.


    2. They're running ePO and the administrator has disabled automatic updates to the engine, and done bog all about manually upgrading the engines.

    Either way it does take some administrator muppetry to fall foul of this one. I was kacking my pants until I found it only affects the 5100 engine. To my mind it was a bit like discovering the problem only occurred with NT4.

    To other posters above - 7.0, 7.1, 8.0i, 8.5i are NOT engines; they are versions of the AV application itself, so anyone banging on about using the "8.5i engine" or whatever knows bugger all. 8.5i initial install comes with 5100, but as soon as you update it you'll find it's on engine 5301.something.

  103. Anonymous Coward
    Anonymous Coward

    @Anonymous Coward 06:47

    Erm.. bit behind the times. Vista's much maligned UAC does pretty much EXACTLY what Ubuntu Linux does - creates a group of users with the right to elevate their rights to root/administrator [i]if they explicitly declare their intention to[/i]. The only difference really is that Ubuntu turns root into a user you don't actually log in as at all; UAC turns it into an ordinary account which has the ability to elevate itself by default.

    I use both and the similarities between Ubuntu's su model and Vista/Windows 7's UAC are striking.

  104. kain preacher

    Never Update Over A Weekend!

    the reason why my company did updates on the week end is simple. If it breaks on a saturday, you don't have an office full of users screaming at you .

  105. Anonymous Coward
    Anonymous Coward

    Yeah ok

    I can't believe people here are actually advocating having a computer on the wire sans ANY anti virus software. All I have to say is that I'm glad I probably wont have any of you as clients because dealing with that level of sillyness would drive me nuts. Hell I don't even a Mac on any network without installing ClamAV X on it. I know McAfee is crap as is Norton and these kinds of false positives are a pain in the ass. But that's no reason so spew out that level of hyperbole.

    Anyway for those interested in something less expensive and with a significantly smaller footprint than either Norton or McAfee I use and recommend Avast, both the free personal and enterprise editions. Having struggled almost as much with AVG as the big two AV programs I can't realistically recommend it anymore.

  106. Slipgate

    Is McAfee that bad?

    I've read through the comments, and I don't actually see many (any?) incidents of people actually being affected.

    I've used most of the major A/V brands and the only one's I'd use in an Enterprise are Trend and McAfee. Symantec is toilet, in my experience and AVG didn't do it's job - after removing it on one site, I put on McAfee and it found a whole bunch of crap (AVG was fully up-to-date)

    As for 'lets just put Linux on', I don't think that's a particularly valid argument. I use Mac OS, Windows and Linux and think that they all have their place. On one site I run an NMS system (Nagios) on RedHat, MS Exchange, Terminal Server and some Macs for DTP/Web editing. Anyone who says that anything other than Windows is invincible is dreaming (wait until Linux has a majority share and the virus writers will be changing their focus). I haven't checked the Sendmail bug list for a while, but it wasn't short... The free bit of Linux doesn't include user re-training, deployment, support etc...

    Linux maybe free, but, at the moment, I don't believe it's a viable desktop alternative (the only linuxish one is Mac OS - okay it's BSD, but near enough :-). There are just too many flavours knocking around for any consistency. That's why, partly, that the MS Windows/Office setup is often used. I also haven't got time as a sysadmin to check where Apache is putting it's files now, is it /var/www or /www or /var/html/www for server things, for example.

  107. Joe Good
    Thumb Down

    Why I left McAfee...

    The primary issue I have with McAfee is that they're obviously yet another company that cut corners in critical areas (customer support, QA testing) to pad their bottom line.

    Here's my experience with them, just to make a point:

    - I disabled ActiveX on my machine for everything except trusted sites (Windows Update, the scum!)

    - When I installed McAfee. It wouldn't run. I discovered it was because McAfee required ActiveX controls.

    - I contacted McAfee multiple times through multiple channels (2 chats and more than a dozen e-mails, working with at least 6 different agents and a supervisor). Every time, the conversation went like this:

    "Hello. I've disabled ActiveX for all but trusted sites. I've added and the McAfee executables to my Trusted Sites list, but McAfee still can't run. Can you tell me what else I need to do?"

    "Please enable ActiveX on your system."

    "No. That's not an acceptable answer. I'm willing to activate ActiveX for McAfee alone, but I'm not going to activate it system-wide."

    "I understand. Here are the instructions for enabling ActiveX system-wide".

    "No. I won't do that."

    "I understand. Here are the instructions for enabling ActiveX system-wide".

    "Wait a minute. I just want to know how to enable ActiveX for McAfee without enabling it for everything else!"

    "I understand. Here are the instructions for enabling ActiveX system-wide".

    *Sound of me switching to a new vendor*

    In short, I found myself working with a "security" firm where no one in their support department could figure out why on Earth I'd disabled ActiveX. It made me less than confident in their abilities, to say the least.


  108. Atrox666

    I got affected

    I not only got affected but had to listen to some asshat screen reading tech from India tell me that McAfee couldn't go crazy and start deleting files under any circumstances. Then he told me to boot to safe mode and run a scan after I had already explained that I had slaved the drive on a known good machine and it had scanned clean with 2 AV programs.

  109. Anonymous Coward
    Anonymous Coward

    @Atrox666 - Out of interest... did you come to be running up to date DATs and a really old engine? And I am asking out of interest.

  110. Goat Jam

    @AC UAC

    "Erm.. bit behind the times. Vista's much maligned UAC does pretty much EXACTLY what Ubuntu Linux does"

    Erm, not really. In linux, sudo requires you to type your password in order to do dangerous stuff. It forces users to let go of the mouse and type a password. This has a number of effects. The fact that a password is required should automatically trigger the recognition in even the stupidest of users that something "security related" is happening. That, and the fact that they have hadf to stop flailing with their mouse button for a second gives them time to hopefully understand what is going on, at least a little bit.

    All Vista UAC does is reinforce the already far too ubiquitous behaviour pattern common to most Windows users where you just CLICK-CLICK-CLICK-CLICK until all the windows go away.

    It achieves nothing.

  111. Neoc

    @Fred Flintstone

    I agree with you totally - but re-read my post: I was not having a go at McAfee (the company) for failing to solve the problem (I hope they were on to it), I was having a go at McAfee PR Department for failing in their remit.

    Responding to the "it was a holiday" defence: Bullcrap. If you claim to be an international company selling world-wide, you are bound to have become aware that:

    (1) Hardly anyone celebrates the 4th of July outside of the USA;

    (2) Weekends happen on Saturday/Sunday only in Christian countries - quite a few countries have their weekend on the Thursday/Friday;

    (3) above all, the world doesn't work on Pacific Mean Time, or whatever timezone the McAfee HQ is located.

    As for the "it was an old engine" defence:

    If the old engine was no longer supported, it should no longer be able to accept signature file updates. The fact that McAfee still allowed the new signatures to be used on the old "no longer supported" engines was STUPID. Either it's no longer supported and you no longer cater for it, or you cater for it and it is - by definition - supported.

    In other words, *this event* was a fail along the entire line, from the production of an invalid signature file to the lack of response from the people who are supposed to be the public face of the company.

  112. Anonymous Coward
    Anonymous Coward

    @Goat Jam

    The UAC does require a password if you're not logged in as an administrator. Moreover, it does alert you to the fact that something is happening. I fear it's a compromise; people whinge enough about UAC as it is; can you imagine if they also had to enter a password.

    It's a massive improvement over the ability under XP for malware to just install without you knowing anything is happening.

  113. Anonymous Coward
    Anonymous Coward

    Engines and updates


    If the old engine was no longer supported, it should no longer be able to accept signature file updates. The fact that McAfee still allowed the new signatures to be used on the old "no longer supported" engines was STUPID. Either it's no longer supported and you no longer cater for it, or you cater for it and it is - by definition - supported.


    Heh... I tried AVG v7, and it refused to update its signatures, a big warning message popped up on the screen telling me I must upgrade to v8.

    Why can't McAfee do the same? But then you'll get lusers blindly ignoring that window and saying nothing to their sysadmin...

  114. James O'Shea

    McAfee not alone

    CA just pulled more of this same crap.

    Would someone explain to me again why vendors like CA, McAfee, and Symantec are still in business?

This topic is closed for new posts.

Other stories you might like