“McAfee antivirus program goes berserk, freezes PCs” plus 3 more |
- McAfee antivirus program goes berserk, freezes PCs
- Few Answers After McAfee Antivirus Update Hits Intel, Others
- McAfee antivirus update paralyses Windows XP machines
- McAfee antivirus program goes berserk, freezes PCs
| McAfee antivirus program goes berserk, freezes PCs Posted: 21 Apr 2010 02:45 PM PDT NEW YORK – Computers in companies, hospitals and schools around the world got stuck repeatedly rebooting themselves Wednesday after an antivirus program identified a normal Windows file as a virus. McAfee Inc. confirmed that a software update it posted at 9 a.m. Eastern time caused its antivirus program for corporate customers to misidentify a harmless file. It has posted a replacement update for download. McAfee could not say how many computers were affected, but judging by online postings, the number was at least in the thousands and possibly in the hundreds of thousands. McAfee said it did not appear that consumer versions of its software caused similar problems. It is investigating how the error happened "and will take measures" to prevent it from recurring, the company said in a statement. The computer problem forced about a third of the hospitals in Rhode Island to postpone elective surgeries and stop treating patients without traumas in emergency rooms, said Nancy Jean, a spokeswoman for the Lifespan system of hospitals. The system includes Rhode Island Hospital, the state's largest, and Newport Hospital. Jean said patients who required treatment for gunshot wounds, car accidents, blunt trauma and other potentially fatal injuries were still being admitted to the emergency rooms. In Kentucky, state police were told to shut down the computers in their patrol cars as technicians tried to fix the problem. The National Science Foundation headquarters in Arlington, Va., also lost computer access. Intel Corp. appeared to be among the victims, according to employee posts on Twitter. Intel did not immediately return calls for comment. Peter Juvinall, systems administrator at Illinois State University in Normal, said that when the first computer started rebooting it quickly became evident that it was a major problem, affecting dozens of computers at the College of Business alone. "I originally thought it was a virus," he said. When the tech support people concluded McAfee's update was to blame, they stopped further downloads of the faulty software update and started shuttling from computer to computer to get the machines working again. In many offices, personal attention to each PC from a technician appeared to be the only way to fix the problem because the computers weren't receptive to remote software updates when stuck in the reboot cycle. That slowed the recovery. It's not uncommon for antivirus programs to misidentify legitimate files as viruses. Last month, antivirus software from Bitdefender locked up PCs running several different versions of Windows. However, the scale of this outage was unusual, said Mike Rothman, president of computer security firm Securosis. "It looks to be a train wreck," Rothman said. ___ AP Business Writer Daniel Wagner in Washington contributed to this report. Five Filters featured article: Chilcot Inquiry. Available tools: PDF Newspaper, Full Text RSS, Term Extraction. |
| Few Answers After McAfee Antivirus Update Hits Intel, Others Posted: 22 Apr 2010 02:51 AM PDT After distributing a buggy antivirus update that apparently disabled hundreds of thousands of computers on Wednesday, McAfee is still at a loss to explain exactly what happened. McAfee says that just a small fraction of its corporate customers -- less than 0.5 percent -- were affected by the glitch, which caused some Windows XP Service Pack 3 systems to crash and reboot repeatedly. McAfee blamed a bad virus definition update shipped out Wednesday morning, Pacific time, which ended up quarantining a critical Windows process called svchost.exe. By the end of the day, the antivirus vendor still couldn't say exactly what caused the problem. "We're investigating how it was possible some customers were impacted and some not," said Joris Evers, a McAfee spokesman, speaking via instant message. One common factor amongst the victims of the glitch, however, is that they'd enabled a feature called "Scan Processes on Enable" in McAfee VirusScan software. Added in version 8.7 of the product, this feature lets McAfee's malware scanner check processes in the computer's memory when it starts up. According to Evers, it is currently not enabled by default. However, some versions of VirusScan did ship with it enabled. McAfee's instructions for repairing affected computers can be found here. A large number of users reported major problems after installing McAfee's bad update Wednesday. Systems at Intel were knocked offline before the bad update could be stopped, according to Intel spokesman Chuck Mulloy. He couldn't say how many PCs were affected, but said that the problem was "significant." "There were quite a few clients, laptops and PCs [affected]," he said. "We were able to get it stopped fairly early on, but clearly not soon enough." About 40 percent of machines in Washington's Snohomish County were affected by the problem, according to John Storbeck, the county's engineering services supervisor. "This is a nightmare," he said in an e-mail message. In Iowa, a local disaster response exercise was disrupted when 911 computer systems crashed, according to Deb Hale a Security Administrator with Internet Service provider Long Lines in Sioux City, Iowa. County IT staff soon started getting calls from other departments --- including police, fire and emergency response -- and began an emergency shutdown of all computers on the assumption that a virus was spreading. After finishing the exercise, using a radio system for dispatch, participants learned that there was no virus, just a bad McAfee update, Hale said in a blog post. "Thanks to McAfee we were forced to test our response to a disaster while in the midst of a real 'disaster,'" she wrote. According to reports Rhode Island Hospital, the National Science Foundation, and many universities were affected. Local police and government agencies in Kentucky experienced problems. The problem took out PCs at about 40 percent of the customers of U.K. IT outsourcing company Centrality, according to Managing Director Mike Davis. "It's absolutely massive in terms of what we're seeing here," he said in a telephone interview as prepared to leave work at 1.30 a.m. The problem started late in the afternoon, Davis said. "We started getting calls about 4 p.m. U.K. time on our help desk from customers that were having their XP-based machines just reboot seemingly randomly," he said. After realizing that it was happening to several different customers simultaneously, Centrality quickly figured out that the problem had to do with McAfee's update, and started shutting down McAfee ePolicy Orchestrator management servers to keep the problem from spreading. By then, however, several thousand computers had disappeared from the networks it manages. Because the update knocked PCs offline that meant that there was no easy way to fix the broken computers over the network, so harried system administrators had to either walk users through the repair process or fix the infected machines themselves, one by one. For many the problem was strangely similar to a widespread virus outbreak. "This is the worst glitch that I've ever had to deal with," said Ken Whittaker a desktop support technician with a Michigan university that had about 10,000 desktops affected. Whittaker said that only his VirusScan 8.7 users were hit -- others, using the older 8.5 version, were not. It's not unheard of for antivirus vendors to mistakenly flag legitimate software with their updates. Criminals have become so good at switching up their code that companies like McAfee are now churning out millions of signatures in a cat-and-mouse game to identify malware that is in circulation. That leads to errors. Still, that McAfee allowed a major Windows component to be misidentified demonstrates "a complete failure in their quality control process," said Amrit Williams, CTO with systems management vendor BigFix. "You're not talking about some obscure file from a random third party; you're talking about a critical Windows file," he said. "The fact that it wasn't found is extremely troubling." Williams knows what he's talking about. He's a former director of engineering with McAfee. Late Wednesday, McAfee's executive vice president of support, Barry McPherson, posted a short note saying that he had "talked to literally hundreds of my colleagues around the world and emailed thousands to try and find the best way to correct these issues." He didn't apologize to customers but added, "Let me say this has not been my favorite day. Not for me, or for McAfee. Not by a long shot." Five Filters featured article: Chilcot Inquiry. Available tools: PDF Newspaper, Full Text RSS, Term Extraction. |
| McAfee antivirus update paralyses Windows XP machines Posted: 22 Apr 2010 01:53 AM PDT A flawed McAfee antivirus update sent enterprise administrators scrambling today as the new signatures quarantined a crucial Windows system file, crippling an unknown number of Windows XP computers, according to messages on the company's support forum. The forum has since gone offline. McAfee confirmed it had pushed the faulty update to users earlier today. "McAfee is aware that a number of customers have incurred a false positive error due to incorrect malware alerts on Wednesday, April 21," said company spokesman Joris Evers in an email reply to questions. "The problem occurs with the 5958 virus definition file (DAT) that was released on April 21 at 2:00pm GMT+1 (6:00am Pacific)." According to users on McAfee's support forum, today's update flagged Windows' "svchost.exe" file, a generic host process for services that run from other DLLs (dynamic link libraries). "HOW THE F*** do they put a DAT out that kills a *VITAL* system process?" asked Jeff Gerard on one thread. "This is goddamn ridiculous," added Gerard, who identified himself as a senior security administrator with Wawanesa Mutual Insurance Company of Winnipeg, Manitoba, in Canada. "Great work McAfee! GRRRRRRRRRRR." As of 3:30pm ET, McAfee's support forum was offline, with a message reading "The McAfee Community is experiencing unusually large traffic which may cause slow page loads. We apologize for any inconvenience this may cause." Both users and McAfee said that the flawed update had crippled Windows XP Service Pack 3 (SP3) machines, but not PCs running Vista or Windows 7. "Our initial investigation indicates that the error can result in moderate to significant performance issues on systems running Windows XP Service Pack 3," acknowledged Evers. Affected PCs have displayed a shutdown error or blue error screen, then gone into an endless cycle of rebooting, users claimed. McAfee reacted by warning users not to download today's update if they haven't already, and by posting recovery instructions and a signature update to suppress the defective one seeded to users earlier. "Apply the EXTRA.DAT to all potentially affected systems as soon as possible," the company recommended. "For systems that have already encountered this issue, start the computer in Safe Mode and apply the EXTRA.DAT. After applying the EXTRA.DAT, restore the affected files from Quarantine." Unfortunately, those instructions and the suppression EXTRA.DAT update file are not currently available, again because McAfee's support site has gone dark. Instead, users can reach the instructions and EXTRA.DAT file from elsewhere on McAfee's site . "The faulty update has been removed from McAfee download servers for corporate users, preventing any further impact on those customers," Evers said. "We are not aware of significant impact on consumer customers and believe we have significantly limited such occurrence." The company has yet to produce an updated signature definition file to replace the one that crippled computers. A month ago, a BitDefender update clobbered 64-bit Windows machines. In 2005, Trend Micro released a flawed signature update that slowed PCs to a crawl, and McAfee is far from the first antivirus vendor to ship a flawed signature update. In May 2007, a Symantec definition file crippled thousands of Chinese computers when the software mistook two critical Windows .dll files for malware. McAfee is working on helping customers affected by the rogue update, said Evers. "McAfee apologises for any inconvenience to our customers," he added. Five Filters featured article: Chilcot Inquiry. Available tools: PDF Newspaper, Full Text RSS, Term Extraction. |
| McAfee antivirus program goes berserk, freezes PCs Posted: 22 Apr 2010 12:16 AM PDT NEW YORK — Computers in companies, hospitals and schools around the world got stuck repeatedly rebooting themselves Wednesday after an antivirus program identified a normal Windows file as a virus. McAfee confirmed that a software update it posted at 7 a.m. MDT caused its antivirus program for corporate customers to misidentify a harmless file. It has posted a replacement update for download. Online posters said thousands of computers running Windows XP with Service Pack 3 were rendered useless. About a third of the hospitals in Rhode Island stopped treating patients without traumas in emergency rooms and postponed some elective surgeries, said a spokeswoman for the Lifespan system of hospitals. The Associated Press Five Filters featured article: Chilcot Inquiry. Available tools: PDF Newspaper, Full Text RSS, Term Extraction. |
| You are subscribed to email updates from Yahoo! News Search Results for antivirus To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google Inc., 20 West Kinzie, Chicago IL USA 60610 | |
0 comments:
Post a Comment