CNet News

McAfee pushed out a malformed security patch early on Wednesday that wound up crippling computers running Windows XP, but there is a fix available. Users should note that it’s labor-intensive and must be applied manually to each computer. If you’re running Windows Vista or Windows 7, your computer shouldn’t be affected by the bad update.

This sounds familiar.




  1. trirnoth says:

    Completely understandable.
    Why bother testing something on an OS that has a piddly 58% market share.
    http://w3schools.com/browsers/browsers_os.asp

  2. sargasso says:

    Lotus.

  3. McCullough says:

    Thanks Hop, I am sure I will be getting calls on this. And I will make some money, however, I wish that people could get reimbursed for my service from McAfee. It’s been crap software (as is anything Symantec) for a long time now and they should be held responsible.

    Unfortunately, they will be able to hide behind the EULA agreement.

  4. deowll says:

    Norton trashed two computers for me. I don’t buy Norton any more. The Eula doesn’t make you come back.

  5. BubbaRay says:

    I haven’t used an antivirus program in 4 years. I do use a plug-in for Firefox from McAfee that just rates web sites as safe, caution, don’t go. But that’s it. I have not had a virus in that time period.

    My main problem is from updates from companies that hose the machine, like this one from McAfee, so before allowing any updates, I always do a full disaster recovery backup. Of course, if your backup software updates itself and won’t run anymore, you’re really hosed.

    Turn off all automatic updates!

  6. sargasso says:

    A client’s PC had McAfee Security Scan installed after he updated Adobe Flash. Apparently, Adobe are still bundling it. He did not do the update himself but left a young family member to attend to it. Needless to say, I am in the difficult position of having to explain that as an indirect consequence of following my recommendation to update his Flash Player, his PC is a brick unless he pays me to fix it.

  7. Likes2LOL smh says:

    Geez, what did McAfee do, lay off the entire QA department?

    CNET wrote, “The update released at 6 a.m. PT effectively redirected the PC’s immune system, causing it to attack a legitimate operating system component known as SVCHOST.EXE in the same way that some diseases can cause the human immune system to turn inward.”

    SVCHOST.EXE is such an essential file, its deletion would be hard to miss in any QA test environment.

    I wonder how much loss of business this will cost them, but then again, I don’t understand why anyone buys their products in the first place.

  8. testtubebaby says:

    I get no virus, and my computer works flawlesasl;dfjkl;askjjg[w9qerglearkgjn v

  9. The Volcanic Plume says:

    George Bush is responsible for this.

  10. Luc says:

    I know that I sound annoying when I say this, but it’s the truth: although I am not entirely happy using Linux due to certain inevitable restrictions (mostly those related to living some kind of technological “marginal” life), incidents like this are welcome to remind me why I quit Windows for good four years ago. One could argue this is not Windows’ fault, but it is. If you use Windows, you depend on that kind of software. Geez, I have no such fears. Not only my OS is very secure, but also if I had that kind of disaster, recovering the entire system would be very easy. A simple matter of reinstalling the OS then restoring my /home and /etc directories. Installation of all my third-party software and additional libraries can be automated just as easily. Just as easy has it been to clone my entire desktop on my laptop to the very last and tiny detail so I can barely tell I’m on a different machine. The result is a very high degree of trust I have in the OS. I am not constantly afraid it’s going to break like a plastic toy.

  11. jescott418 says:

    Not sure which is worse the Virus or the Anti Virus? Maybe we need software now to scan the Anti Virus Software? I for one use Free AV software and works just as well. I have not used McAfee crap for a long time.

  12. bac says:

    It is interesting that Windows Vista and 7 are not affected. Especially considering that SVCHOST.EXE is running on all three versions of Windows. Is McAfee losing interest in supporting Windows XP?

    There is always Microsoft Security Essentials. Or upgrade your OS.

  13. Uncle Patso says:

    Apparently software companies age and become senile and useless much more quickly than humans do. (Norton, McAfee) Some flame out even more quickly. (Real) Some manage to hang on by their fingernails for astonishingly long times. (Microsoft)

  14. Rabble Rouser says:

    I’m surprised to see that nobody blamed Obama for this.

  15. Surprised says:

    I’m surprised anyone would still use this software, considering you can get something 10 times better for free from Microsoft. If you insist on paying for something, try Eset Nod 32, they are the best around.

    Or you could buy an Apple and stay safe by having Steve Jobbs not let you do anything you want to do, but only what Apple allows you to do. LOL.

  16. The0ne says:

    #5
    WOT plugin is great for firefox 🙂
    You shouldn’t avoid a better AV program however. Unfortunately this stuff happens at this level simply because the company did not QA the release, enough. It is that simple. All other AV programs suffer similar defects but more so in inproperly defining rather than deleting files. 🙂

    #7
    SVCHOST.EXE is a popular file that some, I think many, virus programs out there like to play with. But what MaCafee did was just stupid.

    #10
    That’s narrowminded thinking. A virus is a program. Most programmers program them for an OS that is widespread so its impact is more severe. Blaming a OS because it holds a huge market share and attracts all types of programs is ludicrous; and that’s being nice.

    You’re feeling safe on Linux because hardly anyone bothers to release programs on it. Why would they? You know why Linux is still small and that’s the very exact reason why programmers don’t release their viruses there. Why infect a measly 2 Linux users when you can infect 10millions users, worldwide! Think Evil man!

  17. Luc says:

    The permission scheme on Linux makes it very difficult for a virus to spread. Even if Linux were popular, Linux viruses would be not. They wouldn’t be effective.

  18. bac says:

    #- Theone — Market share means nothing. All it takes is to infect one machine and the virus will do the rest. The evil doer also does not attach a counter on the virus either so he/she does not know how many machines his virus has infected. The evil doer just knows that since the virus works on one Windows machine, it will work on many more.

    If the evil doer was looking for noteriety, wouldn’t it be better to attack a unix type system so that it hits the majority of web servers. What better way to know that your virus works when half the internet goes down.

    Microsoft came late to security and this is why Windows machines are so great for a virus transmission.

  19. The0ne says:

    #18, #19
    Point well taken and good points at that. When I programmed my viruses back in college, they were meant for Windows PCs. Why? Because there are MILLIONS of dumb users out there don’t don’t give a rats ass about security. Why don’t I infect linux or unix? Again, why would I? The users are more competent and knowledgeable so I would have to spend MORE time to go around them. There would be less unsecure PCs, less PC in general.

    And while you can infect servers and such, why would you unless you really want to do harm? The “fun” is in the mass average users out there and Windows has plenty of them. The risk(s)are also higher infecting servers when you’re found out. So again, why would you unless you intend to do evil.

    As you said, if your virus works on one machine it’ll work on millions more. That can hold true for any OS. No OS is fully secure, don’t kid yourself. Gaining admin rights, removing all the permissions, inviting the entire network…sounds all too familiar. You realize how many Windows use the Admin account when they don’t even need to?

    The market indeed has a big role in this. The millions of Joe and their un-secure PC’s means I can easily find a backdoor, hijacked their PC, and use it…all in their name. When I hear someone talk about not having firewall, AV or any type of protection I immediately think these people are morons just waiting for someone like me to get in.

    Granted I started worms, viruses because I was very interested in AI. I wanted my programs to “grow.” I’ve only use it to do harm once and that was to crash U of MN computer lab for awhile.

    Windows is less secure and it is a great hunting ground for ill-intentioned programmers. There are just way way too many average Joe’s out there waiting to be taken advantage of. Linux just really doesn’t hold any “fun” value to even warrant consideration to BEGIN programming something for it. At least that’s from my point of view.

    You two seem to think Linux is perfect and free of viruses and hacks and history has already shown it’s not. It’s just whether someone wants to or not, and most prefer Windows cause it is EASIER. I hold similar opinions on Mac. Why the hell would I ever even begin programming a virus to release on Mac. They’re already dumbstruck enough owning a Mac for the name recognition. Mind you two, not all Mac users.

    Average Joe’s and more importantly know-it-alls like Bobbo that don’t think they need any protection is heaven for me. Pride and ignorance, savory! 🙂

  20. Nick says:

    I found a good fix that doesn’t rely on ‘copy and paste’ or downloading:

    See post #382
    http://community.mcafee.com/message/125893#125893

  21. Jopa says:

    It is a Zionist conspiracy

  22. bac says:

    #- Theone — The only perfectly secure PC is no PC.

    “You two seem to think Linux is perfect and free of viruses and hacks and history has already shown it’s not.” – Linux is not perfect and I know this because I have been using Linux as my main OS for about 12 years. Unix (linux) type OSes probably get rootkitted more than they get viruses.

    I just think that there are two factors that give the Windows arena the advantage for lousy security. One of the factors is ignorant users which you mentioned. The other factor is an OS that is not locked down at purchase time. From XP SP2 to Windows 7, Microsoft has fixed some of the holes but there are plenty more. Not only is the Windows arena a hunting ground for ill-intentioned programmers it is also home for all those annoying script kiddies.

    If you want fun, create viruses for OpneBSD just to annoy Theo de Raadt.

  23. Dexton7 says:

    And this is why you don’t use anti-virus software from mega corporations… I’ve seen both Norton and McAfee both bring PCs to their knees.

    Avira + Sygate + Microsoft Security Essentials + OpenDNS = pretty good free protection.

  24. Likes2LOL, wondering how much this cost, says:

    FYI, it looks like McAfee is putting some $$$ into not losing their customers:

    “…If you have already incurred costs to repair your PC as a result of this issue, we’re committed to reimbursing reasonable expenses. Steps to process your reimbursement request will be posted in the next few days. Please check back here in a few days.

    Because we value our loyal customers, if your PC was rendered inoperable or severely impaired as a result of the faulty file released you are eligible for a two year extension of your existing McAfee subscription free of charge. Instructions will be made available during your call with the technician….”

    Ref: http://bit.ly/bmPyvn

  25. Glenn E. says:

    I’m surprised to see that nobody blamed Global Warming for this.

    Just joking. But I question whether AV software isn’t potentially more of a problem, than the likelihood of what it might prevent your PC from being infected by? Especially if one merely takes better care and caution about their surfing and downloading activities. Rather than depending on AV to save them from their carelessness. It’s been claimed that using a “Limited User Account”, rather than the “Admin. User Account” for common use. Eliminated all IE8 vulnerabilities. 94% of all IE7 and IE6 vulnerabilities. And 64% of all other Windows software vulnerabilities. Add to that, the HOSTS file filtering, and a decent Firewall. And you very likely don’t need any AV ware. Also running Microsoft’s own updated Malware Removal Tool, once a month, should cover it. And it doesn’t require installing and constant running.

    If you are someone who really needs some AV constantly running in the background, to check everything you do for viruses. Then the problem is more about how you’re using your PC. Like people who overeat, need a diet. Rather than a stomach bypass operation. Or who drive drunk, need A.A., rather than a bigger car.


0

Bad Behavior has blocked 5901 access attempts in the last 7 days.