“It burst into flames! Get out of the way! Get out of the way! It’s fire and it’s crashing! It’s crashing terrible! Oh, my! Get out of the way, please! It’s burning, bursting into flames and is falling on … and all the folks agree that this is terrible. This is the worst of the worst catastrophes in the world! Oh, it’s crashing… Oh, the humanity!”
OK. Herbert Morrison’s description of the Hindenburg disaster may be a bit over the top when describing what McAfee inadvertently unleashed on network managers last week… but may be a matter of perspective, as in… “Where were you when the balloon dropped?”
![[Computer after running McAfee virus definition file 4715.DAT]](http://www.trimmail.com/news/images/jpg_hindenburg)
McAfee claimed that, after releasing virus definition file 4715.DAT, reports started flooding in about false positives. Seems software, like Excel, Symantec’s Ghost and Oracle, was being tagged as the W95/CTX virus, then quarantined, patched, and/or deleted (depending on settings).
The user experience was slightly more intense. Dan O’Donnell related his experience at blony.com:
Infected files began accumulating … The toll was mounting quickly - a disaster in the making; many development files and libraries were tagged as infected and I’m already behind. But it smelled fishy; the files were unusual, deep in reputable dot net assembly libraries, deep into Visual Studio, Cygnus, Gimp, Vim - some of which I was using …As the number of infected files rolled past 100, I found the link (click on this post title link) that began to make me breath easier. McAfee had released a DAT earlier in the day (DAT 4715, March 10, 2006) that falsely detected W95/CTX!
I went to the McAfee forum topic for breaking virus news and it was LOCKED! With nothing regarding the faulty DAT!
At least one hapless savant found herself caught in an endless loop:
I opened an email attachment yesterday and got a window that said something was intruding and then everything went haywire. A virus corrupted 27 files named - W95/CXT…According to McAfee, the W95/CXT virus is a new virus that came out 3/10/06. It wiped out Outlook Express, all of my Favorites, most of the icons on desktop, and now none of my settings will save, even though when I shut down the computer it says it’s saving my settings…
I have re-scanned with McAfee to make sure the virus is gone and it is gone - so I’m not being re-infected.
This virus - W95/CTX - is a new virus that came out yesterday. McAfee did not stop it on my computer. I had 27 infected files. When I look at these files, some are the ones I have cleaned, but there are many other kinds of files. The files have been quaranteened because McAfee software says you cannot clean them.
Obviously, the maker of this virus has found a way to twart the standard way to fix this problem. The standard way doesn’t work.
Savvier victims resigned themselves to rescheduling the weekend for disaster cleanup. A commentor at Broadband Reports spoke for many: “I had 161 files false tagged and quaratined because of this fiasco! Now I’ve got to go back and restore each one by hand!!!!”
Once they realized the magnitude of the disaster, McAfee engineers quickly rebuilt the DAT file and released 4716 within (McAfee claims) 2-1/2 hours. That wasn’t quick enough for some. Randy Spark wrote at CNET: “McAfee’s website … did not at all indicate this was their error!!! I find this to be shameful and neglectful on the part of McAfee, and will discontinue service upon installation of a new virus program!”
And the company’s communication was interpreted by some as flatfooted. As O’Donnell noted, “It cost me a couple of hours I can’t afford and I was angry with McAfee for not providing a warning - not even on their breaking virus news forum.”
Like the Hindenburg disaster, McAfee’s 4715 will be remembered by bruised victims for a very long time. But luckily for McAfee, there’s always a fresh crop of inexperienced, out-of-the-loop newcomers to sell… and many knowledgeable handlers are bitter and disillusioned with McAfee’s competitors, too:
I installed McAfee on my last “off the shelf” computer … because it was “free”. One of the most expensive mistakes I have ever made. It about destroyed my system, and it took weeks of hand-fixing to get it back. Excel never has totally recovered, even with Microsoft’s 2nd level support help when I bought the full Office 2003 Pro to try to recover. Never again…I now own Symantic and Trend Micro. Still have not decided which does the least damage.
Missing a virus, in my experience, has almost never done the damage of an anti-virus program gone berserk!!!
It could have been worse. At least source code’s not combustible, or you can bet somebody at McAfee would have lit it.
Email Battles Backgrounder:
9 comments
Comments feed for this article
March 14th, 2006 at 1:18 pm
Zippy
I spent a whole weekend trying to dig out of this. Thanks McAfee!
March 14th, 2006 at 4:47 pm
Millhouse
I know more people who’ve had problems with McAfee messing up their computers than I know people who are still using it.
March 23rd, 2006 at 9:57 am
Ensley Cooper, Selective Title Research
Everyone seems to enjoy attacking McAfee. It’s hilarious because most have yet to discover that the ONLINE SUBSCRIPTION applications are better than the BOXED Version. I had Signature DAT File on my system for a while. I always run a scan after it installs. NO FILES WERE TAGGED “W95/CTX”. NOTHING WAS QUARANTINED. Virus Scan ONLINE ran perfectly. It scanned 11.2 GB of data, and the program informed me that the hard drive was clean. Solution: (1) Don’t mix brands of protective software unless you know what you are doing, e.g., Zone Alarm instead of the McAfee Firewall. (2) Don’t buy the box. Get the Online Subscription applications. The updates are quicker as well as automatically downloaded. And if you went to http://vil.nai.com/vil/content/v_138884.htm you would have found several links provided by McAfee to help you get your PC back to normal. AVERT Laboratories makes a goof, and everyone wants to vilify them. What about when they issue an emergency out-of-cycle DAT File so you are protected from a virus that is a “Medium” Threat or higher, and you get it before the malware hits your area? How about giving them credit for that? They have the best Emergency Response Team on the globe. Does Norton offer you the opportunity to upload possibly infected files DIRECTLY into their Virus Research computers like McAfee does? If you are going to vilify a good company like McAfee, then show fair reporting and say what they do right. No far-left slant & spin, please!
March 23rd, 2006 at 10:29 am
Editor
@Ensley Cooper.
Good input. Others have obviously had a different experience with McAfee.
We vehemently disagree on the idea of using a monolithic solution. You’ll have a tough time finding any sizeable contingent of security professionals (who are not aligned in some way with monolithic vendors) who think that strategy belongs in the Best Practices category.
As for what’s good about McAfee… Surely their advertising budget is large enough to buy the spirited promotion of their philosophy, both above board and below.
It’s too bad they don’t move a bit of that treasure chest over to the QoS side of the house.
And about that “far-left” zinger… We have to ask, Ensley: What the hell are you smoking? Your last conclusion brings light to the reasoning behind your earlier comments.
April 19th, 2006 at 5:45 pm
Scott Alan Miller
I am a consultant who was called in to a shop that had Microsoft SQL Server blown away by this “malware”. I would never run McAfee on my own machines nor do any of my “managed” clients touch it. This was one of those great combinations of proving my worth to my regular customers and showing others why they need consultants like me. Thanks, McAfee, its much easier to show value with enterprise outages than with “well the consultant recommended Symantec.”
May 2nd, 2006 at 7:27 pm
Henri Coderre
I don’t know if what happened to me last weekend has anything to do with the W95/CTX virus being mentionned, but here’s what I do know.
The computer started acting strangely, so I decided to restart it, and see if that would solve the problem. My computer is two months old. I have an XP with Service Pack 2, etc. Top of the line computer. Everything worked fine. My computer came with a trial version of McAfee’s SecurityCenter. When the trial was coming to an end, I decided to accept McAfee’s SecurityCenter one year service contract, which includes: Viruscan, Personal Firewall Plus, Privacy Service, and Spamkiller. On the 29th of April 2006, all hell broke lose, when during an update installation for Viruscan I was being prevented from shutting down the computer. A message informaed me that McAfee was running an update installation in the background, and that they would let me know when I could shut down.
I began wondering about the whole thing. I mean, anyone who’s programmed knows how easy it is to make a dialog box, slap in an icon, and write a message aimed at a user. What tells me this is McAfee. I found it harder and harder to believe two hours later that this message was authentic.
After I unplugged the machine twice (the power button was deactivated) I gave up trying, and fell at the mercy of whoever was doing whatever to my new computer. Some eight hours later, the machine closed down by itself. It was two in the morning. I decided to wait until the next day to turn it on again.
At around supper time the next day, I turned on the computer not knowing what to expect. The machine behaved the way it had the day before, and again I decided to shut it down, and restart it. The same message came back on screen. Approximately nine hours later, the computer restarted, and a message appeared telling me there had been an error during the installation of an update for Viruscan. I had to wait that long before finding out what had gone on! I’m not impressed, and as soon as I can, McAfee’s not just losing my business, but I’m making it my business to let everyone I know know about what I think about McAfee’s service.
September 11th, 2006 at 8:19 am
Bob
Tested and removed McAfee AntiVirus Plus 2007….
JUNK ware !
May 18th, 2007 at 7:08 am
I GNU I’d be disillusioned with Windows
I used McAfee viruscan 2 for Windows 95 and it was the best AV around at the time - lightyears ahead of the rest. I was so impressed I upgraded to 3, and then finally version 4, which had endless nifty features but still had a traditional AV interface (easier to use), instead of a “my first computer” web interface like they all have now. Detection was the best in its class throughout the whole time (1996-2001ish). Performance was great. I could fit version 4 on a 486-DX2 laptop with disk space and processor power to spare.
Hell, didn’t it all go pear-shaped! From then on it got worse and worse. Difficult to use interfaces, supposedly designed for beginners; the inability to disable anything or change any settings; automatic disinfection instead of “ask me what to do” dialogues… and now the installer alone for McAfee AV is bigger than the hard disk on my old laptop! And when I tried a trial, it dragged my Core 2 duo to a halt.
Do yourself a favour, and buy elegant, small and separate AV, firewall and anti-adware solutions. Some companies still make ones that don’t bring your computer to its knees, or treat you like you’re an idiot. So many “security” solutions slow your system to a crawl, and automatically remove “threats” without you asking - which in my experience has been as unpleasant as having a virus, and as dangerous than not having an AV at all.
April 1st, 2008 at 7:17 pm
MrMcKeigue
McAfee is just fine. We’ve used it for years. Just because someone f’s up their own computer doesn’t relocate blame.