McAfee update chaos sparks user fury

Powered by SC Magazine
 

Enterprises offered hotfix, consumers asked to reinstall.

McAfee customers had internet access severed and were left exposed to malware after the company issued a glitched anti-virus update.

The update affected all Windows McAfee suites and VirusScan products including the latest version of VirusScan Enterprise and McAfee Security Center.

Anti-virus signature updates (DAT 6807, 6808) would disable the anti-virus clients, and in some cases sever internet access.

McAfee overnight issued an enterprise 100Mb Super DAT (Hotfix 793640) and a consumer fix (DAT 6809) for the borked updates which it rated as ‘critical’.

Enterprise customers had to apply the hotfix as a product update through the e-policy orchestrator, while consumers were advised to remove McAfee from affected machines and re-install the product in order for the fix to be applied.

Furious enterprise and business customers posted comments yesterday on the McAfee blog claiming they were left high and dry after thousands of machines within their companies were left exposed by the updates.

“I currently have over 3000 endpoints with this problem - solution ASAP please McAfee,” customer Derosa wrote.

Another customer, Bostjanc, said they had 46 of 152 machines affected. “Soo theoretically if one of those users … gets a virus and spreads out to rest of the 45 computers, what then?"

“Then I'm f***ed as an anti-virus technical support.”

Another user had 70 systems of 2100 affected, including two "high profile" users. 

Meanwhile, some consumers took to McAfee’s Facebook account to vent anger where support officers were assisting with technical support.

The borked update followed one issued by McAfee in April that crashed email services, and another by Microsoft for its anti-virus product that flagged Google as hosting the malicious Blackhole exploit kit.

AusCERT security analyst Jonathan Levine said organisations should test antivirus updates before live deployment.

“Everything should be tested before going live as part of best practice,” Levine said.

But he doubted many organisations would bother with testing.

Some users writing on the SANS Internet Storm Center supported the suggestion, saying the cost of testing may outweigh the resources to fix “the occasional glitch”.

Others had comprehensive testing procedures. One McAfee user ran an 18-hour delayed deployment schedule in their organisation in which an evaluation branch would test DAT files on a group of servers and workstations before releasing it to another branch for staggered deployment the next day.

“This has saved us during the bad DAT times … if there is an issue, we are usually only one or two DAT releases behind but catch up during the day,” they said.

Copyright © SC Magazine, Australia


McAfee update chaos sparks user fury
 
 
 
Top Stories
IBM denies plans to cut 112k jobs
But admits to further restructuring.
 
ATO investigates 25 tech giants in tax hunt
Prepared to take tax evaders to court.
 
Immigration, Customs restructure IT leadership
Customs CIO promoted into transformation role.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Franchisees, here's something you should know about
Jan 23, 2015
You need to know the Code if you are a franchisee or franchisor as the penalties are significant.
Xero users rejoice! Quoting has finally arrived
Jan 23, 2015
It has taken years, but Xero has at last added integrated quoting to its online accounting software.
You can now get a no-contract wi-fi tablet from Telstra
Jan 17, 2015
Telstra has began selling wi-fi tablets out of contract without paying extra for cellular ...
Get your business ready for 2015: mobile payments
Jan 2, 2015
These handy apps from MYOB, Xero and others can reduce your administrative load and improve ...
Xero prepares for key feature coming in 2015
Dec 19, 2014
Xero users will be able to track how their business is comparing to other Xero users.
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  36%
 
Your insurance company
  5%
 
A technology company (Google, Facebook et al)
  9%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  4%
 
A Federal Government agency (ATO, Centrelink etc)
  18%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  7%
TOTAL VOTES: 2976

Vote
Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
  27%
 
I DON'T support shutting the OAIC.
  73%
TOTAL VOTES: 938

Vote