McAfee: rogue anti-virus slipped quality controls
Web computer security firm McAfee blamed fresh changes to a quality control system for the release of a flawed anti-virus update that sabotaged computers worldwide.
"The problem arose during the testing process for this DAT file," McAfee executive vice president of worldwide technical support and customer service Barry McPherson said in an online message late Thursday.
"We recently made a change to our QA (quality assurance) environment that resulted in a faulty DAT making its way out of our test environment and onto customer systems.
The computer software security file sent out as an update Wednesday confused a valid Windows file with a virus, sending machines around the globe into endless reboot cycles.
"To prevent this from happening again, we are implementing additional QA protocols for any releases that directly impact critical system files," McPherson said.
"On behalf of McAfee, I’m very sorry for how you may have been impacted by the faulty DAT file update."
Universities, hospitals and businesses across the United States were among those reporting problems after the update misidentified a valid Windows system file as malicious code and disrupted computers.
The problem hit corporate users of Microsoft's Windows XP Service Pack 3 operating system, according to McAfee, which released another update later in the day to fix the problem and urged customers to download it.
The Internet Storm Center, an initiative of the SANS Technology Institute which monitors problems on the Web, said "the affected systems will enter a reboot loop and lose all network access."
The center said it received reports of "networks with thousands of down machines and organizations who had to shut down for business until this is fixed."
The McAfee software slip "pretty much took Intel down today," said analyst Rob Enderle of Enderle Group in Silicon Valley.
Enderle told of being at the computer chip titan's headquarters in Northern California for an afternoon of meetings when laptop computers began crashing around him.
"McAfee team members have been working around the clock to fix the problem and work with impacted customers," McPherson said.
"We estimate that the majority of the affected systems are back up and running at this time and more systems are coming back online quickly."
McAfee early Thursday released a "SuperDAT Remediation Tool" that could be used to fix the anti-virus problem.
McAfee initially estimated that the incident has impacted less than one half of one percent of its consumer base and business accounts globally.
Santa Clara, California-based McAfee is one of the world's leading providers of anti-virus software and computer security systems.
"I'm a tech and it's been really busy today; been running around like crazy," a person using the screen name 'fatgeek' said in a thank you note at a McAfee online community page.
"I've made quite a lot of cash since you didn't test your DAT file."
Ironically, hackers were taking advantage of the computer security firm's gaff to trick people into visiting websites promising information or fixes but actually delivering malicious software that infects machines.
(c) 2010 AFP
