McAfee ate my system

By John Leyden → More by this author

14 Mar 2006 10:26

False positive creates havoc

A faulty signature update from McAfee flagged up legitimate application files as infected with a low-risk virus, CTX.

The dodgy anti-virus update (4715 DAT), issued on Friday, March 10, falsely identified a number of component files of Microsoft Office applications and some Windows systems files as infectious. Along with Microsoft Excel, components of Adobe Update Manager, Macromedia Flash Player and Google Toolbar were falsely labeled as viral. McAfee has produced a seven page list of files known to trigger incorrect identification here (PDF).

McAfee has released a new update along with a tool designed to recover legitimate system and application files from quarantine (the default setting). But that's not much use to users that had set their software to auto-delete infected files, who've found themselves with hosed systems.

"We are manually reinstalling, MS Excel, Java Runtimes, and Adobe. A lot of my little network management packages are clobbered as well. Little key generator programs to make WPA keys, Kazaa lite, Spybot S&D, Procomm Plus, all deleted," one Reg sysadmin reader writes. "We set our secondary option to delete because we felt we may have had a worm at the time. We've run their product successfully for four to five years."

Faulty anti-virus signature updates are not uncommon across the industry. However the latest McAfee snafu affects a far wider range of commonly-installed files than is normally the case, causing a wider range of problems. ®

Track this type of story as a custom Atom/RSS feed or by email.

CA issues false warning on JavaScript apps (31 December 2007)
Outlook grim as Cloudmark update crashes email clients (10 August 2007)
False positives run amok in Vista anti-virus tests (3 August 2007)
Dodgy anti-virus update bunfight goes to court (9 July 2007)
Chinese user sues Symantec over dodgy updates (5 June 2007)
Norton's firewall not fiery enough (21 May 2007)
Yahoo! false! alert! drama! (1 March 2007)
OneCare slaps viral warning on Gmail (14 November 2006)
Search results lead to malicious sites (16 May 2006)
McAfee in reseller services push (8 May 2006)
Do dedicated security vendors have a future? (11 April 2006)
Warning over rogue anti-spyware app (7 April 2006)
Sophos in Mac OS X worm false alarm (23 February 2006)
MS anti-spyware labels Symantec as Trojan (14 February 2006)
Symantec false alert floors Macs (10 May 2005)
McAfee to eradicate app assassin bug (8 September 2004)
McAfee AV ate my application (7 September 2004)

Top 20 stories All The Week’s Headlines

Whitepapers
The Register Guides: Email Security Life online: The perfect website The Data Governance Maturity Model Live Migration with AMD-V™ Extended Migration Technology

Breaking Hardware News

Rogue SF sysadmin coughs up passwords

City regains access to its own network

San Francisco City Council regained access to its own computer network today after Mayor Gavin Newsom convinced network administrator Terry Childs to give them the passwords.

Get the ChannelReg newsletters

Related Whitepapers

Solution Brief: Reduce Energy Costs
With Green IT Solutions
What Every E-Business Should Know about SSL Security and Consumer Trust
A Verisign Business Guide
Server Consolidation and Containment
With Virtual Infrastructure
SSL in High-Security Browsers
The Browser Security Revolution
Making Green IT a Reality
Customer Perspectives on the Impact of Storage Vendor Decisions on Power, Cooling, & Space in Enterprise Data Centers
How IT Management Can "Green" the Data Center
A Gartner Report

Top Stories