Security firm McAfee on Monday issued another apology to the "small percentage of McAfee's consumer customers who [have] an inoperable or severely impaired PC as the result of a faulty file released earlier this month," but is offering more than just lip service this time around.
"For impacted home or home office customers who have incurred costs to repair PCs as a result of the security update issue, McAfee will reimburse reasonable expenses, such as a visit to a local tech support specialist. Details of this program, including steps to submit a reimbursement request, will be posted on the McAfee Web site within a few days, so please check back," McAfee said.
In addition, those same users are eligible for a free two-year extension of their current McAfee subscription. You'll find the extension within the "My Account" section of the McAfee website within the next 30 days, the security firm said.
Security software firm McAfee apologized last week for issuing an update to the company's corporate antivirus suite that caused the scanner to identify a benign file in Windows XP machines as a virus. The screw up, which mainly affected XP SP3 rigs, had IT departments scrambling to repair and restore machines that had crashed.
"First off, I want to apologize on behalf of McAfee and say that we're extremely sorry for any impact the faulty signature update file may have caused you and your organizations," said Barry McPherson, executive vice president of support and customer service, in a blog post.
McPherson went on to blame the situation on a recent change made to McAfee's QA environment that resulted in a faulty DAT making its way out of the company's test environment and onto customer PCs.
McAfee didn't disclose how many computer systems were affected, though some estimates put the number in the thousands. The timing is especially bad for McAfee, as the company's consumer oriented internet security suite seemed to have turned a corner with this year's release, earning an 8 verdict in our recent 10-man security shootout.
There are some details are leaking out regarding antivirus maker McAfee's assessment of yesterday's buggy update to their corporate security software. The update caused Windows XP machines to crash left and right. The confidential documents were sent to Ed Bott, and paint a picture of poor quality control. The anonymous sender of the email says the error was totally preventable.
The document itself seems to indicate that steps in the testing process were not followed. McAfee requires peer-review of all DAT update files, and apparently that didn't happen. They also inexplicably failed to test the update with Windows XP SP3, the operating system affected by the bug. Just as a reminder, this is an enterprise product. You'd expect special attention to be paid to the QC process.
It's a little telling that McAfee's website has not been updated with any details on the error. Could it be they are working on a way to spin this unflattering evidence into a bad news/good news statement? Businesses definitely are suffering financially from this incident which will likely require techs to make a visit to each and every affected PC. Any reports from the field? Are you seeing clean-up efforts proceed as planned?
Users of McAfee's corporate antivirus product found themselves wrestling with some pretty serious problems today. The most recent DAT update for the antivirus suite caused the scanner to identify the benign Windows svchost.exe file as a virus. The antivirus' course of action is clear; it deletes the file. The result is a lot of crashed PCs and unhappy IT departments. This isn't even the first time McAfee has had an error like this.
When the gravity of the situation was made clear, McAfee pulled the update from their servers and reiterated that it had only been pushed out to machines running the corporate edition of the software. The problem, according to McAfee, mainly affects PCs running XP SP3. Given that a lot of business environments still run on XP, that's a lot of potential machines.
McAfee has issued a "fix", but inexplicably, it only helps those who haven't yet had their machines crash after receiving the update. Currently, the only way for IT departments to fix the issue involves repairing the Windows install manually. Has anyone out there had any experience with this bug today?
When McAfee told us it completely re-engineered its security suite from top to bottom, we agreed to include it in this roundup knowing full well we had probably been duped like the guy who drives off the used-car lot without a warranty. We were wrong.
To our eyes, this is a completely revamped McAfee. MIS 2010 rolls off the lot with a much-improved UI over previous versions, and manages to balance ease of use with a high level of customization. For those who care to do so, McAfee makes it easy to dig deeper into each of the main menu’s modules, but you’ll never feel lost or overwhelmed.
Underneath the hood sits a more performance-oriented engine than what you would expect from a McAfee product. Where last year’s version felt like a dilapidated Pinto, the 2010 model has all the makings of a sporty sedan. To reduce the time it takes to scan a system, McAfee caches files and puts together a white list of files it can safely skip. Depending on how clogged your hard drive is, McAfee claims this can result in up to eight-times-faster scans (we saw a 50 percent improvement).
One way to put your system at risk is to zip across seedier sides of the Web visiting a bunch of porn sites, but there's an bigger threat, according to McAfee. In a new study, the security firm says that downloading digital music is twice as dangerous as visiting triple-X sites.
McAfee claims just 9 percent of adult sites are riddled with malware, adware, and spam, compared to 19 percent of digital music sites. The reason? It's harder to make a buck selling music than it is peddling porn.
"The tier-one adult sites are doing phenomenally well as businesses, and because of that they very much have their house in order," McAfee senior product manager Mark Maxwell told The Los Angeles Times.
Stalking certain celebrities online is pretty risky too. According to McAfee, searching for Britney Spears turns up more dangerous sites than searching for Lindsay Lohan. And here's your quirky stat for the day: searching for Brad Pitt and Jennifer Aniston is 36 percent more likely to bring up suspect sites than searching for Brad Pitt and Angelina Jolie.
The internet is becoming increasingly popular with both state and non-state actors as a launchpad for attacks against critical infrastructure belonging to their enemies. A new McAfee report gives a measure of the preparedness and vulnerability of key infrastructure enterprises.
“From public transportation, to energy to telecommunications, these are the systems we depend on every day. An attack on any of these industries could cause widespread economic disruptions, environmental disasters, loss of property and even loss of life,"said McAfee CEO Dave DeWalt.
He fears an attack of the magnitude of the recently discovered Operation Aurora being targeted at critical infrastructure. DeWalt termed Operation Aurora “a watershed moment in cybersecurity.” The attack was recently discovered by Google, which revealed that the attackers used zero-day bugs in Internet Explorer and targeted several other organizations apart from Google. It is said to have emanated from China.
Security firm McAfee said today that the recent China-based attack on Google and other companies was the result of a new security hole in Internet Explorer. McAfee says the vulnerability is not publicly known, but they have informed Microsoft and expects them to take action soon. So a Microsoft product could be the indirect cause of Google pulling out of China. This must be Microsoft’s favorite software vulnerability ever.
McAfee’s George Kurtz wrote on the companies official blog, “These attacks will look like they come from a trusted source, leading the target to fall for the trap and clicking a link or file. That’s when the exploitation takes place, using the vulnerability in Microsoft’s Internet Explorer." Kurtz was also careful to point out that they have only confirmed that Internet Explorer was a vector of attack; there could have been others.
Further, McAfee says they have cleared Adobe Reader of involvement in the attacks. This comes after several reports implicated the oft exploited software suite.
Facebook just added McAfee to its friends list in a big way by announcing a year-long partnership with the security firm that will allow all 350 million Facebookers to download a six-month subscription to McAfee's security software.
"We have a lot of control over security measures on Facebook. However, we don't control other websites and services you visit that might infect your computer. For this reason, we recommend that you install updated security software, which you can now do at no cost through this partnership," Jake Brill, a project manager for Facebook's integrity team, wrote in a blog.
More than just a marketing promotion, Facebook is actively integrating McAfee into its operations. Should the social networking site detect that your computer has been compromised, you'll be asked to run a scan before accessing the site.
Security provider McAfee announced a new agreement to provide its subscription-based Total Protection Service pre-installed on HP's StorageWorks X500 Data Vault series storage devices.
"Customers want to share important documents, photos and media files with the assurance that they are protected from viruses and spy ware," said Lee Johns, director of marketing, StorageWorks, HP. "When our customers access a file on their HP Data Vault device, McAfee Total Protection Service automatically scans and blocks viruses, spy ware, unwanted programs and other potential Internet threats to ensure greater security."
McAfee says the service is available right away as a 90-day trial subscription. Once the trial ends, the service reverts to its subscription model, with pricing based on the number of storage arrays.