McAfee Excels itself with security glitch
Published: 13 Mar 2006 08:45 GMT
For a brief period last Friday, McAfee's security tools killed more than viruses.
An error in McAfee's virus definition file released on Friday morning caused the company's consumer and enterprise antivirus products to flag Microsoft's Excel, as well as other applications on users' PCs, as a virus called W95/CTX, according to Joe Telafici, director of operations at McAfee's Avert labs.
"At about 1 p.m. PST [Pacific Standard Time] we started getting reports that people were seeing an unusual number of W95/CTX infections in their environment," Telafici told CNET News.com, ZDNet UK's sister site. "Files that we did identify would probably be deleted or quarantined, depending on your settings."
When a file gets quarantined, it's renamed and moved to a different folder. McAfee's antivirus software detected Excel.exe and Graph.exe, two Microsoft Office components, as well as other software, including AdobeUpdateManager.exe, an application installed alongside Adobe products that deals with software updates, Telafici said.
About 100 customers, individuals as well as corporations, reported the problem, Telafici said. McAfee, the world's second largest antivirus software vendor, rushed to fix the mistake. Consumers were automatically reverted to the older definition files at about 2:30 p.m. and an update was pushed to corporate users an hour later, he said.
The issue affected only desktop antivirus software, not McAfee's network-level products that scan e-mail, Telafici said. Also, the incorrect detection occurred only if the user ran a manual virus scan or during a scheduled scan, not during idle time or background scanning, for example, he said.
Such problems with security software are called false positives and they happen occasionally. McAfee typically has to do an emergency release of a virus definition file once every three months because of a false positive issue, Telafici said. "This is our once for the quarter I think," he said.
However, this time around it was a particularly big goof, because the company faulted Excel, Telafici admitted. "Usually, it is either custom applications or applications that did not exist at the time we wrote the signature file," he said.
McAfee has been able to pinpoint the cause of the problem and hopes it can avoid it in the future, Telafici said.
The problem occurred with virus definition file 4715, which was released at about 10:45 a.m. on Friday as part of McAfee's daily update cycle. The repaired, emergency-definition file 4716 was pushed out at about 3:30 p.m.
Did you find this article useful?
154 out of 215 people found this useful
- Share this article:
Full Talkback thread
3 comments
