Login:
Password:
Lost Password?
Print this article  |  E-mail this article  |  Comment on this article

McAfee Gaffe Deletes Excel, Other Apps

By Ed Oswald, BetaNews

March 13, 2006, 1:40 PM

An error within the virus definition file for McAfee's antivirus software marked several Microsoft Office components, some Adobe product applications, and several other programs as viruses. Depending on the settings, these files would be either quarantined or deleted.

The update was released Friday, and by the afternoon the company was made aware of the issue after it began receiving unusually high reports of the virus known as W95/CTX. By the evening, McAfee had pushed an update to its servers to fix the problem.

McAfee was mistakenly marking excel.exe and graph.exe, two Office components, Adobe's AdobeUpdateManager.exe, and several other applications as containing the virus.

Affected were desktop versions of the software, but not McAfee's network-level product. In order for the error to affect users, however, a scan must have occured manually or automatically during the roughly five-hour window that the update was on McAfee's servers.

Virus definition file 4715 was released at 10:45am Pacific Time Friday, and replaced with the corrected file, 4716, at 3:30pm Pacific, the company reported.

While errors in definition files do happen, mistakes like Friday's are much less common. Usually new applications, or ones custom built by developers, are affected by these issues. This error is one of McAfee's bigger mistakes, it admitted.

McAfee said it is working to prevent the issue from happening again, and it had found the source of the problem.

Add a Comment (30 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By cyberdoc9999

edited Mar 14, 2006 - 4:03 AM

Although Windows XP has been released for some time, many of the world's leading antivirus vendors including Norton and McAfee are still in the process of assuring compatibility. As these companies continue to fix their bugs, a vendor called NOD32 has already beaten them to the punch.
In fact, Microsoft itself is a four year customer of NOD32 and the software giant has just signed on for an additional two years of service. Microsoft places so much confidence in the Nod32 antivirus product that it uses Nod32 on ALL of the computers that it owns. (That’s right Bill Gates uses Nod32 to protect his computers)
How could such an unknown score such a high profile account? The answer lies in Nod32's rich detection capabilities, small footprint and feature set. For starters, Nod32 detects and removes 100 percent of all known viruses according to the latest Virus Bulletin research.
Nod32's resident antivirus scanner also has advanced heuristics to detect and remove most unknown viruses and Trojans.
Nod32 also makes a negligible impact on system performance because it is coded in assembly language.
NOD32's negligible impact on system performance has led to its growing popularity among gamers.
Nod32 is comprised of modules: IMON, AMON, and NOD32. IMON monitors all internet traffic for malware, is browser friendly, has support for hyperthreading and includes a file download progress window in its e-mail client plug-in.
The software also receives hourly updates and does not need to be uninstalled when an upgrade is released.

Score: 0

By melkor

posted Mar 14, 2006 - 7:19 AM

About time somebody stood up to the crap that MS force feeds us. Oh wait it was a mistake? Was that before or after MS & Adobe lawyers called?

Score: 0

By CyberDoc999

posted Mar 14, 2006 - 4:04 AM

NOD32 Antivirus Beats out Leading Companies

Although Windows XP has been released for some time, many of the world's leading antivirus vendors including Norton and McAfee are still in the process of assuring compatibility. As these companies continue to fix their bugs, a vendor called NOD32 has already beaten them to the punch.
In fact, Microsoft itself is a four year customer of NOD32 and the software giant has just signed on for an additional two years of service. Microsoft places so much confidence in the Nod32 antivirus product that it uses Nod32 on ALL of the computers that it owns. (That's right Bill Gates uses Nod32 to protect his computers)
How could such an unknown score such a high profile account? The answer lies in Nod32's rich detection capabilities, small footprint and feature set. For starters, Nod32 detects and removes 100 percent of all known viruses according to the latest Virus Bulletin research.
Nod32's resident antivirus scanner also has advanced heuristics to detect and remove most unknown viruses and Trojans.
Nod32 also makes a negligible impact on system performance because it is coded in assembly language.
NOD32's negligible impact on system performance has led to its growing popularity among gamers.
Nod32 is comprised of modules: IMON, AMON, and NOD32. IMON monitors all internet traffic for malware, is browser friendly, has support for hyperthreading and includes a file download progress window in its e-mail client plug-in.
The software also receives hourly updates and does not need to be uninstalled when an upgrade is released.

Score: 0

By PC_Tool

edited Mar 14, 2006 - 8:54 AM

Nice Ad...

And, typical of such things, it includes, at no extra charge, unfounded accusations, and claims of excellence with absolutely nothing to back them up.

As a long-time NOD32 user, I find this kind of crap insulting.

If you're going to make wild claims like MS using it, back it up, or shut up. You're not helping Eset at all.

Score: 0

By xyzcb1

posted Mar 13, 2006 - 5:38 PM

why is that when corporation released a program to delete files from your computer, they called it a program mal-function, and have no penalty. But an individual put out a program with the same function and it's referral as virus, and the individual get to put behind bar if caught?

Score: 0

By mjm01010101

posted Mar 13, 2006 - 8:30 PM

Programs have EULA's that you essentially sign away your rights for damage or compensation. Now, if virii had them, that would be an interesting little legal test....

Score: 0

By templarâ„¢

posted Mar 14, 2006 - 1:10 AM

lol

Score: 0

By treworld

posted Mar 13, 2006 - 5:36 PM

Thats what they get for hiring dumb***es that just graduated from a technical school with a Bachelor and thinks they can go out into the real world.

Score: 0

By TomA102210

posted Mar 13, 2006 - 7:42 PM

Thats what they get for hiring dumb***es that just graduated from a technical school with a Bachelor and thinks they can go out into the real world.

---------------------------------------------
I bet you didn't take four years out of your life and devote it to academics, did you? Like you they start out somewhere just as you have regardless of your chosen endeavor. The difference is, they have a degree and you don't.

Score: 0

By AlexBR1974

posted Mar 13, 2006 - 5:15 PM

McAfee and Symantec are crappy and buggy software! Get a decent antivirus, use Nod32.

Score: 0

By TomA102210

posted Mar 13, 2006 - 7:38 PM

McAfee and Symantec are crappy and buggy software! Get a decent antivirus, use Nod32.

-----------------------------------------------
And they are crappy and buggy how? I've used both (still using McAfee) and nary a problem.

Score: 0

By PC_Tool

posted Mar 14, 2006 - 9:03 AM

Dunno about buggy, but resource usage and speed alone make them far less desirable than NOD32.

Been using NOD32 for about 2 1/2 years now after Norton, and we use McAfee at work here. I recommend NOD32 to everyone who asks. Even our sales people are using it on their personal laptops now.

"NOD32 is the world leader of the Virus Bulletin 100% Awards having won more awards (34) than any competing product. Since its first submission for testing in May 1998, NOD32 was the only tested product that has never missed a single In the Wild virus."

Score: 0

By klingon379

posted Mar 14, 2006 - 2:22 AM

McAfee has much worse virus detection and removal than Symantec but on the other hand Symantec made the horrible mistake of adding product activation.

It's very disappointing to see other companies make the same mistake Microsoft made with their applications. Imagine if you upgraded your computer too many times and you had to reactivate Windows XP and all of your applications over the phone. Activating Windows XP over the phone is bad enough.

I say go with Alwil's Avast antivirus software.

Score: 0

By RobertM

posted Mar 13, 2006 - 3:28 PM

Odd. A similar problem happened with the Sophos for OS X update a few weeks ago. Luckily my AutoUpdate wasn't working at the time and I don't have Office for Mac (or Windows, for all it matters), but IIRC, it caused similar problems.

Score: 0

By mjm01010101

posted Mar 13, 2006 - 2:11 PM

How exactly do these AV vendors test their products? Surely they have a matrix of a few hundred machines, or VM's setup with common scenarios to get false positives, or a beta group within their corp?

Sloppy. Trend made the same mistake a few times over the past few years also.

Score: 0

By chowmein

posted Mar 13, 2006 - 6:59 PM

Easy- The "matrix of a few hundred test machines" is actually a matrix of a few million. And your machine is one of them.

Score: 0

By kingkong316

posted Mar 13, 2006 - 2:50 PM

Lavasoft actualy has a beta testing program for their definitions you can sign up for it (anyone can) I forget the website now but I am sure some nice fellow will come by and post.

Score: 0

By Das mod

posted Mar 13, 2006 - 2:11 PM

HAHhaHAHhaHAHhaHA
(sorry about the immaturity, but this is just way too funny :P ..... altho i wish it would've been symantec instead)

Score: 0

By cPingN

posted Mar 13, 2006 - 2:54 PM

They're both equally pathetic. Now when Kaspersky makes such a mistake, it will be a sad day in AV history indeed. ;)
Another good laugh is the detection rate of some of the more popular software:
http://www.virus.gr/engl...lt.asp?id=72&mnu=72
Norton: 85%, Trend: 78%, AVG (pretty popular here): only 78%

Score: 0

By rijp

edited Mar 13, 2006 - 3:12 PM

There are 3 distinct levels of viruses. They all get lumped into the same category.

1) Virus
2) spam
3) spyware

Some track email clients, which detects spam, some puts it into a category for virus or a non-virus, and some differentiate between all 3. We use Trend, trend only identifies probably a little more than half of the spyware, because its not a spyware program, its a VRIUS checker. Same with other companies.

As soon as they indentify PURE spam from a VIRUS, I will continue to ignore these so called "detection rates". They are bogus at best. I dont' trust them.

There are so many products on the market, and so many new strains of viruses everyday, and some companies refuses to acknowledge that some products are even spam/viruses in the first place, such as the *.wmf metafile extension in Microsoft. Microsoft designed it to be a certain way, you can exploit it all you want, but its not a virus. ANYTHING can be abused/changed to be deviant.

I could simply write a program myself, make it appear to be working well, and behind the scenes its delecting, watching, changing code, data, registry entries, you will never know unless you monitor them manually, and all of this I can do in plain sight of a virus program.

Only true anti-spyware programs monitor registry (ad-aware) regmon, for changes, and you have to allow programs to make those changes, but it will never be flagged as a virus, I dont' care how observant you are.

One last thing, 75% of ALL damage to the machine, comes from USER ERROR. Not a virus, not a spam, not spyware, not a trojan, USERS are their OWN worst enemy.

The best spyware/antivirus program in the world will not stop bonehead users from careless behavior, period, end of subject.

Score: 0

By Das mod

posted Mar 13, 2006 - 3:09 PM

oh, you're right ....
if it would've been Kaspersky
i wouldn't be laughing :(

Score: 0

By rijp

edited Mar 13, 2006 - 3:27 PM

I have news for you, there is an enterprise level virus protection, and there is home protection products.

I guarantee you, 100% Kaspersky is NOT an enterprise level virus program.

There are only 2 recognized, globally used virus checkers on an enterprise scale.

Trend and Symantec. That's it. Others try, McAfee, ESET, AVG, etc.. but they only are for small environments.

I am talking large companies, like 3,000 plus users.

Call up ANY, ANY large company, Coca-Cola, Walmart, Home Depot, IBM, Microsoft, you will NOT find Kaspersky, McAfee, or any of those "home" products on their production, work machines across their platforms. NONE.

You will only hear 2 names, Symantec and Trend.

Symantec, has some serious issues, but they at one time, were the leader in antivirus protection, Trend is much, much larger.

So pick on trend all you want, I will put Trend Office scan up against ANYTHING kaspersky has to offer on a daily basis, and it will put kaspersky, avg, and mcafee/symantec to shame.

You only use what you know, because you are not an IT/CIO in a LARGE enterprise. We investigate thousands of products a year, and Trend is among the best.

You have to look beyond the stats (slanted by other companies which are not as large) and take into account, that people don't maintain their machines like they are supposed to. That's where those 78% non-detection comes from.

I GUARANTEE, you bring ANY virus into ANY LARGE corporate environment, like Walmart, Hope Depot, IBM, Coke.. they will NEVER compromise their data. PERIOD. If they even had the slightest inkling their data couldn't be counted on from a daily basis, their Antivirus would be gone in heart beat.

So, Kaspersky is a joke, for enterprise users. It works great for you, because you only have 2 measley machines, or whatever. Try to manage a product thousands at a time, across multiple platforms, around the globe, simultaneous deploy updated definations, spyware and notifications within minutes for 15,000 machines, and come back and talk. Until then, your piss ant, kaspersky product, couldn't keep up.

So before you think you have the authority on AV, think again. You know zip.

Enterprise level protection isn't ALL about stats, its about management, deployment, AND protection.

A product is only as good as its tools, there is NIL support from a management standpoint, from anything those small time products have to offer.

Symantec is well known among home users and enterprise. Trend is *THE* world leader in AV protection for large companies.

You don't believe me, make some phone calls.

Score: 0

By PC_Tool

posted Mar 14, 2006 - 9:10 AM

Heh...

So...we now base our technical "level of excellence" based on what some technically illiterate CEO mandated 10 years ago?

Sorry, I've met some of those CEOs, they couldn't smell a good AV scanner if it jumped on their faces and farted. Their decision is based on one thing, and one thing only: Money.

The one that can give them the best deal gets the order. There's nothing, even with my beloved NOD32, that is going to make *any* CEO pay thousands more for over another competign client.

Point, you ask? Symantec and Trend have, in the past, consistantly offered better value to larger corporations. McAfee is getting much better at this now, though.

Please don't equate excellence with the choices of *any* CEO...unless you are talking about Golf Resorts. ;)

Score: 0

By sst

posted Mar 13, 2006 - 8:57 PM

I plead a bit of ignorance.
An Enterprise application must be administration-capable from a Remote site. That isn't necessary for my six-pack of systems. And, it seems that the administration-software cost would allow me to upgrade to all 64-bit portable desktops.
I'll continue to update mine individually, with a reliable product.

Score: 0

By chowmein

edited Mar 13, 2006 - 7:19 PM

This is such BS it's not even funny. You talk about major corporations as though they have some level of technical competence that - in reality - does not exist. I know because I have worked in 3 of the ones you mentioned - as a consultant on network infrastructure.

Score: 0

By mjm01010101

posted Mar 13, 2006 - 4:56 PM

I use trend, enterprise version, and even I don't have 50% of the confidence level you do. If you are relying on definition based updates for network protection then you are also sorely mistaken. Those companies you mention may use trend on the client perimeter, but you can bet your *ss they use IDS, rules, router, other level protections for their internal networks. AV is too slow, even hourly updates are too slow these days, ever since Code red , Nimbda, the SQL bugs, which spread within hours WORLDWIDE.

Trend has had it's share of mishaps, remember Japan in 2005?
http://crn.com/sections/...tml?articleId=161601228

All I'm saying is your confidence in these two major players is a tad startling. Also, there is nothing preventing kapersky from entering the enterprise space if it's detections rival the others and it gets it's management tools in gear. I personally can't stand Trend's process for renewing my contract, it's clunky and slow.

Score: 0

By Das mod

posted Mar 13, 2006 - 6:33 PM

yup, well said
just as any GOOD sys. admin. should know
" you just cant rely on AV by itself ..."
sonic wall works great and if kapersky were to improve a bit, both would make a great working pair ...

Score: 0

By Das mod

edited Mar 13, 2006 - 3:36 PM

lol .... you're funny ....
but you have to relax little man ...
as i've stated before in various post ...
im a server admin and guess what i use
NAV 10 (corporate edition) :) ...
yes, you read it right ...
it does let a few viruses in now and then but nothing compares to its performance ....
i know how it performs and am well aware of its capabilities along with its competitors but i still find this mcafee glitch funny :P ....
being that the article NOWHERE mentions the problem being at corporate level, why would i need to mention "corporate level" apps ?????
YUP, same reazon why i dont have to show the world what i wear, what i eat, what i listen to or what i watch

Score: 0

By CMSTech

posted Mar 13, 2006 - 10:42 PM

Yep, I agree

I also use NAV 10 for my 100 or so machines. People keep complaining about NAV however I don't see the issues they mention on my machines. However I keep strict control of my machines and lock the users out of alot.

I scan incoming email with both Kapersky and NAV SMTP and my results are weird (Kapersky scanning first). NAV catches a fair amount of viruses that Kapersky misses..I am not impressed with Kapersky, but I don't hate it either. I use both so I don't keep all my eggs in one basket with email scanning.

I looked at Trend a couple of months ago when it was time to renew NAV licenses. After looking at everything and installing the trial. I decided to stick with NAV. I just didn't like losing some of the functionality that NAV allowed.

Oh well, at least some virus scanning is better then none!

Score: 0

By Thornsoft

edited Apr 11, 2006 - 12:10 PM

They're at it again. I received several alarming letters from my users (my product is the ClipMate Clipboard Extender), reporting a problem with unins000.exe
That's the uninstaller for my app, which uses Jordan Russel's Inno Setup. As do THOUSANDS of other apps. It seems that they picked THIS, to "uniquely" identify a "signature" of some virus.

I've started a discussion for my users:
http://www.thornsoft.com...B2/viewtopic.php?p=7744

Last summer it was Aluria/AOL Anti-Spyware, flagging Armadillo'd programs. Now this. What next? More of the same, I expect.

Score: 0

Dec 5 - 1:45 AM ET Shazam: eight million songs of the eternal Now

Dec 4 - 7:30 PM ET Comcast to offer bandwidth consumption monitor

Dec 4 - 5:37 PM ET Counterfeiters sing the 'Blue' as Microsoft lawyers up

Dec 4 - 4:40 PM ET Opera 10 alpha shows off new Presto rendering engine

Dec 4 - 2:29 PM ET Apple: Psystar clone-maker is working with unnamed collaborators

Dec 4 - 2:21 PM ET Windows Live rollout sketchy, team apologizes

Dec 4 - 2:20 PM ET Stinging from a revenue shortfall, Adobe to shed workers

Dec 4 - 11:47 AM ET The storm hits AT&T, with a five-digit headcount reduction

Dec 4 - 11:42 AM ET TV sports adopts Web coverage, plays with iPhones

Dec 4 - 11:24 AM ET Microsoft seeks 'community' help to make IE8 Standards Mode work out