[IS&T Security-FYI] Special Issue: SFYI Newsletter, April 22, 2010
Monique Yeaton
myeaton at MIT.EDU
Thu Apr 22 14:26:50 EDT 2010
McAfee Virus Update File Causes Problems
Because of the Monday holiday, this week's regular Monday issue of
SFYI was skipped, but there was one piece of news from this week
prompting this special issue.
Yesterday morning (April 21) the 5958 DAT file from McAfee (the
software company that produces the anti-virus tool VirusScan
Enterprise for Windows and Security 1.0 for Macintosh) caused a false
positive virus detection on Windows XP computers running Service Pack
3, quarantining the svchost.exe file on affected systems. This caused
computers to crash, made them unable to reboot or led to a Blue Screen
of Death.
McAfee quickly removed the offending file just hours after the
discovery and promptly issued information and a SuperDAT Remediation
Tool to address the problem on computers who had already received the
downloaded file. The tool can be run on affected machines to restore
the svchost.exe file. The remediation instructions are linked below
and I recommend you ask an IT professional to assist you with them.
The issue was also resolved in the 5959 DAT file released by McAfee
the same day, which can also be downloaded from their site.
Those who might take this news as a deterrent to using virus
protection software need to remember that in spite of the problems
caused by this incident, not having virus protection on your computer
will lead to a worse outcome. Virus protection software engineers are
daily and often hourly fighting the new waves of malware being
released on the Internet. Their battle never slows down and they must
respond instantly to new viruses or expose their customers to zero-day
attacks (attacks that can make it through vulnerabilities in software
which has not had enough time to be patched). McAfee and other anti-
virus software vendors have had this problem with update files occur
more than once in the past and it will likely happen again.
A full story of the problem that occurred:
<http://www.cnn.com/2010/TECH/04/22/cnet.mcafee.antivirus.bug/>
Details for remediation:
<https://kc.mcafee.com/corporate/index?page=content&id=KB68780>
Information on the issue is also available in the MIT knowledgebase
Hermes:
<http://kb.mit.edu/confluence/x/W4Vh>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20100422/ecfde769/attachment.htm
More information about the ist-security-fyi
mailing list