[IS&T Security-FYI] Special Issue: SFYI Newsletter, April 22, 2010

Monique Yeaton myeaton at MIT.EDU
Thu Apr 22 14:26:50 EDT 2010 

McAfee Virus Update File Causes Problems


Because of the Monday holiday, this week's regular Monday issue of  
SFYI was skipped, but there was one piece of news from this week  
prompting this special issue.

Yesterday morning (April 21) the 5958 DAT file from McAfee (the  
software company that produces the anti-virus tool VirusScan  
Enterprise for Windows and Security 1.0 for Macintosh) caused a false  
positive virus detection on Windows XP computers running Service Pack  
3, quarantining the svchost.exe file on affected systems. This caused  
computers to crash, made them unable to reboot or led to a Blue Screen  
of Death.

McAfee quickly removed the offending file just hours after the  
discovery and promptly issued information and a SuperDAT Remediation  
Tool to address the problem on computers who had already received the  
downloaded file. The tool can be run on affected machines to restore  
the svchost.exe file. The remediation instructions are linked below  
and I recommend you ask an IT professional to assist you with them.

The issue was also resolved in the 5959 DAT file released by McAfee  
the same day, which can also be downloaded from their site.

Those who might take this news as a deterrent to using virus  
protection software need to remember that in spite of the problems  
caused by this incident, not having virus protection on your computer  
will lead to a worse outcome. Virus protection software engineers are  
daily and often hourly fighting the new waves of malware being  
released on the Internet. Their battle never slows down and they must  
respond instantly to new viruses or expose their customers to zero-day  
attacks (attacks that can make it through vulnerabilities in software  
which has not had enough time to be patched). McAfee and other anti- 
virus software vendors have had this problem with update files occur  
more than once in the past and it will likely happen again.

A full story of the problem that occurred:
<http://www.cnn.com/2010/TECH/04/22/cnet.mcafee.antivirus.bug/>

Details for remediation:
<https://kc.mcafee.com/corporate/index?page=content&id=KB68780>

Information on the issue is also available in the MIT knowledgebase  
Hermes:
<http://kb.mit.edu/confluence/x/W4Vh>


Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security






-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20100422/ecfde769/attachment.htm

More information about the ist-security-fyi mailing list