<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; min-height: 17px; ">McAfee Virus Update File Causes Problems</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">Because of the Monday holiday, this week's regular Monday issue of SFYI was skipped, but there was one piece of news from this week prompting this special issue.</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">Yesterday morning (April 21) the 5958 DAT file from McAfee (the software company that produces the anti-virus tool VirusScan Enterprise for Windows and Security 1.0 for Macintosh) caused a false positive virus detection on Windows XP computers running Service Pack 3, quarantining the svchost.exe file on affected systems. This caused computers to crash, made them unable to reboot or led to a Blue Screen of Death.</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">McAfee quickly removed the offending file just hours after the discovery and promptly issued information and a SuperDAT Remediation Tool to address the problem on computers who had already received the downloaded file. The tool can be run on affected machines to restore the svchost.exe file. The remediation instructions are linked below and I recommend you ask an IT professional to assist you with them.</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">The issue was also resolved in the 5959 DAT file released by McAfee the same day, which can also be downloaded from their site.</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">Those who might take this news as a deterrent to using virus protection software need to remember that in spite of the problems caused by this incident, not having virus protection on your computer will lead to a worse outcome. Virus protection software engineers are daily and often hourly fighting the new waves of malware being released on the Internet. Their battle never slows down and they must respond instantly to new viruses or expose their customers to zero-day attacks (attacks that can make it through vulnerabilities in software which has not had enough time to be patched). McAfee and other anti-virus software vendors have had this problem with update files occur more than once in the past and it will likely happen again. </div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">A full story of the problem that occurred:</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; "><<a href="http://www.cnn.com/2010/TECH/04/22/cnet.mcafee.antivirus.bug/">http://www.cnn.com/2010/TECH/04/22/cnet.mcafee.antivirus.bug/</a>></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">Details for remediation:</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; "><<a href="https://kc.mcafee.com/corporate/index?page=content&id=KB68780">https://kc.mcafee.com/corporate/index?page=content&id=KB68780</a>></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">Information on the issue is also available in the MIT knowledgebase Hermes:</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; "><<span style="font-size: 90%;"><a href="http://kb.mit.edu/confluence/x/W4Vh">http://kb.mit.edu/confluence/x/W4Vh</a></span>></div><br><div apple-content-edited="true"><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Calibri; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Calibri; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div><div><span class="Apple-style-span" style="font-size: medium;"><br></span><div>Monique Yeaton</div><div>IT Security Awareness Consultant</div><div>MIT Information Services & Technology (IS&T)</div><div>(617) 253-2715</div><div><a href="http://ist.mit.edu/security">http://ist.mit.edu/security</a></div><div><br></div><br></div></div><br></div></span><br class="Apple-interchange-newline"></div></span><br class="Apple-interchange-newline"> </div><br></body></html>