McAfee Antivirus Update Flaw Creates Opportunity For Channel

Experts say that there be no easy fix after security giant McAfee issued a flawed antivirus update that mistook the operating system for malware, throwing tens of thousands of Windows PCs running XP around the world into an endless reboot loop. But the glitch opens up untold remediation opportunities for channel remediation.

An initial McAfee investigation indicated that the reboot glitch is linked to an antivirus update that detects a false positive, causing Windows XP Service Pack 3 to somehow mistake a legitimate operating system for a virus.

McAfee released an updated virus definition (DAT) file within a few hours following the incident which suppressed the detection, but didn't repair the glitch. Instead, McAfee posted a Web page Wednesday outlining a workaround that temporarily disabled the access protection feature in its VirusScan Enterprise 8.5, manually installing the EXTRA.DAT file, and then restoring individual files that have been erroneously quarantined.

The Santa Clara-based company said in an advisory Wednesday that it is continuing to "work on an automated solution" to repair the problem for customers.

Meanwhile, McAfee executives were in damage control mode Wednesday and Thursday following the incident.

"We believe that this incident has impacted less than one half of one percent of our enterprise accounts globally and a fraction of that within the consumer base -- home users of products such as McAfee VirusScan Plus, McAfee Internet Security Suite and McAfee Total Protection," said Barry McPherson, McAfee executive vice president, in a blog post. "That said, if you're one of those impacted, this is a significant event for you and we understand that."

But experts say that an automated fix is not likely. Peter Schlampp, vice president of product management at Solera Networks said that all of the tens of thousands of affected computers will have to be manually repaired.

Organizations running the affected McAfee software will have to spend at least a half hour to an hour of manual labor and spend hundreds of dollars per PC to repair the damage and clean up the systems, he said.

Next: Partners Expect Decline In McAfee Sales

Subsequently, McAfee channel partners expect sharp a decline in sales -- especially antivirus sales -- as a result of the error.

"Honestly, there is no excuse for this. This should have been caught by any measure of QA testing," said Andrew Plato, president at Anitian Enterprise Security, a Beaverton, Ore.-based security solution provider. "Yes, I think a lot of places are going to seriously reconsider McAfee, and I can't blame them. EPO is still a solid product with a lot of good features. But, McAfee needs to be more careful."

However, non-McAfee channel partners said that business likely will temporarily increase as customers scramble to replace existing McAfee antivirus and other software with competitive brands.

"Absolutely, I think everyone under the sun is going to jump all over this," said David Sockol, president and CEO of Santa Clara, Calif.-based Emagined Security. Sockol said that his team was proactive in alerting all of his customers using McAfee before the DAT file was updated, and subsequently helping them to remediate the damage.

Sockol said that McAfee's debacle likely is a game changer in that it will give security vendors another way to compete in the marketplace.

"I think everybody out there is going to start jumping up and down and advertising why they have a better false positive model than the other folks that are out there. It's a major conversation piece by all the antivirus vendors," he said.

As such, other security vendors are already waiting to pounce on their competitor's failings.

Windows endpoint security company Sunbelt Software is offering McAfee customers financial incentives to switch with six months of free maintenance added to any new order placed before June 30, 2010.

Kevin McLaughlin contributed to this article.