McAfee Releases Flawed Patch

“We’ve never had an event of this magnitude happen before,” said Joe Telafici, director of operations for McAfee Avert labs. “We’re taking a look at development and testing procedures around virus signatures to prevent it from happening again.”

McAfee fixed the problem by evening of the same day and posted instructions on its Web site on how to restore quarantined files. The vendor identified the risk to corporate and home users as low, and advised Windows users who had files deleted to restore files from backup or use system restore.

Andrew Plato, president of Anitian Enterprise Security, a Beaverton, Ore.-based solution provider, says these types of incidents aren’t uncommon.

“Virus signatures get released all the time that cause false positives,” he said.

Last April, Trend Micro released a faulty virus signature update that overloaded PC processors and caused many of its customers’ machines to lock up. Customers were incensed by the company’s failure to acknowledge the problem for more than two days. Trend Micro later pledged to increase testing prior to releasing future virus signature updates. Monte Robertson, president of security solution provider Software Security Solutions in Lakewood, Colo., says testing is the key to avoiding these types of problems.

“It’s a matter of doing careful quality assurance and testing before the updates are released, because trying to determine a good program from a malicious one can be difficult,” he said.

The fact that McAfee immediately acknowledged and fixed the problem in less than five hours says a lot about their responsiveness, Plato said. “Nearly every security vendor has had bad code get out once or twice.”