McAfee Revises Statement On Affected Users In Antivirus Update Flap
On Wednesday, Barry McPherson, executive vice president at McAfee, wrote on the software company's Security Insights Blog that "McAfee is aware that a number of customers have incurred a false positive error due to this release" and insisted that the number of users affected by the error was extremely small.
"We believe that this incident has impacted less than one half of one percent of our enterprise accounts globally and a fraction of that within the consumer base -- home users of products such as McAfee VirusScan Plus, McAfee Internet Security Suite and McAfee Total Protection," McPherson wrote. "That said, if you're one of those impacted, this is a significant event for you and we understand that."
However, a number of news reports, as well as comments from McAfee users, challenged McPherson's claim that 0.5 percent of enterprise users had been affected. As a result, McPherson updated the blog Thursday afternoon to change the estimated number of affected users. The blog post now reads:
"We believe that this incident has impacted a small percentage of our enterprise accounts globally and a fraction of our consumer base " home users of products such as McAfee VirusScan Plus, McAfee Internet Security Suite and McAfee Total Protection. That said, if you're one of those impacted, this is a significant event for you, we understand that and we're very sorry."
In addition to adding the word "sorry," which had been conspicuously absent in the original statement, McAfee presumably increased the estimated number of affected users but used the phrase "a small percentage" to give the company some wiggle room.
Still, even with the revision regarding affected users, customers still appear to be steamed at McAfee. And if the comments responding to McPherson's blog post are any indication, the security software company will be busy mending fences for quite a while.
"We have 850 users at our facility, and we are estimating over 400 users were affected," wrote one commenter named "Al." "Your numbers aren't adding up, but I suppose it's necessary for you to make your claims so as not to further hurt your business."
"We are a medium-size company and had approximately 60-70% (or 400) of our PCs stop[ped] functioning on very short notice; completely stopping our business cold while WE tried to figure out how to fix the issue," wrote another commenter named "Tom." "Needless to [s]ay, there was significant loss of productivity for our company."
"We have a company of 30,000 people and the entire organization lost all network connectivity for the entire day," wrote a commenter named "Bill." "This equates to about $5m of productivity that was lost yesterday. I don't buy the 1/2 of 1 percent comment."
McPherson also posted another statement late Thursday on the blog that re-emphasized the company's mea culpa. "First off, I want to apologize on behalf of McAfee and say that we're extremely sorry for any impact the faulty signature update file may have caused you and your organizations," he wrote.
"To prevent this from happening again, we are implementing additional QA protocols for any releases that directly impact critical system files. In addition, we plan to add capabilities to our cloud-based Artemis system that will provide an additional level of protection against false positives by leveraging an expansive whitelist of critical system files."
Some solution providers, meanwhile, see an opportunity on capitalize on McAfee's error by helping to fix affected systems. However, McAfee partners also expect the high-profile error to hurt the security vendor's sales.