McAfee Anti-Virus Causes Widespread File Damage 353
AJ Mexico writes, "[Friday] McAfee released an anti-virus update that contained an anomaly in the DAT file that caused many important files to be deleted from affected systems.
At my company, tens of thousands of files were deleted from dozens of servers and around 2000 user machines. Affected applications included MS Office, and products from IBM (Rational), GreenHills, MS Office, Ansys, Adobe, Autocad, Hyperion, Win MPM, MS Shared, MapInfo, Macromedia, MySQL, CA, Cold Fusion, ATI, FTP Voyager, Visual Studio, PTC, ADS, FEMAP, STAT, Rational.Apparently the DAT file targeted mostly, if not exclusively, DLLs and EXE files." An anonymous reader added, "Already, the SANS Internet Storm Center received a number of notes from distressed sysadmins reporting thousands of deleted or quarantined files. McAfee in response released advice to restore the files. Users who configured McAfee to delete files are left with using backups (we all got good backups... or?) or System restore."
hijackthis (Score:1, Informative)
Re:who-can-you-trust? (Score:3, Informative)
Re:Don't use anti-virus! (Score:3, Informative)
Re:Help! (Score:5, Informative)
You only need that headless pentium 3 (even a pentium pro could make it!) that you are using to rest your feet
Of course that is if you use Windows (for whatever reason, I also do it).
CTX undo file (Score:2, Informative)
McAfee Plague (Score:2, Informative)
Anyone remember Microsoft Anti-Spyware removing Norton? Anyone remember IRC commands such as "startkeylogger" booting systems from the internet running Symantec?
No one's perfect, even the software programmers. And as he laid down in a vicous wrath... the software they trusted most deleted their most precious files. Welcome to Monday everyone.
Advice for corporate users (Score:3, Informative)
I'm not excusing McAfee here, but there are ways that we, as admins can minimize the risk to our users and our network.
Comical recovery instructions from McAfee (Score:5, Informative)
This probably would have worked great on my machine if it weren't for the fact that half of the files McAfee quarantined were *System Restore files*.
Apparently McAfee hasn't heard of a novel concept called "testing". (I like how they've posted a list on their website of the false positive files, now 7 pages long and still woefully incomplete; they ought to just admit it's going to take a random assortment of exes and dlls on any machine.)
Combine this with the fact that the default settings on a McAfee install are to quarantine without prompting, and IMHO McAfee is the most dangerous virus I've ever had on my machine.
Re:For what it's worth (Score:2, Informative)
Re:The real irony here.... (Score:3, Informative)
Re:who-can-you-trust? (Score:4, Informative)
The point of open source is not that you PERSONALLY can look at the source to find problems (although you can if you like).
The point is that thousands of other people can. And usually, no one's stopping them from reporting a problem if they do find one.
Admittedly, this leaves gaps (what if no one else looks?), but it works pretty damn well, for the most part.
Re:Good catch (Score:3, Informative)
For creating PDF files, I use PDFCreator (http://sourceforge.net/projects/pdfcreator [sourceforge.net]). It works like Adobe Distiller used to, you create your PDF files by printing to PDFCreator.
Re:Good catch (Score:3, Informative)
http://www.adobe.com/support/downloads/detail.jsp
To create custom MSTs for Acrobat, which you can use to disable all of the annoying crap. Well, apart from the Yahoo search! I suggest also http://www.appdeploy.com/ [appdeploy.com] can be useful for finding ways to disable stuff in installers.
Re:Surprisingly, it didn't quarantine itself (Score:3, Informative)
- FrameworkService.exe
Which, if you take a look at your Task Manager, you will notice is:
Directory of C:\Program Files\McAfee\Common Framework
09/27/2005 03:06 AM 102,463 FrameworkService.exe
Re:A tool for media giants (Score:4, Informative)