McAfee's Shutdown Apology May Be Too Little, Too Late
Late Thursday night, McAfee apologized for an antivirus update that shut down Windows XP computers around the globe. McAfee said the problem affected only a small percentage of its customers -- less than .005 percent -- but the news sent shockwaves through the tech industry.
Here's what happened: Earlier this week, McAfee identified a new threat that impacts Windows PCs. McAfee researchers worked to address the threat that it said attacks critical Windows system executables and buries itself deep into a computer's memory.
As McAfee normally would, its research team created a detection and removal signature update file to remediate the threat. The remediation passed quality testing and was released on Wednesday morning. Some customers incurred a false positive, and the update shut down their systems.
"An awful lot of large companies were effectively out of business for an extended period of time," said Rob Enderle, principal analyst at the Enderle Group. "Intel was pretty much shut down yesterday when I was there. There were announcements going out over the loudspeakers during our meetings about aggregating the employees to get their computers up and running."
McAfee Is 'Extremely Sorry'
Barry McPherson, executive vice president of support and customer service at McAfee, responded to the issue late Thursday night: "First off, I want to apologize on behalf of McAfee and say that we're extremely sorry for any impact the faulty signature update file may have caused you and your organizations."
McPherson went on to say that McAfee team members have been working around the clock to fix the problem and work with impacted customers. As of midnight on Thursday, he estimated that the majority of the affected systems are back up and running. McAfee published a SuperDAT Remediation Tool to help customers fix affected systems. The tool suppresses the driver causing the false positive and restores the quarantined Windows file.
"Of course, many of you are asking how the faulty DAT made it past our quality-assurance checks. The problem arose during the testing process for this DAT file," McPherson said. "We recently made a change to our QA environment that resulted in a faulty DAT making its way out of our test environment and onto customer systems."
Too Little, Too Late?
McAfee is doing more than apologizing. The company is taking steps to prevent the mistake from happening again. Specifically, the company is implementing additional QA protocols for any releases that directly impact critical system files. McAfee also plans to add capabilities to its cloud-based Artemis system that will provide an additional level of protection against false positives by leveraging an expansive whitelist of critical system files.
But Enderle thinks it may be too little, too late. As he sees it, McAfee should have learned from Toyota's recent recall experience. Instead of taking immediate responsibility, he said, McAfee trivialized the issue.
"This seems very negligent. When you have an act of negligence, you have to get out in front of it. You have to show everybody that you are going to take care of it as quickly as you can," Enderle said. "Windows XP is actually used in ticketing systems and in security systems, so when the failures hit it can be incredibly widespread. Some of these large companies were shut down for the day. They are never going to get that money back."
