McAfee’s major screw-up

by Shijaz Abdulla on 22.04.2010 at 13:08

McAfee released an antivirus update yesterday that crippled Windows XP computers worldwide. The DAT 5958 update affects only computers running Windows XP Service Pack 3.

Here’s how the SANS Internet Storm Center describes the mess-up:

McAfee’s “DAT” file version 5958 is causing widespread problems with Windows XP SP3. The affected systems will enter a reboot loop and [lose] all network access. We have individual reports of other versions of Windows being affected as well. However, only particular configurations of these versions appear affected. The bad DAT file may infect individual workstations as well as workstations connected to a domain. The use of “ePolicyOrchestrator”, which is used to update virus definitions across a network, appears to have [led] to a faster spread of the bad DAT file. The ePolicyOrchestrator is used to update “DAT” files throughout enterprises. It can not be used to undo this bad signature because affected system will lose network connectivity.

The problem is a false positive which identifies a regular Windows binary, “svchost.exe”, as “W32/Wecorl.a”, a virus.

This is ridiculous if you ask me. The svchost.exe is a crucial Windows binary and just about everyone knows about it. Funny it should identify svchost.exe as a virus! I’ve been told this is the third mess-up from McAfee in a period of 4 years.

If you’re a McAfee customer, I have two recommendations for you:

1. Do not install the DAT 5958 update – block it. Wait for instructions from McAfee.

2. Consider implementing a state-of-the-art antivirus solution, that is more reliable and fares better in the comparative reports.

Microsoft Forefront Client Security is Microsoft’s cutting-edge client security solution which fared well in the VirusBulletin reports and many other studies. For more information, read my earlier post on “Forefront vs. the Competition”.

image

“GoogleBombs” de-fused

by Shijaz Abdulla on 27.01.2007 at 16:59

Google has taken action against Googlebombing, the act of hundreds of Internet users linking up specific words with certain web sites in order to produce a desired (and usually comical) search result. To remedy the problem Google altered the algorithm by improving the way they analyze link structures on web sites.

Famous “GoogleBombs” include:
  • Searching for the word “failure” producing a link to the current US President, George W. Bush,
  • waffles” with Senator John Kerry,
  • talentless hack” with Adam Mathes, and finally
  • stopping the word “Jew” from pointing to a hate site and instead directing users to the Wikipedia entry on Jewish people.

Google says that there have been less than 100 “well-known” Googlebombs since 2001 and overall the problem was a harmless one.

Google claims that the reason that the company has decided to finally give in and fix the algorithm was because too many people had begun to assume that the results displayed were Google’s own opinions and that the company was intentionally associating the terms with various parties.

Further reading: Google’s Explanation