Last week, McAfee pushed out a virus definition file update the company now admits did not meet an acceptable level of quality assurance. Users found this out the hard way when the update crippled their computers. While the damage to individual computer systems has been repairable, It is recommended that you look elsewhere for your computer's security.
The recommendation comes down to a harsh reality: corporations should be accountable for their actions, and users have choices. In the security realm, there are at least a dozen top-shelf paid and free security suites. Choose any one of them: you're not beholden to a company that will risk your data, time, and money--even accidentally.
Severe problems caused by buggy or false positive security updates are rare, but not unheard of, in the wide world of security software. Recent instances include an update from BitDefender that wreaked havoc on 64-bit Windows 7 computers last month, an Avast update that marked hundreds of legitimate files as threats in December 2009, one from Computer Associates that flagged a Windows system file as a virus in July 2009, a case of attacking the competition when freeware security giant AVG marked ZoneAlarm as malware in October 2008, and McAfee itself pushed program executables for Microsoft Excel and Adobe's update manager into quarantine in March 2006. So why is McAfee's latest error egregious enough to merit a switch?
For one thing, McAfee's faulty virus definition file flagged the Windows system-critical file SVCHOST.EXE as a threat and quarantined it. Among other problems, this had the effect of forcing the computer to shut down every 60 seconds, and preventing USB drives from connecting to the computer. For many users, replacement versions of SVCHOST.EXE had to be copied to CD before they could be used. The original fix was labor-intensive and complicated by the fact that the bad update prevented many affected people from accessing the Internet in the first place. McAfee finally announced a simple tool to apply the fix on Thursday night, but it still requires a second computer to download it, and it cannot be applied remotely.
Second, McAfee wasn't forthcoming with answers, and even initially downplayed the fact that hospitals, police departments, and supermarket chains were affected along with individual consumers. In disastrous situations like this, it's important to communicate clearly with your customers, which McAfee didn't. Not only did Barry McPherson, executive vice president of support and customer service, not publish a blog addressing the problem until mid-afternoon Wednesday, but IT professionals also felt McAfee's attempts to help them were less than professional.
Read the rest from CNET download.com