March 14, 2006

Perhaps They Should Have Tested More - McAfee

McAfee virus update wreaks havoc

Update quarantines or deletes legitimate system files

Tom Sanders in California, 14 Mar 2006
McAfee was forced to publish an update to its virus pattern database on Friday after the previous version mistakenly flagged system files as malware.
The error caused several versions of McAfee's antivirus software to quarantine or delete system files, depending on the software's configuration.

Affected applications included Microsoft Excel, Google Toolbar Installer, Macromedia Flash Player and Windows XP.

McAfee has published a full list of files (PDF download) that were incorrectly flagged. The error spanned all operating systems from Linux to OS X and Windows.

"Users who have moved detected files to quarantine should restore them to their original location. Windows users who have had files deleted should restore files from backup or use System Restore," McAfee said in an advisory

The company had not, at the time of going to press, returned several phone calls from seeking further information.

The Sans Internet Storm Center said that the bad signature files were available for several hours. A user had to run a virus scan for the problem to arise.

While users who have quarantined the infected files should have relatively little trouble restoring them, the error could still cause considerable damage, according to Daniel Wesemann, a volunteer with the Sans Internet Storm Center.

"Things like this can get messy pretty quickly if the antivirus scanner starts to quarantine vital components of your environment," he warned.

In a similar case last month, antivirus firm Sophos wrongly claimed that files on Mac computers running OS X were infected with the Inqtana-B worm. The software in some cases reported over 1,000 infections.

One user reported to that the Sophos mix-up caused the software to delete over 1,200 files from his PC, and that he was forced to completely reinstall the system.