Thursday, 22 April 2010

McAfee anti-virus update breaks PCs

A recent anti-virus update sent out by McAfee has caused Windows XP systems to fail. The update incorrectly detects a legitimate system file as being a virus, removes it and shuts down the system. The PC is then unable to boot correctly. Networking is disabled after the system is brought back into some form of useful state.

The problem relates to the DAT 5958 update, which detects the svchost.exe file as being a virus called W32/Wecorl.a.

Reports suggest large companies that manage many systems protected by McAfee's software are the worst affected. The Internet Storm Center notes that, "The use of 'ePolicyOrchestrator', which is used to update virus definitions across a network, appears to have lead to a faster spread of the bad DAT file. The ePolicyOrchestrator is used to update 'DAT' files throughout enterprises. It can not be used to undo this bad signature because affected system will lose network connectivity."

McAfee is not alone in making such a mistake. In December last year Alwil (developer of Avast!) dumped a similarly-damaging update on its users and it would be a rare anti-virus company that could claim accurately never to have done the same thing at some stage.