Blogs > Alastair Revell

McAfee Update Causes Windows XP SP3 Machines to Fail Worldwide

Alastair Revell By: Alastair Revell, Managing Consultant, Revell Research Systems
Published: 21st April 2010
Copyright Revell Research Systems © 2010
 Logo for Revell Research Systems

I imagine that 21st April 2010 will be a day that McAfee will remember for some time to come and probably one they would much prefer to forget!

The antivirus vendor issued its daily security update DAT5958 at 06:00 PDT (GMT-7), but by 13:00 BST (GMT+1) the update was wreaking havoc on many corporate networks in the United Kingdom, let alone the rest of the world!

The update affected Windows XP machines with Service Pack 3 applied, falsely detecting the svchost.exe file as Win32/wecorl.a. The vendor’s VirusScan product essentially prevented the svchost.exe file from running, causing Windows to endlessly reboot in many cases.

McAfee acted fairly quickly by pulling the affected virus definition file (DAT5958) from their download servers, preventing more customers from becoming involved in what must be one of the worst update issues to impact corporate networks for some time.

They released DAT5959 to replace the affected virus definition file at around 10:15 PDT (GMT-7).

This incident comes on the back of reports that many modern anti-virus products are failing to detect malware. I’ve just been reviewing Cyveillance’s February 2010 Cyber Intelligence Report, which suggests McAfee detects around 37% of emerging threats on a daily basis (based on data from the last half of 2009). Kaspersky came out on top with a daily detection rate of 38%, but many were much poorer—such as Symantec on 25%.

The time for relying on straight-forward anti-virus products seems to be coming to an end.

aggbug.ashx?id=814b0f4d-d3d0-4f22-982e-bcbc3b790fc6
This weblog is produced by Revell Research Systems.

Reader Comments

Posted: 23rd April 2010 | By Joćo Paulo Carvalho :

It is a fact that nowadays Windows based exploits are the main source of revenue of companies like McAfee.

I use different protections on my home computers, going from free to paid applications.

While the virii threat continues to lurk, at this time and age it has to be fuelled by the very same companies that sell their anti-virus products. It is just an ongoing surcharge for using windows.

Not is all bad, if you do your work in the murky waters of MS OS's; actually you can cover yourself with a free combination of adequate software from third parties.

The issue is with corporate structures and their willing to support this leach by using MS products, or moving out to other Operating Systems.

McAfee is just one of the many benefectors of ongoing software virii...

The messages above were all contributed by IT-Director.com readers. Whilst we take care to remove any posts deemed inappropriate, we can take no responsibility for these comments. If you would like a comment removed please contact our editorial team.

We automatically stop accepting comments 180 days after a post is published. If you would like to know more about this subject, please contact us and we'll try to help.