I imagine that 21st April 2010 will be a day that McAfee will remember for sometime to come and probably one they would much prefer to forget!
The antivirus vendor issued its daily security update DAT5958 at 06:00 PDT (GMT-7), but by 13:00 BST (GMT+1) the update was wreaking havoc on many corporate networks in the United Kingdom, let alone the rest of the world!
The update affected Windows XP machines with Service Pack 3 applied, falsely detecting the svchost.exe file as Win32/wecorl.a. The vendor’s VirusScan product essentially prevented the svchost.exe file from running, causing Windows to endlessly reboot in many cases.
McAfee acted fairly quickly by pulling the affected virus definition file (DAT5958) from their download servers, preventing more customers from becoming involved in what must be one of the worst update issues to impact corporate networks for some time.
They released DAT5959 to replace the affected virus definition file at around 10:15 PDT (GMT-7).
This incident comes on the back of reports that many modern anti-virus products are failing to detect malware. I’ve just been reviewing Cyveillance’s February 2010 Cyber Intelligence Report, which suggests McAfee detects around 37% of emerging threats on a daily basis (based on data from the last half of 2009). Kaspersky came out on top with a daily detection rate of 38%, but many were much poorer - such as Symantec on 25%.
The time for relying on straight-forward anti-virus products seems to be coming to an end…