Thursday, April 22, 2010

McAfee update bricks thousands of enterprise computers


Earlier today, McAfee unleashed one doozy of an update for its popular antivirus software that crippled an untold number of Windows computers (tens of thousands for sure, potentially hundreds of thousands). The update, virus definition 5958, was pushed out at 06:00 PDT and caused a false positive detection of the critical Windows system file svchost.exe.

The botched update led systems running Windows XP SP3 to detect svchost.exe as the virus W32/wecorl.a. Users say this caused systems to display a BSOD before being caught in an endless cycle of reboots. Windows 7 and Vista computers were unaffected, and the update was mostly limited to corporate machines, meaning that most consumers are in the clear.

The company responded by pulling the tainted update from its distribution network and a clean version, 5959, was released around 10:15 PDT. Complicating McAfee's day, because of the overwhelming impact of 5958, the company's forum was knocked offline, blocking affected customers from sharing information. McAfee has since posted several possible workarounds.