Faulty McAfee update filters too many files

Executives at McAfee were adding new testing procedures Monday after thousands of customers downloaded faulty software on Friday.

Instead of identifying only malicious worms and viruses, the software flagged many popular programs as threats. That prompted users to delete utility files from software such as Adobe Update Manager, Google Toolbar Installer, Macromedia Flash Player and Microsoft Excel.

The faulty software is no longer posted, so users can now safely download the latest anti-virus definitions for McAfee’s VirusScan product, said Joe Telafici, director of operations for McAfee AVERT Labs.

The mistake affected customers who downloaded the consumer version of the latest McAfee software during a four-hour window on Friday and then used it. The faulty enterprise version was posted for five hours.

By Friday night, the company had fixed the problem, Telafici said.

So even if customers downloaded the faulty software on Friday, they will not be affected if they have not yet run a virus scan, Telafici said. They can simply download an updated patch today and it will overwrite the problem, he said.

Still, private users who mistakenly deleted beneficial software will have to fix their own computers. There is no software patch that will automatically restore the deleted programs; users will need to manually replace them from backup files.

In contrast, the company will help its enterprise customers recover, since they face a more complex problem of managing computers for many people in an organization. “It will be a little more difficult for enterprise customers, so we’ve developed a tool that will attempt to put the files back again” he said.

On its Web site, McAfee wrote, “Since this incident occurred, AVERT staff have been working around the clock directly with impacted customers to help them assess the degree of impact and restore the files where possible.”

“Users who have moved detected files to quarantine should restore them to their original location. Windows users who have had files deleted should restore files from backup or use System Restore,” McAfee wrote.

More details, including instructions on how to repair the damage, are available here.

The problem began on March 10 when the company updated its virus screening software to catch a new version of the W95/CTX virus. It posted the update to its Web site, where licensed customers could download it.

But the update caught much more than just the virus; it also snagged many programs that are written as executable files, with the suffix “exe.”

Specifically, the incorrect update was a package called “4715 DAT files.” By 3:10 p.m. Pacific Time, McAfee had replaced it with a repaired version, the “4716 DAT files.”

All told, the problem affected about one percent of the company’s 6 million consumer customers. Telafici did not yet know how many enterprise customers were affected.

However, Telafici does know that his department will be busy for some time as it arranges new procedures to test future releases. “We have a number of tests in place to make sure it doesn’t happen, and we will be adding new ones after this,” he said.