1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Macafee release DAT that stops internet connection and other issues

Discussion in 'Computer Security' started by greenbrucelee, Apr 21, 2010.

  1. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    Have just recieved word from my IT manager to check all machines as we run Macafee apparently the DAT released today can stop internet connections, hang machines and other issues. Macafee apparently recalled the DAT at 6:20pm UK time. If you are running XP SP3 check your machines isn't running the latest version.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  2. BosonJosh

    BosonJosh Gigabyte Poster

    1,326
    28
    89
    My wife's company got bit by this issue. Oops!
     
  3. simonp83

    simonp83 Kilobyte Poster

    254
    4
    32
    Got to go onsite tomorrow with one of our schools and sort this out.
     
    Certifications: A+, MCP, MCDST, MCTS, MCITP
    WIP: 70-291
  4. SimonD

    SimonD Terabyte Poster Moderator

    3,463
    397
    199
    Oh dear, this has happened before and will happen again.

    Good old McAfee.
     
    Certifications: CNA | CNE | CCNA | MCP | MCP+I | MCSE NT4 | MCSA 2003 | Security+ | MCSA:S 2003 | MCSE:S 2003 | MCTS:SCCM 2007 | MCTS:Win 7 | MCITP:EDA7 | MCITP:SA | MCITP:EA | MCTS:Hyper-V | VCP 4 | ITIL v3 Foundation | VCP 5 DCV | VCP 5 Cloud | VCP6 NV | VCP6 DCV | VCAP 5.5 DCA
    WIP: VCP6-CMA, VCAP-DCD and Linux + (and possibly VCIX-NV).
  5. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    what I don't understand is why they do this. Don't they check things before releasing them?
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  6. SimonD

    SimonD Terabyte Poster Moderator

    3,463
    397
    199
    Of course not, I was actually going to mention about the failure of staging this properly prior to release but didn't.

    TBF it can happen, it's happened before with service packs (NT4 SP6 broke TCP/IP, was promptly replaced with SP6a for that very reason), its not new and will happen again some time.
     
    Certifications: CNA | CNE | CCNA | MCP | MCP+I | MCSE NT4 | MCSA 2003 | Security+ | MCSA:S 2003 | MCSE:S 2003 | MCTS:SCCM 2007 | MCTS:Win 7 | MCITP:EDA7 | MCITP:SA | MCITP:EA | MCTS:Hyper-V | VCP 4 | ITIL v3 Foundation | VCP 5 DCV | VCP 5 Cloud | VCP6 NV | VCP6 DCV | VCAP 5.5 DCA
    WIP: VCP6-CMA, VCAP-DCD and Linux + (and possibly VCIX-NV).
  7. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    Seems a bit dumb to me, but then again I wouldn't use Macafee on my home system although I am suprised this can happen with business systems I thought this sort of thing would destroy their credibility with IT bods everywhere.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  8. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Never let anti-McAfee bias get in the way of the truth eh Simon? :biggrin

    McAfee's documentation specifically references - in several places - the suggested deployment method for DATs - which includes checking new DATs into an evaluation branch before releasing to the 'live' environment. That is exactly what I do, exactly what I have done at every site where I've been responsible for EPO, and exactly why I'm sitting here smugly with a cold beer, whilst everyone who doesn't follow sensible, recommended practice is left scrambling around trying to fix the problem.

    And if you want to talk about this happening with McAfee products in teh past, and likely to happen again in the future, I'd point you to the ISVW (Trend) install I ran for a while which, at one point, was releasing a pattern file about once every three weeks that would kill the server (and any clients updating from it) stone dead until I reverted. Or the Kaspersky install I had to put up with at one company because the MD was a friend of a Kaspersky engineer - which had a database and updating structure so bizarre that you needed to think in seven dimensions to roll a dat back when they released a moody update.

    McAfee is no worse than any other AV vendor. The main difference is that when they get wind of a problem, they notify the whole world whilst they are fixing it - instead of fending off support calls from irate customers by lying to them 'it wasn't us guv - you must have a virus' - whilst quietly fixing it in the background and releasing an update/pattern file that 'miraculously' solves the problem...
     
    Certifications: A few
    WIP: None - f*** 'em
  9. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    IT bods everywhere who know how to run their systems don't worry about issues that are caused by people not knowing how to run their systems :)
     
    Certifications: A few
    WIP: None - f*** 'em
  10. jk2447

    jk2447 Petabyte Poster Moderator

    5,483
    354
    249
    Yep personally had to disable the pull from McAfee in ePO just before I left the office (don't I get the best jobs!). Lucky for our 80000 node estate we were on 5957 because we have Global updates disabled (due to our size).

    I'm pretty sure all of the AV frms release a dodgy dat at some stage
     
    Last edited: Apr 21, 2010
    Certifications: BSc (Hons), HND IT, HND Computing, ITIL-F, MBCS CITP, MCP (270,290,291,293,294,298,299,410,411,412) MCTS (401,620,624,652) MCSA:Security, MCSE: Security, Security+, CPTS, VCP4, CCA (XenApp6.5), MCSA 2012, VCP5, VCP6-NV
  11. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    lol, sounds true.:D
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  12. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,190
    296
    319
    McAfee sucks!!! :biggrin

    Im only kidding.

    Ive seen this kinda problem with symantec, sophos and even ESET (my fave AV) over the years.

    As Zeb says, test first and then roll it out.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  13. SimonD

    SimonD Terabyte Poster Moderator

    3,463
    397
    199
    Actually Zeb this wasn't anti Mcafee, if you notice in my posts on the subject I never once said this was all Mcafees fault, infact I specifically stated that Microsoft had been guilty in the past, I also didn't say that Mcafee would be doing it again in the future. My post was more specifically aimed at those people who fail to stage properly, in this instance it was Mcafee (and all those who were caught out by releasing dat files without checking them out first).
     
    Certifications: CNA | CNE | CCNA | MCP | MCP+I | MCSE NT4 | MCSA 2003 | Security+ | MCSA:S 2003 | MCSE:S 2003 | MCTS:SCCM 2007 | MCTS:Win 7 | MCITP:EDA7 | MCITP:SA | MCITP:EA | MCTS:Hyper-V | VCP 4 | ITIL v3 Foundation | VCP 5 DCV | VCP 5 Cloud | VCP6 NV | VCP6 DCV | VCAP 5.5 DCA
    WIP: VCP6-CMA, VCAP-DCD and Linux + (and possibly VCIX-NV).
  14. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    To be fair, I quoted the wrong post. The one I meant to quote had a piss-take of McAfee specifically in it, and mentioned no other vendor, so the phrase "this has happened before and will happen again" can't possibly be construed in any other way than a dig at McAfee.

    Understand I'm not having a pop at you here personally over this. I'm just a bit tired of people having a go at McAfee because they haven't bothered to take the time to get to know the products in question properly. I have far less problems with McAfee overall than any other AV vendor. Having been responsible for AV management in pretty much every place I've worked for the past ten years, I think that gives me a reasonable range of experience to call from.
     
    Certifications: A few
    WIP: None - f*** 'em
  15. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196
    I have to agree with Zeb on this one... there standard practices that we as tech should follow... I know even I dont always ready documentation, etc but when something that could effect the entire company is at hand... we need to be really careful. When I deploy stuff, anything new I always have a test group then once I am sure all is good, I deploy else where... Same thing with WSUS I don't apply updates right away when they come out... I am usually 3-4 weeks behind on updates unless its critical must have update.
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  16. SimonD

    SimonD Terabyte Poster Moderator

    3,463
    397
    199
    Actually I don't think "Good old McAfee" is exactly a piss take, had I gone "oops they did it again" then that can be construed as a pisstake, as it happens it wasn't and that's why I expanded on my second post to include the fact that anyone and everyone can let something through if they are unlucky.

    As far as Mcafee goes I actually like their products, it's well known that I don't like Sophos but as far as pretty much every other vendor out there goes I have no issues with them, again having worked with various large banks etc I can tell you that McAfee holds a pretty large share of the market when it comes to AV, with that in mind I have had to get to know EPO and how to stage various product updates (WSUS, AV etc).
     
    Certifications: CNA | CNE | CCNA | MCP | MCP+I | MCSE NT4 | MCSA 2003 | Security+ | MCSA:S 2003 | MCSE:S 2003 | MCTS:SCCM 2007 | MCTS:Win 7 | MCITP:EDA7 | MCITP:SA | MCITP:EA | MCTS:Hyper-V | VCP 4 | ITIL v3 Foundation | VCP 5 DCV | VCP 5 Cloud | VCP6 NV | VCP6 DCV | VCAP 5.5 DCA
    WIP: VCP6-CMA, VCAP-DCD and Linux + (and possibly VCIX-NV).
  17. jk2447

    jk2447 Petabyte Poster Moderator

    5,483
    354
    249
    A lot of gov departments use McAfee I've found. The contract I'm on has Symantec on a legacy estate, eTrust and McAfee with our preffered solution for new builds being McAfee. Tthey all have their good and bad points but I do like ePO's graphical aspect. Saying that I like the consoles of the other two too ha
     
    Certifications: BSc (Hons), HND IT, HND Computing, ITIL-F, MBCS CITP, MCP (270,290,291,293,294,298,299,410,411,412) MCTS (401,620,624,652) MCSA:Security, MCSE: Security, Security+, CPTS, VCP4, CCA (XenApp6.5), MCSA 2012, VCP5, VCP6-NV
  18. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    I'm not really a McAfee fan. Then again, I haven't used their products in about six years. In the workplace, I've most often used Symantec and TrendMicro. When McAfee became seriously bloated, I switched my personal boxen from McAfee to Trend, though I'm about to re-evaluate that decision with Trend's recent pricing structure with regards to upgrades/renewals - when it costs more to renew than it does to find a new copy on sale, something's seriously wrong. :blink
     
    Last edited: Apr 22, 2010
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  19. jk2447

    jk2447 Petabyte Poster Moderator

    5,483
    354
    249
    I think McAfee have come a long way with their products myself (I know you weren't having a go at them by the way). VirusScan 8.7 in particular is a very good product, allowing you can use the remote console within virus scan to bring up another machines console and kick off scans or add tasks etc (been in VS for while actually come to think of it). Funny enough I'm currently involved in a project to roll out VirusScan 8.5 across some of our estate as 8.0 is no longer supported. Fun fun fun :rolleyes:
     
    Last edited: Apr 22, 2010
    Certifications: BSc (Hons), HND IT, HND Computing, ITIL-F, MBCS CITP, MCP (270,290,291,293,294,298,299,410,411,412) MCTS (401,620,624,652) MCSA:Security, MCSE: Security, Security+, CPTS, VCP4, CCA (XenApp6.5), MCSA 2012, VCP5, VCP6-NV
  20. Josiahb

    Josiahb Gigabyte Poster

    1,336
    40
    97
    I haven't used McAfee since I was in school, maybe it was badly administered on my school network but it seemed to be as holey as a big holey thing full of holes whilst still being so bloated as to cripple the performance of the machines it was running on.

    In the commercial world I've only ever worked with Sophos as this place has been using it for about as long as they've had PCs, we're just coming to the end of a ten year license. Its given me very little trouble and proved very easy to manage.

    Chances are unless the cost is massive we'll just renew for a while longer, I could poor time and effort into finding the best solution but 2 things stop me 1) my boss, why spend time improving our av when we can spend it doing something far less important? 2) our budget, I've got my eyes set on improving something else first and we only really get the funds for one 'big' change a year.
     
    Certifications: A+, Network+, MCDST, ACA – Mac Integration 10.10

Share This Page

Loading...