McAfee has apologized profusely for issuing a DAT file that experts say caused tens of thousands of Windows XP Service Pack 3 systems to crash or continuously reboot due to the update incorrectly detecting and quarantining XP S3's svchost.exe as a virus. In a FAQ to its corporate customers, McAfee admitted it had not included XP SP3 with VSE 8.7 in its testing process for the problematic AV update.
The company says a minority of its customers experienced problems due to the update -- about 1 percent of its enterprise customers, and an unknown number of consumers. Some large McAfee customers have reported that the total number of enterprise machines affected is estimated between 12- and 15 million, according to one industry source.
But experts worry that companies could have machines that have yet to experience symptoms of the update, which would drag the fallout from the errant DAT for weeks or months.
In a statement released today, McAfee announced its compensation offers and reiterated its apology for the mishap: "McAfee takes full responsibility for what has occurred and we sincerely apologize for the inconvenience this has caused. Even among the vast majority of customers who did not experience operating disruptions, the mere possibility created an unwelcome distraction and reason for concern," the statement said.
The company and its channel partners are offering what it calls a "customer commitment package" to affected firms that will be customized to the installation. "For example, all affected customers will be offered a free one-year subscription to our automated security health check platform, which provides an assessment of the security of an organization or enterprise based on McAfee's best practices," the company said in the statement.
Affected enterprises should hear from McAfee within a few days with details about how they can redeem the compensation packages, McAfee said. The company also is offering a downloadable tool that repairs XP machines damaged by the bad DAT file; more information is available here.
But it's unclear whether enterprises that were burnt by the faulty DAT will go for it, according to one security expert. "If McAfee flunked on their AV, what says that they wouldn't do the same on other solutions? And the new feature needs to be tested, installed, and IT admins need to learn it, which is more time and money lost," says security expert Lucas Lundgren.
Consumer victims will be reimbursed for "reasonable costs incurred" for getting their computers back online and will receive two additional years of their McAfee AV subscription for free. The company plans to provide more details about the offer on its website this week, it said.
One Dark Reading reader says a neighbor's XP SP2 machine was wiped out completely by the update. Another neighbor had to bring him the new patch on a USB stick to help fix the machine. "What are home users to do? Especially if they didn't hear about this on the news or don't have another PC connected to the Internet," he said in an email.
Meanwhile, it didn't take long for the bad guys to capitalize on the DAT debacle: SEO-poisoning campaigns are well under way, and these Web pages, ironically, can direct victims to sites that push fake antivirus software. According to Sophos, it's best to go directly to McAfee's website than to do a search given these campaigns.
"Users need to watch out when they are searching for information" on the false-positive incident, says Randy Abrams, director of technical education for Eset. "When a false-positive becomes a big news story, it creates the news, as well."
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.