McAfee Identifies Core Windows File as Malicious

A version of the McAfee antivirus software used in the corporate and public sectors misidentified the svchost.exe file in Windows XP systems as malware, sending the affected machines into a loop of restarts. Only users of McAfee VirusScan Enterprise on Windows XP service pack 3 were affected, but the fallout was pretty severe, with hospital and police systems among those taken down.I’ve noticed that “geek elite” types tend to be a little more blase about malware than the general public, both because we can guard against it better by not falling for the same old tricks, and are generally more qualified to recover from a malware infection. Personally, I don’t use a virus scanner on my Windows machines, because I run them as a sort of disposable environment anyway. My first line of defense is using the latest version of Windows, and updating automatically. Then, it’s Google Chrome, which makes the web a much less likely attack vector. Then, webmail only, with Google Apps and Chrome again, eliminating email as a likely point of attack. After that, I rarely install software on that machine, since the internet has made running client software a lot less necessary than it used to be. Though I download a lot of files, I don’t download executables very often, and, crucially, I can tell the difference. And whenever there’s a big new Windows release, Windows has probably been a little crufty anyway, so it’s a reformat and clean install. Most of my files are kept on a NAS RAID anyway.

But virus scanners are an important security blanket for most people, and particularly for organizations that don’t have the luxury of enforcing the practices that I apply to my own computer. Though this latest McAfee brouhaha was particularly severe, false positives are not at all uncommon for virus scanners, and of course they’re famous for slowing your computer down.

Now, scammers are using the confusion sown in the wake of the McAfee screwup to further victimize McAfee users, using Search Engine tricks to fool users into downloading new malware payloads thinking that they’re McAfee updates. In the ongoing cat and mouse game to protect the non-vigilant from their own computers, I’m afraid there will never be any true safety, outside of an iPhone-like walled garden, or a complete move to a network-computer paradigm, such as my method, which involves rarely downloading any executable, and keeping the internet safely sandboxed in the browser.

But a computing world that’s safe for the n00bs is a heavily compromised world wherein people don’t really control their own computers, and the tinkering that made our industry great falls by the wayside. Is it worth the tradeoff? What do you think?

64 Comments

  1. 2010-04-23 4:39 pm
    • 2010-04-23 5:04 pm
      • 2010-04-23 5:14 pm
        • 2010-04-23 5:33 pm
          • 2010-04-23 6:07 pm
          • 2010-04-23 7:38 pm
          • 2010-04-23 8:30 pm
          • 2010-04-23 9:54 pm
          • 2010-04-23 11:51 pm
          • 2010-04-24 5:38 am
        • 2010-04-23 6:31 pm
          • 2010-04-23 6:57 pm
        • 2010-04-23 7:01 pm
        • 2010-04-23 8:47 pm
          • 2010-04-24 7:05 am
    • 2010-04-23 7:26 pm
    • 2010-04-23 11:21 pm
      • 2010-04-24 4:32 am
  2. 2010-04-23 4:40 pm
    • 2010-04-23 8:55 pm
  3. 2010-04-23 4:44 pm
    • 2010-04-23 5:07 pm
      • 2010-04-23 5:19 pm
      • 2010-04-23 6:36 pm
        • 2010-04-23 7:34 pm
          • 2010-04-23 8:49 pm
          • 2010-04-23 9:54 pm
          • 2010-04-23 10:07 pm
        • 2010-04-23 7:47 pm
      • 2010-04-23 8:56 pm
    • 2010-04-23 7:57 pm
    • 2010-04-24 4:41 am
    • 2010-04-24 3:24 pm
  4. 2010-04-23 5:25 pm
  5. 2010-04-23 5:46 pm
    • 2010-04-23 7:36 pm
  6. 2010-04-23 6:13 pm
    • 2010-04-23 6:28 pm
      • 2010-04-23 7:41 pm
      • 2010-04-23 8:02 pm
      • 2010-04-23 8:06 pm
        • 2010-04-23 8:44 pm
          • 2010-04-23 10:14 pm
        • 2010-04-23 10:01 pm
        • 2010-04-24 12:18 am
        • 2010-04-24 3:22 pm
  7. 2010-04-23 6:53 pm
  8. 2010-04-23 10:02 pm
  9. 2010-04-24 12:25 am
  10. 2010-04-24 2:44 am
    • 2010-04-24 3:06 am
      • 2010-04-24 5:38 pm
        • 2010-04-24 7:30 pm
          • 2010-04-24 9:52 pm
          • 2010-04-25 10:38 am
          • 2010-04-25 12:46 pm
          • 2010-04-26 1:54 am
          • 2010-04-26 1:36 am
  11. 2010-04-24 3:38 am
  12. 2010-04-24 3:27 pm
    • 2010-04-24 10:48 pm
      • 2010-04-25 7:08 am
        • 2010-04-25 2:47 pm