Friday, August 20, 2010

McAfee: Purchased by Intel After Fiasco

McAfee: Purchased by Intel After Fiasco

What is Virus Protection?

Operating Systems like Microsoft Windows offers mechanisms to install software automatically. Sometimes, it the mechanism is a bug. Other times, it is a key which may have been purchased or hacked, and later leveraged to deposit viruses or spy-ware. Sometimes, the OS just offers too much freedom to the user, to allow them to install anything they would like (anywhere they would like), and when they unwittingly install a piece of software on purpose, the machine becomes infected.

Some consider it the computing system equivalent to the Mafia, "You want to be safe, pay us some protection money, and you'll be safe." They work to make the computing environment more rigid because the operating system vendor (in this case, Microsoft) was too lazy.

To make the environment more rigid, inspection is done for known snips of code on files loaded on the hard drive, coming in or out via email, or through tools like web browsers. These pieces of code that are searched for, basically subets of the possible virus or worms which can be used to identify them, are called "signatures".

The "signatures" are distributed from central locations from the Mafia's God Father to the software applications which some people choose to install on their computer, hereafter referred to as the Hitman. It is the job of the Hitman on your computer to whack the virus... or regularly encourage you to pay-up if you did not pay your security bill.

Leading up to the Acquisition:

Less than half a year ago, McAfee distributed a virus signature update that identified a core Microsoft Windows file a problem and whacked it.
McAfee update crippled some Windows PCs by quarantining or deleting a file crucial to Windows operation, called “svchost.dll”.

The bug, McAfee said, meant that “less than half of one per cent” of business customers, and a smaller number of consumer customers, could not use their computers. The company did not release any detailed figures, but said that the problem nly occurred on machine running Windows XP Service Pack 3 in combination with a specific build of McAfee’s antivirus product.
Large segments of society, especially emergency services who were unfortunate enough to pick Microsoft Windows for their core infrastructure, in combination with McAfee, and various service packs were scrambling for cover.
Reported victims include Kansas City Police Department and and the University of Kansas Hospital and about a third of the hospitals in Rhode Island. PCs also went haywire at Intel, the New York Times reports, citing Twitter updates from workers at the chip giant as a source.

First hand experiences from an Iowa community emergency response centre, ironically running a disaster recovery exercise at the time, can be found in a posting to the Internet Storm Centre here. The Register has heard from a senior security officer at a net infrastructure firm that was also hard hit by the snafu, as reported in our earlier story here.

McAfee picked up very bad reputation after this event.

To be fair, a virus signature is nothing more than a pattern of bits that can appear in a file at a particular set of locations, so it is amazing that after all these years, with so many virus signature creators, that this has not happened earlier.

The New God Father:

After a very bad spring and summer, the cost of the help desk support to repair all of those old machines, lost customers who would stop using their products, bad media coverage from the mishap, and new customers who were not very interested in taking a chance on them - someone else was really needed to clean up their reputation.

Intel Corporation made purchased McAfee. What surprises me is that fewer media outlets had connected the purchase with the recent virus signature failure.

Network Management Connection:

Microsoft Windows systems are tremendous targets for viruses and worms. With Network Management systems which must be located in a DMZ and connect to millions of potential end points, such platforms should be considered a virus & worm distribution system, and avoided.

The application of virus definitions to such production systems can disrupt the reputation of a third party management company and put them out of business, the same way McAfee tarnished reputation needed to be consumed by Intel.

No comments:

Post a Comment