For over five hours Friday, McAfee's anti-virus software erroneously flagged hundreds of legitimate executables as a malicious virus, leading some customers to quarantine or delete the offending files and render applications such as Microsoft Excel inoperative.
An error in McAfee's daily virus definition file (dubbed "DAT") identified the files as W95/CTX, a virus first discovered in 2004. All editions of McAfee's on-demand-scanning products, including both the enterprise and consumer versions of VirusScan, were affected.
Among the legitimate files painted as malware were Microsoft's Excel spreadsheet, Adobe's Flash, the Google Toolbar installer, several Adaptec drivers, and parts of Sun Microsystems' Java Runtime Environment. The list that McAfee posted of the affected files numbers more than 330, but even so, the SANS Institute's Internet Storm Center called it incomplete.
"It doesn't include any of the Oracle binaries that have been reported to be affected by some of our readers," one of the Storm Center's analysts wrote on the site Sunday.
Depending on how users had configured VirusScan, the harmless files were either quarantined to a special folder or deleted. In either case, applications were broken as files were moved or erased from hard drives.
And what did people expect? This is the main reason why I refuse to use this kind of software, except on rare occasions to scan a system for viruses (in other words, I don't install live anti-virus monitoring tools.)
Antivirus software is:
- Fully capable of modifying or erasing files on your hard drives without human intervention
- Designed and developed by imperfect human beings
- A cure that is sometimes worse than the disease