McAfee has apologised to its Windows XP customers after sending out a flawed security update that crippled their PCs.
The security software maker revealed that an update to its software mistakenly identified the 'svchost.exe' core Windows system file as a virus, leading the software to attempt to quarantine the file, causing the PCs in question to either crash or enter an endless cycle of rebooting. Only PCs running Windows XP Service Pack 3 have been affected.
The glitch came to light after McAfee's support forum was inundated with messages from irate Windows XP users, both private individuals and administrators at companies running McAfee software on its computers. Indeed, the traffic to the forum forced the site offline at one point.
"McAfee is aware that a number of customers have incurred a false positive error due to incorrect malware alerts on Wednesday, 21 April," said McAfee spokesman Joris Evers in an email responding to complaints. "The problem occurs with the 5958 virus definition file (DAT) that was released on April 21 at 2:00pm GMT+1."
He added: "Our initial investigation indicates that the error can result in moderate to significant performance issues on systems running Windows XP Service Pack 3."
McAfee has posted an article on the matter, containing downloads and instructions for two potential solutions to the problem, as well as a workaround to suppress the defective update.
The company claimed businesses have been worst hit by the glitch, and initially downplayed its impact on its overall customer base.
"We believe that this incident has impacted less than one half of one percent of our enterprise accounts globally and a fraction of that within the consumer base home users of products such as McAfee VirusScan Plus, McAfee Internet Security Suite and McAfee Total Protection," Barry McPherson, executive vice president for customer service, wrote on the McAfee blog. "That said, if you're one of those impacted, this is a significant event for you and we understand that."
In a follow-up post also containing further advice for those affected by the error, McPherson shifted his focus from the small number of people affected to fully acknowledging the inconvenience they had endured.
"In our ongoing efforts to protect our customers from a seemingly endlessly multiplying variety and volume of attacks, today we released a update file that clearly did more harm than good," he wrote.
"There was a legitimate threat and we wanted to protect our customers, as we have done successfully thousands and thousands of times before," he added. "But in trying to do so, we created negative and unintended consequences for some very important people. Many of you."
"Mistakes happen. No excuses," McPherson concluded. "The nearly 7,000 employees of McAfee are focused right now on two things, in this order. First, help our customers who have been affected by this issue get back to business as usual. And second, once that is done, make sure we put the processes in place so this never happens again."
