This afternoon McAfee sent an update that closed down all my client's XP machines. In essence DAT update No. 5958 deletes the svchost.exe file which then tries to continually re-establish itself and nails the computer and network.
One expects virusses to do this, not one's security company. This also has impacted
many other companies it seems!
Now, lets talk money - its taken several hours to get the machines back up. We're not talking the IT department sorting it, we're talking the people whose machines are going haywire having to pass memory sticks around to each other and bring their own machines up (a few of us had non McAfee machines - there is a lesson for you in efficient redundancy). Now, High End Consultancies charge several hundred dollars per hour, so wasting several hours per consultant is tens of years worth of McAfee licences in fees lost - each. And I'm sure those economics translate one way or another for many other companies too.
Security software is the sort of thing that is a commodity price item, one wants to pay once and never have to worry about - certainly not find it costing many times its price in hassle. There are many other competitors. So how does McAfee handle the situation? On the website they say:
Our initial investigation indicates that the error can result in moderate to significant performance issues on systems running Windows XP Service Pack 3...
....McAfee apologizes for any inconvenience to our customers
And the fix is ok, but manual and technically non-trivial.
In other words "We Apologise" is not nearly enough.
It will be interesting to see how McAfee handle this.