07.04.09
Euro-Cyberstrike! When Anti-Virus Attacks
Updated
“IT admins across the globe are letting out a collective groan after servers and PCs running McAfee VirusScan were brought down when the anti-virus program attacked their core system files,” reported el Reg.
“Details are still coming in, but forums here and here show that it’s affecting McAfee customers in Germany, Italy, and elsewhere. A UK-based Reg reader, who asked to remain anonymous because he was not authorized by his employer to speak to the press, said the glitch simultaneously leveled half of a customer’s 140 machines after they updated to the latest virus signature file.”
Anyone familiar with anti-virus warning screens and quarantining of files dubbed infected or malicious can imagine the hilarity hysteria that might result if the anti-virus program mistakenly targets the operating system.
DD covered the anti-virus industry model in yesterday’s post . It was called “Enumerating Badness,” the 24/7 process/arms race of cataloging all Internet Badness — viruses and malware — with the aim to detect and block. The nature of this solution guarantees regular and systematic failure as part of the overhead of conducting business on the Internet.
You see, the generation of malware is also guaranteed to be virtually infinite, and this creates the daily, sometimes hourly, need for continually updating your “Enumerative Badness” catalog, or anti-virus scanner. And with this there is always present a capacity for error, potentially massively distributed trouble, since anti-virus updating is, for most people and institutions, entirely automated.
And so it is unsurprising to see instances of worst-case potentials in reality, cases in which the computer is disabled by a mistake described in el Reg’s news piece.
Reading the story’s comments provides further opinion:
Epic FAIL… #
… was McAfee’s response — just take a look at user pk02137’s post at the McAfee support forums:
http://forums.mcafeehelp.com/showthread.php?t=231901&page=4
Pretty good story there; over 8,000 desktops and 150 servers. Ouch. These things do happen, but McAfee’s response could have had been better. Much better.
Cybersecurity – Diversity #
By Anonymous Coward Posted Saturday 4th July 2009 03:25 GMT
The are massive risks of catastrophic failure with any system monoculture. Those leading the cybersecurity initiatives recently announced by the US and UK governments are well advised to reflect on this.
A level of diversity in hardware/software platforms and security solutions must be encouraged and preserved. In a cyberwar, system diversity will limit the effects of friendly fire and vastly reduce the weak opponent’s chances of carrying out a “cyberspace spectacular.”
More here
And in the same vein from 2003 at Vmyths.