topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 10:54 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: False Positive on Software (Generic.Dx) by McAfee Today: McAfee Response and Fix  (Read 69847 times)

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
I encourage everyone to email McAfee and complain about these mistakes.

If you own a blog or participate in another forum, please spread the word about how McAfee is being irresponsible in their antivirus updates.

Something *has* to change in how they are updating their signatures or dealing with heuristic new detections.

Their email is: [email protected]>

Their are many ways they could address this problem:
  • Being more careful about the patterns they use in their signature
  • Being more honest when reporting a detection, and saying clearly that a brand new, possibly false-alarm incorrect detection has taken place.  This seems down right obvious to me -- if you just update your signature database and suddenly thousands of people have a virus detection in a 6 month old program then there is a high likelyhood it's a false alarm.
  • Give people some choice about what to do when a virus is detected.

McAfee are doing harm to software authors with their sloppy irresponsible behavior -- please help spread the word so that they are forced to take some corrective action.

And by all means demonstrate your dis-sastisfaction by demanding a refund and boycotting their software until they address this.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
I just had a thought.. should we actually try to organize a "official" boycott/protest against McAfee?
We've never done such a thing before -- I don't expect we would have much luck maybe we should try?

The goal would be to bring attention to this false alarm issue and insist that they come up with a more sensible way of dealing with it.

drpeterharris

  • Participant
  • Joined in 2008
  • *
  • default avatar
  • Posts: 8
    • View Profile
    • Donate to Member
My software has been hit again by this.  3 completely separate apps have been wiped from end-users PCs without a by-your-leave.

This happened a month ago and we were just recovering from the damage that had done.   It has now happened again.   McAfee just say "it will be fixed in the next DAT" but that quite frankly is not good enough

I write software for the healthcare industry and many end-users have managed AV solutions so they cannot add exclusions themselves.

This has done incalculable damage to my companies reputation (not to mention my blood pressure)

Peter


mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
bassclarinet, it's yet another false alarm on all Autohotkey programs.. You can download the ahk source code for the tool and compile it yourself if you are concerned.

cranioscopical

  • Friend of the Site
  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 4,776
    • View Profile
    • Donate to Member

The problem's wider than just McAfee's fun and games, though isn't it?

AVG Free is one of the scanners that I use. 
It has happily scanned and passed executable files belonging to PECompact for ages. 
Then, suddenly, the identical files all are suspect and quarantined. Next... oops they're OK again.

Annoying though this is, I suppose, from a user's point of view, I'd rather have it this way round
-- better safe than sorry -- than fall foul of something nasty.

OTOH, were a product of mine left with mud sticking to it due to some innuendo I'd be hopping mad.


mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
No one expects 100% perfect detection.

What i do expect is:
1) a reasonable amount of care and intelligence when adding new signatures.
2) an appropriate message to the user, something like:
"A file on your computer which was previously reported as fine has matched a brand new untested pattern in our database.  There is a reasonable chance that this is a false alarm on our part.  If you are confident that the program is safe, press this button to keep using it.  If you are unsure, press this button to quarantine the program and be informed in a few days when we determine for sure whether the program is dangerous or not.  Click here to view detailed information about the pattern found."

drpeterharris

  • Participant
  • Joined in 2008
  • *
  • default avatar
  • Posts: 8
    • View Profile
    • Donate to Member
I agree.  However I suspect that McAfee will say that what happens when a suspected virus is found is up to the user.  There are usually options to be alerted/quarantine/delete permanently.

They will then hide behind the fact that what happens is the responsibility of the end user

No comfort to me though as the end users don't quite see it like that  :(

Another interesting point is that the risk identified in my files by McAfee this time is "MalWarrior".   However searching the risk database at McAfee doesnt find it and googling shows that MalWarrior is actually a rogue anti-spyware application.  I cannot quite see how any of my applications can be confused with an antispyware application (rogue or otherwise)

Peter
« Last Edit: April 11, 2008, 03:01 PM by drpeterharris »

Dormouse

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,952
    • View Profile
    • Donate to Member
I just had a thought.. should we actually try to organize a "official" boycott/protest against McAfee?
But doesn't anyone with any sense/knowledge avoid McAfee anyway?

drpeterharris

  • Participant
  • Joined in 2008
  • *
  • default avatar
  • Posts: 8
    • View Profile
    • Donate to Member
Sadly we are talking about the UK NHS IT project here.  £14bn ($27bn) spent on the largest IT project in the world.  It doesnt work properly and as you have so correctly observed it uses C**p software. 

The project is so advanced that it doesnt work with IE7 and everyone has to use IE6 or it crashes.

So everyone has managed McAfee installed which then makes a dogs dinner of the job it's meant to do

Sigh . . .   :'(

Peter

cranioscopical

  • Friend of the Site
  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 4,776
    • View Profile
    • Donate to Member
But doesn't anyone with any sense/knowledge avoid McAfee anyway?

Speaking as one who is ill equipped to enter a battle of wits, I must protest on behalf of myself and the rest of the WOODen tops. 
We in the World Organization Of Dopes fail to see why people without sense and/or knowledge in this area should be penalized.

We're the very people most likely to be spooked into turning away in fear from perfectly respectable, legitimate, safe software.
More importantly, we are the most susceptible to inheriting items such as McAfee through slick marketing techniques.

It's also true that this kind of issue emanates from most, if not all, A-V vendors at some point.

Perhaps it's because I've seen a few issues lately, but I have a sense that the problem is increasing.
Maybe it's just that more and more insidious stuff is being released into the wild...?


Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,747
    • View Profile
    • Read more about this member.
    • Donate to Member
But doesn't anyone with any sense/knowledge avoid McAfee anyway?

I'd say a big no on that. Everyone I know who buys a Dell has McAfee bundled on their system. They don't care because they need an anti-virus, and they got it "free" for a year. :deal:

In fact, just before I married my wife, she renewed her subscription to McAfee. :wallbash: I've been trying to get her to let me format all that crap off her laptop and put some good applications on there, but thus far she's been resistant.

cranioscopical

  • Friend of the Site
  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 4,776
    • View Profile
    • Donate to Member
just before I married my wife, she renewed her subscription to McAfee

What, and you went ahead with the wedding?  :o


Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,747
    • View Profile
    • Read more about this member.
    • Donate to Member
just before I married my wife, she renewed her subscription to McAfee

What, and you went ahead with the wedding?  :o
-cranioscopical (April 11, 2008, 05:44 PM)

Yeah, another one of these was involved: :deal:

 :P

Curt

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 7,566
    • View Profile
    • Donate to Member
I felt strange when reading how people will install this dat fix instead of installing a trustworthy Antivirus...

-

Edited:
Oh, I didn't notice before posting that this thread has two pages..

But speaking of trustworthiness and some kind of campaign against McAfee, my feeling is that such demonstartion would have to come from users of the relevant programs, wouldn't it. Or do 'you' think we could all participate?
« Last Edit: April 12, 2008, 03:46 AM by Curt »

drpeterharris

  • Participant
  • Joined in 2008
  • *
  • default avatar
  • Posts: 8
    • View Profile
    • Donate to Member
I know that a number of my users have emailed McAfee already.  I am following this up with a letter that I am currently writing

Doubt if it will do any good but it makes me feel better  ;)

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,747
    • View Profile
    • Read more about this member.
    • Donate to Member
But speaking of trustworthiness and some kind of campaign against McAfee, my feeling is that such demonstartion would have to come from users of the relevant programs, wouldn't it. Or do 'you' think we could all participate?

That's what I was thinking. We can't really boycott the product if we're not using it already. And it's not like you can just cancel your subscription half-way through and get your money back if you are using McAfee. It would require some major campaign that spans a couple of years before McAfee would noticed anything from people no longer subscribing. And I'm afraid that, as I said, McAfee being bundled with all Dell hardware I'm aware of, they wouldn't notice a thing anyway.

Curt

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 7,566
    • View Profile
    • Donate to Member
- so now we are going after Dell!!  8) Well, if I was president...


No, civilization, culture and industrialisation has only little to do with genuine progress!  :(

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,747
    • View Profile
    • Read more about this member.
    • Donate to Member
- so now we are going after Dell!!  8) Well, if I was president...

:)

My point I'm trying to make is that I don't think a boycott would be a very effective way for us to communicate our distaste for McAfee's practices. We'll have to think of other means to get their attention.

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,884
    • View Profile
    • Donate to Member
It's not just Dell...McAfee has a partnership with AOL and some other ISP's to promote their stuff, and in some cases to give it away for free to all their customers.

vlastimil

  • Honorary Member
  • Joined in 2006
  • **
  • Posts: 308
    • View Profile
    • Donate to Member
If there is to be a boycott, I am 100% supporting it. (see my compaint on the previous page of this thread)

Emailing McAfee may not be enough, they'll just ignore it, we are not their customers anyway and I suppose it even may be their strategy to report the false positives on purpose to appear "useful" to the end user. The truth is, an antivirus is not a replacement for common sense and the virus threat is not that big if you are behind firewall and have OS properly updated.

I'll try to write a blog post about my experiences and give them some bad PR, but I am not sure how effective it would be. I anyone joins the effort it has much better chance to succeed.

drpeterharris

  • Participant
  • Joined in 2008
  • *
  • default avatar
  • Posts: 8
    • View Profile
    • Donate to Member
Thought you may be interested in this reply I just received from McAfee.  It came as a result of a letter I wrote to the US, UK and European headquarters.   It seems to have hit the right button:

First of all I wish to express my regret in the inconvenience you and your customers may have experienced with the reported incidents. I’ve contacted Mr. Mann, Sr. Manager Avert Labs and he suggests the following:

GP-IT can work with McAfee to get copies of their applications added to our False Testing Rigs, systems that contain known good files that we verify against on every dat release test.  If this is something GP-IT is interested in, have them provide us with the contact phone number for someone within GP-IT for us to work with and Avert Labs will contact them to get this process started.

I’d appreciate if you could forward the name and contact details of your liaison with McAfee to me so that similar occurrences may be avoided in the future.

With kind regards

Ronald Rosbergen
Manager Customer Service EMEA
McAfee, Inc.

Peter

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Go Peter!!  :up: :up: :up:

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
...I wonder how much that's going to cost you?
- carpe noctem

vlastimil

  • Honorary Member
  • Joined in 2006
  • **
  • Posts: 308
    • View Profile
    • Donate to Member
"...expressed regret in the inconvenience" and allowed you to help them fix their problems...hmmm.  :-\ That's the right business attitude.

Sorry for sounding so ironic. You have managed to do much more than many of us in similar position.  :Thmbsup:

drpeterharris

  • Participant
  • Joined in 2008
  • *
  • default avatar
  • Posts: 8
    • View Profile
    • Donate to Member
I am trying hard not to be cynical and am prepared to give them the benefit of the doubt.  I will keep you all posted.

Peter