Posted by Virus Bulletin on May 4, 2010
Compensation for faulty update victims could set precedent.
Victims of the erroneous McAfee DAT update last month are being offered cash payments to cover costs incurred in fixing the problem.
The issue emerged on 21 April, when users of McAfee's corporate solution VirusScan Enterprise found their machines rendered inoperable after the common process svchost tripped a faulty detection algorithm. The problem apparently only affected users of Windows XP SP3 using a scanning setting disabled by default, and the dodgy DAT was recalled swiftly, but the error struck large numbers of users around the world.
In response to the predictable wave of anger and frustration, McAfee offered support and assistance, setting up a dedicated support line and providing software via mail for those unable to access their machines at all to download fixes. In an unusual step, the company has also promised to reimburse 'reasonable expenses' to those who have already shelled out for professional help - a move which could set a precedent for security firms offering compensation to those hit by such errors. A number of firms have in the past offered 'insurance' against malware sneaking past the protection they offer, but the problem of damage caused by false positives is rarely addressed in this way.
An early report on the false positive issue can be found in The Register here, with details of some of those affected here. An open letter from McAfee CEO David DeWalt, explaining some of the measures being taken to ensure no repeat incidents, is still prominently linked on the McAfee homepage and can be found here. The announcement of the assistance and compensation plan is here, although no further details seem to have emerged as yet.
Posted on 04 May 2010 by Virus Bulletin