McAfee Error Results in Excel and Other Popular Software Being Flagged as Virus
CYBERSPACE – For a short period of time last Friday, an error in the McAfee virus definitions file caused the company’s antivirus products to flag Microsoft’s Excel and other innocuous applications as a virus named W95/CTX. The flaw was confirmed by Joe Telafici, director of operations at McAfee’s Avert labs in an interview with CNET News.“At about 1 pm PST we started getting reports that people were seeing an unusual number of W95/CTX infections in their environment,” Telafici told CNET. “Files that we did identify would probably be deleted or quarantined, depending on your settings.”
When a file is quarantined by an antivirus product, it is generally renamed and moved to a separate folder. According to Telafici, McAfee’s software identified two Microsoft Office components, Excel.exe and Graph.exe, as well as AdobeUpdateManager.exe, an application installed alongside Adobe products that deals with software updates, among other applications.
The company jumped on fixing the mistake as soon as the problem was reported. About 100 customers, including both individual end-users as well as corporate clients, reported the problem, Telafici said, adding that consumer end-users were automatically reverted to the older definition files at around 2:30 p.m. and an update was pushed to corporate users about an hour later.
Such “false positives” are not unheard of for antivirus products, and Telefaci told CNET that McAfee averages an emergency release of a virus definition file approximately every three months due to some manner of false positive.
The difference in this round is the profile of the software that drew the false positive; such errors usually don’t happen with major software like Microsoft Office products. “Usually, it is either custom applications or applications that did not exist at the time we wrote the signature file,” Telafici said.
All told, the error lasted for a little over 5 hours. The flaw first appeared in virus definition file 4715, which was released at around 10:45 am on Friday as a function of McAfee’s daily update cycle. Later in the day, the fixed emergency-definition file 4716 was released at about 3:30 pm.