McAfee blames QA process change for faulty update

Companies around the world have been forced to clean up thousands of computers after the flawed...

Companies around the world have been forced to clean up thousands of computers after the flawed McAfee anti-virus update released on Wednesday caused chaos.

The update mis-classified a critical Windows XP system file as a malicious program. The affected computers were rendered useless as the McAfee software attempted to remove the "threat".

On Thursday, McAfee released a remediation tool to help customers fix affected systems by restoring the Windows file mistakenly quarantined.

McAfee said the security firm believed less than 0.5% of corporate customers and a fraction of that within the consumer base had been affected.

But Twitter postings by both McAfee corporate and consumer customers indicated the problem may have been much larger.

One large US multinational company saw 50,000 PCs go into a reboot frenzy as a result of the faulty update, according to US reports.

Twitter and McAfee's comment pages were filled with complaints that the security firm had failed to detect the flaw before sending out the update.

"I want to apologise on behalf of McAfee and say that we're extremely sorry for any impact the faulty signature update file may have caused you and your organisations," said Barry McPherson executive vice-president of tech support at McAfee in a blog post.

According to McPherson, the flaw in the update was not detected in the testing process because of a recent change to McAfee's quality assurance (QA) environment.

"To prevent this from happening again, we are implementing additional QA protocols for any releases that directly impact critical system files," he said.

McAfee also plans to add capabilities to its cloud-based Artemis system to provide additional protection against false positives by using an expansive whitelist of critical system files.

Read more on Hackers and cybercrime prevention