Firms accuse McAfee of failing to warn them of coding error in anti-virus update

Anti-virus company McAfee came under fire this week after a programming error in its downloadable anti-virus software brought...

Anti-virus company McAfee came under fire this week after a programming error in its downloadable anti-virus software brought desktop computer systems to a halt in small businesses on both sides of the Atlantic.

Firms in the UK and the US were left without PC access for up to three days after they downloaded virus updates to McAfee's Virusscan 8 product two weeks ago. They have accused McAfee, one of the world's leading anti-virus suppliers, of failing to take adequate steps to warn them about the problem.

Many businesses only discovered that McAfee software was at fault when they posted requests for help on internet forums.

Rosco White, director of recruitment firm Euro IT Resourcing, said his firm lost a day and a half of business after downloading the update. He has now switched to another anti-virus supplier.

US firm said it was unable to update its website for three days after the download left a critical machine unusable. "Our website announces upcoming events, so it was important that we got it back up to speed as soon as possible," said Partiers co-ordinator Kevin Gierlach.

"We never received e-mail notification about the problem. We were extremely disappointed and many other McAfee customers recommended that we switch virus protection programs."

Neil Barrett, technical director at security firm Information Risk Management, criticised McAfee for failing to publicise the problem prominently on its website.

"I am surprised the alert is not on the front page and you have to go looking for it. I can see a certain amount of corporate embarrassment, but there is no reason why it should not be widely circulated. It is their business to protect customers," he said.

But Barrett said it was sensible for anti-virus companies not to send out alerts by e-mail, as they could easily be copied by virus-writers who could use them to distribute malicious code.

McAfee said that although the problem was serious for those companies that downloaded the update, it had only received complaints from 1,000 of its four million customers. Seven per cent of its support calls related to the problem, it said.

The firm, which first received reports of the bug four weeks ago, said it had offered a fix for the problem to customers who contacted the support desk, posted a notice on its website, and was in the process of sending out out automatic patches.

White, who uses a dial-up connection, said he had not received the patch. Partiers, which has an always-on connection, said its system received a patch on Wednesday night, weeks after the problem first emerged.

Barrett advised firms affected not to change to another anti-virus software supplier.

"Once you have an embarrassment like that, firms put in stringent checks to make sure it does not happen again. Ironically, you are better off sticking with the company," he said.

Read more on Antivirus, firewall and IDS products