Compensation for faulty update victims could set precedent.
Victims of the erroneous
McAfee
DAT update last month are being offered cash payments to cover costs incurred in fixing the problem.
The issue emerged on 21 April, when users of
McAfee
‘s corporate solution
VirusScan Enterprise
found their machines rendered inoperable after the common process
svchost
tripped a faulty detection algorithm. The problem apparently only affected users of
Windows XP SP3
using a scanning setting disabled by default, and the dodgy DAT was recalled swiftly, but the error struck large numbers of users around the world.
In response to the predictable wave of anger and frustration,
McAfee
offered support and assistance, setting up a dedicated support line and providing software via mail for those unable to access their machines at all to download fixes. In an unusual step, the company has also promised to reimburse ‘reasonable expenses’ to those who have already shelled out for professional help – a move which could set a precedent for security firms offering compensation to those hit by such errors. A number of firms have in the past offered ‘insurance’ against malware sneaking past the protection they offer, but the problem of damage caused by false positives is rarely addressed in this way.
An early report on the false positive issue can be found in
The Register
here
, with details of some of those affected
here
. An open letter from
McAfee
CEO David DeWalt, explaining some of the measures being taken to ensure no repeat incidents, is still prominently linked on the
McAfee
homepage and can be found
here
. The announcement of the assistance and compensation plan is
here
, although no further details seem to have emerged as yet.
Posted on 04 May 2010 by
Virus Bulletin
Leave a Reply