When security software causes more problem than cure
In a recent security event I attended, the security company host was boasting about how their solution can protect corporate technology infrastructure from threats, enumerating their solution offering that automates most of the procedures in securing one’s system.
This writer asked a couple of questions, one of which what happens if a patch issued by a security software provider will cause more problem than cure? The security company assured me that their offering goes a very rigid quality control and that if there will be any vulnerability, a patch will be issued and delivered live to make sure hackers won’t be able to take advantage of the vulnerability.
I expected that reply, the security software firm failed to see where my question is coming from. I am referring to the recent buggy update made by McAfee that causes thousands of computers running Windows XP to crash or inadvertently reboot. The update was issued to address a critical Windows system. McAfee published a SuperDAT Remediation Tool to help customers fix affected systems. The tool suppresses the driver causing the false positive by applying an Extra.dat file in folder. It then restores the “svchost.exe” Windows file, the file quarantined as a result of the false detection.
The remediation passed McAfee’s quality testing and was released with the 5958 virus definition file at on Wednesday, April 21. The faulty update was removed from all McAfee download servers within hours, preventing any further impact on customers. But despite the correction, a number of companies were affected including chipmaker Intel, Rhode Island hospitals, Kentucky police, University of Michigan’s medical school, and an Australian supermarket chain.
McAfee already issued an apology and announced that they will be implementing additional QA protocols for any releases that directly impact critical system files. In addition, McAfee plan to add capabilities to their cloud-based Artemis system that will provide an additional level of protection against false positives by leveraging an expansive whitelist of critical system files.
The apology was already issued, and I supposed we have no other recourse but to accept it but does that solved the problem? This is exactly my concern when I asked that question. What happens if the software that supposed to protect our computers are the ones that’s causing the problem? Does the saying “To err is human” can be applied in this situation? Maybe if this is the first time that it happended. But if my memory serves me right, problems like these already happened in the past – not only by McAfee but also other software security providers as well.
My bigger concern right now is the technology world is talking about virtualization, cloud computing and mobile computing. As powerful as it may, these technologies will be a challenge to protect and secure and if security softwares will fail us here, the problem will be much bigger. Outages from these technologies will be much wider which means loses will be staggering. Now if this happens, an apology will surely not be enough.