Who Is Minding the Security Store - Essay Example

Who is Minding the Security Store? An antivirus software up from McAfee failed on April 20th, This led to numerous computers running Windows XP to either reboot continuously or crash. The update reversed the activity of the antivirus software by turning it against Microsoft Windows vital components, rather than against malicious software (Harkins 70). The damage caused by the antivirus update was widespread. Michigan University’s medical school was hard hit, for example, with reports of eight thousand computers crashing.

While the update was meant to detect the W32/wecorl.a virus, which was a minor threat, and destroy it, it went rogue and attacked the svchost.exe file that is critical for Windows XP SP3. It quarantined the file and removed it and, in some cases, totally deleted it. Without the file, computers running on Windows were unable to boot properly. After updating their McAfee antivirus software, the machines booted repeatedly or crashed. Some lost the capability to connect to the internet, while others lost ability to use the USB drive.

The latter problem made it even more difficult to reinstall the svchost.exe from another computer (Harkins 70). Personal computers that ran Windows XP SP3 were all affected, while those running SP2, SP1, Windows 2000, Windows 7, and Vista were not affected. The problem with the McAfee updates came from DAT 6807, as well as the subsequent DAT 6808, which was dependent on the client’s product in use (Harkins 71). McAfee offered two solutions to the problem, both of which needed the clients update the DAT 6809 file that they released later.

One of the solutions involved the users without internet connectivity uninstalling the McAfee antivirus software, rebooting their machines, downloading another update version from the company’s website and installing the update. The second solution had to do with manual and automatic updating methods for existing DAT 6809 updates. If the user continued to have problems following the DAT version update, they were advised to use the McAfee Consumer Product Removal tool to uninstall it, followed by installment of their updated product version (Harkins 71).

In addition, McAfee also reimbursed their clients for reasonable expenses that resulted from the faulty update. This was offered to home office clients that were impacted and had incurred costs related to PC repair due to the update problem (Harkins 71). In addition, the reimbursement also covered repair measures and tech support specialist visits. The reimbursement was necessary in minimizing the fallout with the public that was occasioned by issues caused by the faulty update. Finally, they also sent recovery CDs to their clients through express delivery, while also extending their subscriptions with McAfee for an additional two years free of charge (Harkins 72).

It took McAfee some fourteen hours following the first report of malfunction to post an announcement about it. The first announcement, made by an unidentified spokesman, only made a reference to the problem and gave the affected clients a way to uninstall the antivirus software and install a new version. Later, Barry McPherson, who was McAfee’s Executive Vice President, made another announcement. However, it took more than forty-eight hours for the company’s public relations department to craft a statement that was given by Barry McPherson (Harkins 76).

McAfee definitely could have handled the problem better from a public relations point of view. Their dithering in offering what could pass as an apology allowed its European competitor Sunbelt to pounce and direct McAfee clients to their website from which they could install their product free and retrieve data. It was only three days after the update malfunction that McAfee offered a detailed apology for the problems and, by then, enough damage had already been done. Considering how sensitive the issue was and the types of clients that McAfee had, the PR department should have involved from the beginning in reducing the fallout.

However, their offer of reimbursement for reasonable expenses went some way in reducing the fallout. However, while McAfee was able to arrest the situation with relative speed, the communication of the malfunction was more damaging than the malfunction (Harkins 76). There are various things that organizations can do in order to protect themselves from fallout in such situations. For example, they could contract a hosted vendor who will provide invaluable services. Growing and established companies, sometimes, can find it very difficult to keep up with technological advances and software updates are one such instance (Harkins 77).

Rather than allowing IT requirements to limit the organization’s potential, it is best to partner with hosted solutions vendors. In this case, the organization must ensure that the vendor is experienced in every aspect of information and data maintenance. Experience includes system components that are tolerant to faults, data redundancy in dual locations, processes and systems of data recovery that are sensitive to risk, technical and monitoring support applications that are active 24/7, and a tiered process of software quality assurance.

Hosted solutions will let the companies use sophisticated functionality sans investments and complexities that they need to implement them. While the hosted solution provider keeps a close look on the company’s information system security, the company can focus on their core competencies (Harkins 77). Work Cited Harkins, Malcolm. Managing Risk and Information Security: Protect to Enable. New York: Apress, 2013. Print