September 10, 2004 7:22 AM PDT

McAfee's Trojan horse error gets developer's goat

Related Stories

Top McAfee exec to step down

September 7, 2004

McAfee grabs Foundstone

August 16, 2004

Security vendors face new kid on block: Microsoft

August 9, 2004
An Australian software developer is considering suing McAfee after the antivirus company wrongly identified his Internet setup program as a Trojan horse in a recent virus definition update.

Mark Griffiths of Brisbane said he is "not ruling out" filing a lawsuit against McAfee even after the antivirus company released on Thursday an update to its DAT virus definition file that fixes the false positive.

Griffiths sells the Internet setup program, ISPWizard, to Internet service providers in more than 20 countries. McAfee antivirus software on ISP customers' computers labeled ISPWizard as the BackDoor-AKZ Trojan horse. Because the McAfee software automatically eliminates the program from the users' system, many were not able to connect to their ISP.

Griffiths said he was first notified about the mistake on Sept. 2 by ISPs in the United States. They had been alerted by their customers, who had not been able to access their Internet services. Immediately after being notified, Griffiths sent an e-mail to McAfee but did not hear back from the antivirus vendor until Monday.

Griffiths estimated a loss in revenue of at least 50 percent for this month because the program was labeled a Trojan. He added that one of his customers lost $3,000 after the provider's customers shifted to another ISP as a result of the McAfee difficulties.

Allan Bell, McAfee marketing director for the Asia-Pacific region, said the company released a new DAT file on Thursday including changes that addressed Griffiths' problem. Bell explained that the software identifies Trojan horses based on a signature or a pattern. Because of this, he said, "there is always a danger of a false positive," meaning the DAT file matches a program that is not a virus.

Bell said McAfee provides a procedure for developers to ensure their software is tested. He added that developers can submit their program for testing, free of charge, by calling the McAfee support department. The program is then matched to the 30 million files of known good code to make sure there are no false positives.

"We do have a large database of known good files and programs that we scan against to make sure that there are no false positives. False positives happen in very rare occasions, and so we want to encourage developers to talk to our support department about testing their programs," Bell said.

However, Griffiths said that even after McAfee sent out the changes to the DAT files, some customers who have not updated their personal computers will still not be able to access their ISPs. He added that the changes to the antivirus software will not affect his decision whether to file a lawsuit against McAfee.

"If there is going to be a lawsuit, it wouldn't be affected by the release of the software fix because it took so long for them to do it and how they handled the problem was not satisfactory," Griffiths said.

Bell refused to comment about the possibility of a lawsuit.

Kristyn Maslog-Levis of ZDNet Australia reported from Sydney.


Join the conversation!
Add your comment
what's not satisfactory?
They addressed the issue within days.

They have a process for developers to pre-test their software.

The responded within days.

If you want to sue them, you need to show they are being negligent. How are they being negligent. Clearly the developer isn't aware that McAfee has these processes in place, and in reality it's the developer's job to be aware of this situation. The developer should know that the world is using anti-virus software, and everyone is well aware that anti-virus software can cause other software not to install correctly.

Try and prove negligence in this case. I just wish I was in court to watch the judge's eye-brow raise in utter amazement that you are wasting the court's time with this garbage.

-Alex Alexzander
Posted by Alex Alexzander (198 comments )
Reply Link Flag
Rebuttle to Alex
This Alex person must not be a software developer, and probably more likely working for the IRS or similar company.

Based on Alex's statement "They have a process for developers to pre-test their software.", what he is basically saying is that it is the job of all software developers to submit their software to EVERY anti-virus software company. No-no-no-no! The burden of proof is in the hands of McAfee. It is their job to identify all viruses and such properly. Software developers has a full right to develop software and sell to end-users without the need to submit to procedures set forth by another company. Doing so would be totally ridiculous!

It is true that software companies should submit their software to the manufacturers of operating systems, such as Microsoft or Apple, for testing. That's because the operating system is a core foundation for all software. Anti-virus software, however, is NOT a required component of a computer.

Another point Alex made, "They addressed the issue within days." Addressing the issue is NOT the solution. The issue is that McAfee's method of detecting software via a signature is what's at fault. There's no way for McAfee to reverse the damage they did, which is why there is no issue to be addressed. McAfee's customers rely on Internet connectivity to obtain AV updates. For McAfee to basically change their updates and post them on the Internet is stupid because THE ISP CUSTOMERS CAN'T EVEN GET ON-LINE TO GET THE UPDATES!!!!! Or did Alex not realize that??????

Get real, dude!
Posted by (1 comment )
Link Flag
He refuses to say if he will take legal precedures
mcafee are liable in a number of areas a company like themselfs know their position if they say something is bad its written and so it is done the masses will believe it they must have insurance or a fund put aside from all that money they make to cover themselfs from this sorta thing "friendly fire" but its like driving in to the back of another car no matter what the situation it was your at fault and your insurance company must pay. this man has worked very hard to produce his software just for mcafee to come along and give it a bad name for no better reason than their software didnt like the look of it well mcafee should not be allowed to work this way its guilty until proven innocent.
Immediately after being notified, Griffiths sent an e-mail to McAfee but did not hear back from the antivirus vendor until Monday.
days is simply not good enough you would have to be a complete moron not to be able to add a simple line of code to a dat file and add it to your update servers in less than 5 mnts what mcafee more than likely did was treet him as some scammer and his software as a trojan you have to understand that the majority of his customers wont read news pages like c|net and slashdot to here of this injustice to them and their isp's.
Posted by (1 comment )
Link Flag
Wasting the court's time with this garbage?
In this day and age the courts live for this garbage it keeps pay checks coming in.Everyonme wants a pie of the internet sky.We will see more and more of this stuff tieing up the courts it's no different then the format wars (that are driving everyone crazy)Everytime you stick a vcd in your home player you have to pray it will play on your machine.Everyone wants to protect their goods while the rest of us walk around ind a daze wondering "will this work with that will that work with this!
Posted by (1 comment )
Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.