There used to be a time, when McAfee products were nice, lean, and using them wasn’t fraught with perils of nuking your system due to antivirus wonkieness. Well, those times have been gone for a while now. Today there’s another news on McAfee antivirus going insane, deciding that part of the system is an evil virus — svchost.exe in Windows XP SP3 systems is declared to be infected, promptly quarantined and computers left doing either infinite loop or loosing all netwrok access.
Either way it means hundreds of hours of IT staff going around the office, updating antivirus, restoring windows systems over and over and over again. Reqal question is, why McAfee did it? Don’t they have some sort of mechanism that supposed to prevent parts of the system from being whacked while hunting malware?
Another big question is, will they pay for all those countless hours of manual repair/restore/update labor? I know many companies pretty much mandate that McAfee products should be used on all systems, and this is just a side effect of corporate “monoculture”.
Yes, I personally prefer Kaspersky (even though it’s not the best antivirus, it’s generally good enough, and I haven’t had any issues that’d result in dead system yet), but this applies to all antiviruses — if you are an enterprise, it’s very tempting to just get a nice large contract, a ton of copies of single-brand antivirus and then with a good probability, everything will die when that particular version will go nuts. I wonder how many companies actually actively split up malware detection into segments, so that even if one of the vendors goes nuts, at least 2/3rds of the office network is still function properly…