"First Do No Harm" - McAfee Runs Afoul Of This Rule
UPDATE: In an effort to calm the waters, McAfee has offered to be responsible for "reimbursing reasonable expenses" for the cost of repairing the problems caused by the release of their glitch. They are also proposing free extensions to existing, affected subscriptions. This comes from a posting on their website and they promise to post details soon. Whether this will calm the hordes with the torches and pitchforks at Mcafee's doors, only time will tell.
Original Post:
"Primum non nocere" [First do no harm] is attributed loosely to the Hippocratic Oath that doctors are taught. Antivirus creators should have it embroidered on their pocket protectors.
Yesterday I was heavily into the creative process of preparing another post for this blog, which, ironically (or coincidentally, I can never determine), was to be about an antivirus protection method called "whitelisting". Theoretically, if I had been using whitelisting, this post would not
be pertinent. But that is the subject of the post that I never completed but which will appear at a later time.
Suddenly, upon having to reboot, my task bar disappeared, my computer couldn't recognize my wireless card and all sorts of other mischief ensued. Constant rebooting and repetitive cursing did not help. OK, I surmised, my trusty old Dell Latitude, circa 2004, had finally given up the ghost after many years of hard use and diligent service.
However, news soon surfaced that this was an inside job.
I had relied on McAfee antivirus service for many years and had been generally satisfied. However, yesterday, McAfee released an update that had a minor virus as its target but instead identified an essential file (svchost.exe) as malware. In some computers, this file was quarantined. In others (including mine), it was deleted. This article does a great job of explaining the problem in greater detail. Thousands of PCs were affected and many have not yet been returned to service.
My guy was able to reinstall the deleted file and my old Dell is back again. Others have not been so lucky.
The public relations fall out of this will continue for some time. Other vendors are already gleefully piling on. Twitter storms have erupted and I received several tweets from CoreTrace, a whitelisting firm, emphasizing that this kind of thing wouldn't have happened on their watch.
So, what happens now. You can bet that when problems arise, lawyers can't be far behind. One can envision class actions suits and individual suits from large corporate clients that were affected. The success of those suits will depend on the language in the individual corporate contracts and on the assessment of the courts in which the suits are filed. McAfee's online contract, which applies to little people like me, excludes damages unless caused by "gross negligence". The online contract also chooses New York law as the governing law. New York law defines gross negligence as not just more negligence than simple negligence but an act of essentially a different nature, somewhat akin to intentional wrongdoing. Somers v. Federal Signal, 79 NY2d 540. The determination of this by a court would take much expert testimony and analysis.
Stay tuned.
