McAfee antivirus program goes berserk, freezes PCs

Cybersecurity Update – Tune in weekdays at 30 minutes past the hour for the latest cybersecurity news on The Federal Drive with Tom Temin and Jane Norris (6-10 a.m.) and The Daily Debrief with Chris Dorobek and Amy Morris (3-7 p.m.). Listen live at or on the radio at 1500 and 820 AM in the Washington, D.C. metro area.

  • It’s software that is supposed to protect computers and the people who use them from viruses and other rogue programs. But for a time yesterday, McAfee software was the culprit in causing a bunch of business computers to malfunction. It started when McAfee posted a software update yesterday morning for its corporate customers. Turns out the update made the antivirus software identify a normal Windows file as a virus. And that meant computers running in hospitals, schools and companies began seizing up. They kept rebooting themselves as the antivirus software gagged on a file that it should have allowed to let run. McAfee has since posted a new update that eliminates the problem. McAfee says it can’t tell how many computers were affected. But based on online postings, the number was at least in the thousands – and possibly in the hundreds of thousands.
  • The White House is making major changes to the way agencies report on their overall cybersecurity posture. The Office of Management and Budget Wednesday issued new guidance on the Federal Information Security Management Act guidance or FISMA. The guidance details three new ways agencies will describe the state of their IT security. Agencies now will have to send real time data feeds to the Homeland Security Department through a new tool, called Cyberscope. OMB, DHS and the CIO Council will lead an effort benchmark the status of all civilian agency cybersecurity. And OMB will meet with agencies to determine how best to secure their networks based on mission needs.
  • It’s competition time for the armed forces universities. The National Security Agency and the Central Security Service are testing the five U.S. service academies during the 10th annual Cyber Defense Exercise. Teams will be tested on their ability to defend computer networks the student designed themselves. The winner will take home the coveted CDX trophy. The competition will take place at Lockheed Martin in Greenbelt Maryland.
  • The Federal Communications Commission is now debating whether the agency should launch a voluntary cybersecurity certification program. Basically the FCC would run security evaluations of various telecommunication services. If the company passes the provider could market its networks as FCC and cyber security compliant. But the ARS Technica website says there are still some unanswered questions. For starters, would network providers have enough incentive to become cyber security compliant when the program is voluntary? And should agencies coordinate this kind of activity? Those are questions the agency will need to answer before making the cybersecurity certification program a reality.