McAfee Mishap

As a security analyst, I can’t tell you how many emails I’ve gotten today badmouthing McAfee software and proposing alternative solutions. In the unforgiving security market, McAfee’s gaff is seen as an opportunity to pounce.McAfee customers are understandably angry. Systems went off line resulting in lost productivity for users and major firefighting for IT. So what happened? Anyone who writes or tests software, works in IT, or was ever employed at a software company know all too well. It was either a software error, a configuration setting problem, or a broken/missed test process that resulted in mass distribution of buggy code. Unfortunately for McAfee, its customer base became a huge and unknowing Beta site.I for one certainly understand why McAfee customers are upset but that said, I think we should all cut McAfee a little slack for several reasons:1. McAfee’s history suggests that this was an exception and not the rule. 2. The objective of endpoint security is to find places where the bad guys hide. This is an extremely difficult task as cybercriminals are constantly looking for all of the dark alleys in Windows, IE, Adobe, etc. False positives are nothing new in security. Security is an endless cat-and-mouse game. The bad guys know what they are doing while the good guys can only guess what they’ll do. In this process, there is sometimes collateral damage as in all conflicts fought on multiple fronts.I empathize with McAfee users who were impacted and understand their frustration — some security and IT operations people probably had a very long night. As for competitors, I believe it is best not to kick sand in McAfee’s face as in spite of your best efforts, a similar incident could happen to any security firm — or software vendor — at any time.