About ten years ago, I met with the then CIO of McAfee.com, Doug Cavit (who later joined Microsoft as chief security strategist). The thing that most kept him awake at night, he told me then, was the risk of a third party piggy-backing onto McAfee’s own trusted access into its customers’ PCs.
As a long-term customer of the McAfee.com service and a big fan of automated updates delivered over the Web, I’ve often thought about that conversation. The quid-pro-quo for the convenience of having McAfee, Microsoft, Adobe and others automatically keeping our PC software up-to-date while we sleep is that we tacitly give them absolute power to mess with our machines. It’s a heavy responsibility — we expect them to act swiftly to keep our devices protected against new threats as they arise, but always to do so without introducing surreptitious trojans or inadvertent bugs. Few of us realize just how complex and onerous a burden that is, and while Cavit clearly took it seriously, his successors let their guard slip badly yesterday.
When I first encountered the problem for myself yesterday, I thought it was down to a hard disk fault on my ageing laptop — or perhaps something my young son had unwittingly triggered in his eagerness to drive up his score at a newly discovered online math site. For whatever reason, the machine had rebooted without the use of any of its network capabilities. None of the network device drivers seemed to be accessible anymore.
Fortunately I have access to a second, newer laptop (my wife’s) that runs Windows 7 and thus was still functioning. I quickly found Ed Bott’s story about McAfee’s huge mishap and recognised the symptoms I had experienced — except that my account is a consumer account, not a corporate one, so the problem seems more widespread than some of the coverage has been suggesting (here’s another UK consumer who was similarly affected yesterday).
The nightmare for McAfee.com is that disabling network connectivity is the worst possible thing for a remote automated update system to do, as it renders itself instantly useless. Whatever the fix turns out to be, it can’t be remotely implemented because the network access is down…