←back to thread

McAfee quarantines svchost.exe on millions of WinXP machines worldwide

(andreyf.tumblr.com)
249 points andreyf | 2 comments | 21 Apr 10 17:40 UTC | HN request time: 0.406s | source
Show context
mrcharles ◴[21 Apr 10 18:22 UTC] No.1282918[source]
Just another nail in the coffin of the usefulness of AV systems. And good riddance.

My work computer actually has McAfee on it, which I've disabled through the registry. Don't like how slow it makes my computer.

Education, people! It's better than buying useless feel-good software.

replies(4): >>1283010 #>>1283021 #>>1283112 #>>1284725 #
daten ◴[21 Apr 10 18:57 UTC] No.1283021[source]
With fake SSL certificates signed by "real" CAs, cross-site scripting and other advances in phishing attacks, just educating users may not be as effective as it used to be. Malware is quickly becoming advanced enough that even trained technical users may be fooled. Many attacks don't require user interaction. AV products may be slow to respond and signature matching won't catch everything, but if it catches half of what shows up on corporate networks it can still save a lot of time and money.
replies(1): >>1283054 #
1. mrcharles ◴[21 Apr 10 19:12 UTC] No.1283054[source]
I wonder if the value of the total things stopped by McAfee, in all its time, outweighs the purported damage of this incident.

I'm thinking no.

replies(1): >>1283488 #
2. orborde ◴[21 Apr 10 23:10 UTC] No.1283488[source]
On what basis do you say no? This is a single large, noticeable incident, but that doesn't mean that it outweighs millions of tiny ones prevented.