Friday, April 23, 2010

McAfee and the 'false positive'

Note: Thoughts expressed here are mine alone. They may echo the thoughts of others, but I'm not publishing this on behalf of or in representation of anyone else.

Nearly everyone is aware of the issues of this week surrounding a problematic McAfee update. I could link hundreds of articles and I'm not sure anything else can be said that hasn't already been said. However, I suppose writing is therapeutic to some extent and I've had a few thoughts running through my mind as our school districts work to correct thousands of affected computers.

* Kudos to our school districts. They probably don't get enough credit as it is, but it's amazing to see how districts have massed on this problem and developed plans to touch thousands of machines. Their work is to be commended. These are dedicated workers who have given away countless hours (no overtime pay in a school district) to fix these machines. In addition, many CIOs made a tough spur-of-the-moment call to shut down every machine in their district. I'm not sure I could have made that call that quickly, being fearful that a false alarm would infuriate my user base. It was a courageous call and a correct one given the circumstances. I'm proud to work alongside our area school district technology staff members.

* The Internet records everything. McAfee's initial response was delayed and was out of touch with the difficult realities facing a good portion of their user base.
...a number of customers have incurred a false positive error due to this release. Corporations who kept a feature called “Scan Processes on Enable” in McAfee VirusScan Enterprise disabled, as it is by default, were not affected...
McAfee went out of the way to point out that it was a false positive and not a virus. The end result was the same and no one I talked to was concerned about whether the problem was a virus or a false positive. Also, later reports indicate that the "Scan Processes on Enable" is not disabled by default in all cases. The language here implies that, had a customer not changed the default settings, they wouldn't be in this predicament. There's an implication that it wasn't McAfee's fault.

We are not aware of significant impact on consumers. We believe that this incident has impacted less than one half of one percent of our consumer base and enterprise accounts globally...
There may be some funny math going on here. If I had 199 consumers with a single copy of the software that weren't affected and I also had one corporate account with 1000 machines that were impacted, I suppose one could say that "one half of one percent of customers" were impacted. However, that doesn't accurately state the percentage of machines affected and it certainly downplays the significance. Again, the focus seemed to be that the incident wasn't a major concern. To affected customers, it was. Also, it's worth noting that a machine that constantly reboots and will not function is a "significant impact" and it's very hard to believe that, upon this press release, these symptoms weren't known.

To be fair, subsequent responses have a different tone and the company definitely took the matter seriously. Initial reports indicated that support information was hard to find. At this time, there is a link on the McAfee launch page. I'm not sure when that appeared. The bottom line is that effective crisis management, as exemplified in the Tylenol situation in the 80's, involves swift and wide-reaching action if there's even a chance of devastating impact to users.

* What if it were a virus? - My final thought is that, had SVCHOST.EXE truly been infected, was this the proper response? Should the file have been quarantined, rendering the machine useless and unable to communicate with the network? It's hard to say, but I'm sure this is one of the areas that will be investigated moving forward.

Tuesday, April 6, 2010

Free books and courseware

I'm continually amazed at everything that can be found on the Internet. We've had discussions in the K-12 environment about shrinking textbook funds and have rhetorically asked if textbooks are needed with the wealth of materials online. Given some of these resources that are available from the higher education community and other free resources, I think it's only a matter of time before we see more K-12 entities work to deliver instruction without traditional textbooks. A list of resources:

Project Gutenberg - One of the early entries in the 'free books' genre. You can find 30,000 free books to download here (free because their copyright has expired).

MIT Open Courseware - Want to take a course at MIT? This may not get you access to the instructor, but many of the materials used in all sorts of undergraduate and graduate MIT courses can be found at this site.

Google Scholar - Ever wished your students would find and reference 'scholarly' resources when searching Google for various projects? How about trying this beta search engine that seeks to limit your searches to scholarly literature?

Good stuff!

Monday, April 5, 2010

OnGuard Online - good educational resources

Just a quick note to make everyone aware of some good material available fron OnGuard Online. This is a partnership between many federal and commercial resources. One of the items that's been viewed very positively by my districts is a pamphlet called "Net Cetera: Chatting With Kids About Being Online". The link takes you to the entire pamphlet and you can order free copies from bulkorder.ftc.com.

The Federal Trade Commission has its own YouTube channel. One of their videos is embedded below: