McAfee's Trojan horse error gets developer's goat

Mark Griffiths of Brisbane said he is "not ruling out" filing a lawsuit against McAfee even after the antivirus company released on Thursday an update to its DAT virus definition file that fixes the false positive.

Griffiths sells the Internet setup program, ISPWizard, to Internet service providers in more than 20 countries. McAfee antivirus software on ISP customers' computers labeled ISPWizard as the BackDoor-AKZ Trojan horse. Because the McAfee software automatically eliminates the program from the users' system, many were not able to connect to their ISP.

Griffiths said he was first notified about the mistake on Sept. 2 by ISPs in the United States. They had been alerted by their customers, who had not been able to access their Internet services. Immediately after being notified, Griffiths sent an e-mail to McAfee but did not hear back from the antivirus vendor until Monday.

"[I]t's the developer's job to be aware of this situation. The developer should know that the world is using anti-virus software, and everyone is well aware that anti-virus software can cause other software not to install correctly."
--Alex Alexzander

Griffiths estimated a loss in revenue of at least 50 percent for this month because the program was labeled a Trojan. He added that one of his customers lost $3,000 after the provider's customers shifted to another ISP as a result of the McAfee difficulties.

Allan Bell, McAfee marketing director for the Asia-Pacific region, said the company released a new DAT file on Thursday including changes that addressed Griffiths' problem. Bell explained that the software identifies Trojan horses based on a signature or a pattern. Because of this, he said, "there is always a danger of a false positive," meaning the DAT file matches a program that is not a virus.

Bell said McAfee provides a procedure for developers to ensure their software is tested. He added that developers can submit their program for testing, free of charge, by calling the McAfee support department. The program is then matched to the 30 million files of known good code to make sure there are no false positives.

"We do have a large database of known good files and programs that we scan against to make sure that there are no false positives. False positives happen in very rare occasions, and so we want to encourage developers to talk to our support department about testing their programs," Bell said.

However, Griffiths said that even after McAfee sent out the changes to the DAT files, some customers who have not updated their personal computers will still not be able to access their ISPs. He added that the changes to the antivirus software will not affect his decision whether to file a lawsuit against McAfee.

"If there is going to be a lawsuit, it wouldn't be affected by the release of the software fix because it took so long for them to do it and how they handled the problem was not satisfactory," Griffiths said.

Bell refused to comment about the possibility of a lawsuit.

Kristyn Maslog-Levis of ZDNet Australia reported from Sydney.