Antivirus software update goes rogue, corporate email security scares

Wednesday was a busy — read: frustrating — day for many organizations using McAfee Inc.’s antivirus software or Google Inc.’s Gmail. Problems with the two popular services raised concerns about the potential downsides of automatic antivirus software updates, and could cause some CIOs to reassess their corporate email security policies.

I learned about these problems through my network. On Wednesday at 2:30 p.m., a friend in New Hampshire returned my email from that morning, apologized for the delay and explained, “Apparently there was an update for McAfee that went out and was thought to be a virus. It caused all of the computers here to shut down. We couldn’t do anything from about 11 a.m. until just now. The IT people who came around to fix it said it was a McAfee issue and that it affected all users globally.”

That turned out to be a pretty accurate explanation, as CNN reported that a buggy McAfee antivirus update “turned the software’s formidable defenses against malicious software inward, prompting it to attack a vital component of Microsoft Windows.” In addition to my friend’s business, the University of Michigan’s medical school and the Lexington, Ky., police were affected, some jails canceled visitations, and Rhode Island hospitals turned away non-trauma patients at emergency rooms and delayed some elective surgeries.

The Wednesday damage wasn’t done, however. That evening, an editor friend of mine tweeted,”#gmail is being hacked. anyone else receiving e-mails from friends with links and weird subject lines?” Sure enough, later on that night, I received a spammy-looking email from a friend’s Gmail address, which I quickly deleted.

(Aren’t I lucky to have such a Web-savvy group of friends to pass this information along quickly?)

The cause hasn’t been determined, but Google is wondering whether hackers are accessing user accounts via a bug in Gmail’s mobile interface. And this comes on the heels of reports that the attackers who breached Google’s system last year gained access to computer code for the software that authenticates users of Gmail, Google Calendar and other online programs.

If this is April Fools’ Day coming three weeks late, it’s not too funny. These are two very different cases, but they both funnel down to the sorts of issues CIOs contend with daily: antivirus software updates and corporate email security. It’s especially disconcerting for enterprises that have moved their email into the cloud with Gmail, where hacks like this one could border on disastrous.

Was your organization affected by either the McAfee antivirus software update problems or the Gmail hack? Is it corporate email security scares like this one that prevent you from pursuing cloud email in the first place?

Cloud Computing
Mobile Computing
Data Center
and ESG