It would appear that a mistake by McAfee, one of the largest anti-virus companies, has caused thousands of PC’s around the world to fail because of a “false positive” issue, i.e. identifying a clean bit of code as infected/bad. Not a bad little virus in itself I suppose 
The problem has occurred because an update that they sent out, wrongly identified a part of the Windows operating system, svchost.exe as the wecorl.a virus. This meant that the antivirus software quarantined the file which stopped the operating system from working and resulted in machines constantly restarting and not being able to complete the boot sequence.
The problem was spotted quickly and McAfee have apologised for the mistake and released a fix, of course because the eroneous update was only in the wild for a short time not everyone will have been affected and it appears that the bulk of the problems were in the US…… this time. This has caused McAffee a major problem and I suspect rather a few red faces as they work to help their customers who were affected by the problem to recover. The other anti-virus companies are, in public at least, sympathetic, no doubt thinking that “there but for the grace of God” etc.
So how can this happen? Well in truth I can’t say what caused this particular issue. McAffee say that there was a problem with their QA process (having made recent changes) which allowed a faulty code to get in to the update. However a simple overview of how anti-virus software detects viruses might be useful here.
Viruses like any other software are just a bunch of code, long string of characters, the antivirus software is looking at this code and checking the character sequences against known sequences that it holds in a database. Now if you are looking for the whole virus then you can have the AV software look for the very long sequence of characters and only identify code as a virus if it is an exact match, fine but what happens if the virus writer changes the code slightly and re-releases the virus, as a variant? Well some of the code will be the same so you have to look for shorter and shorter sequences. The shorter the sequence that you are looking for the more likley it is that it can match a sequence in existing legitimate software, so you can see that there always needs to be a balance to ensure that the software identifies viruses positively whilst not identifying good software as a virus, a false positive.
Of course there are other methods that the antivirus software packages use such as sandboxing code (allowing it to do what it wants to do in a controlled environment where it can’t get at the main system and watching to see if it tries to do something naughty) and then quarantining the code if it is likely to be a virus.
So for all of you who have not been affected you can smile a bit, but just be aware that your antivirus software is updating several times a day and hope that your antivirus vendor does not have a similar problem in the future.
And before signing off, in answer to those of you who are wondering if you would be better off not having any anti-virus software at all? The answer is NO.