Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

McAfee Quietly Fixes Software Flaw

Zonk posted more than 8 years ago | from the a-little-communication-would-be-helpful dept.

65

Chris Reimer writes "The San Jose Mercury News is reporting that McAfee fixed a serious design flaw months ago in their enterprise product without notifying businesses and U.S. government agencies until today." From the article: "McAfee said its own engineers first discovered the flaw, which lets attackers seize control of computers to steal sensitive data, delete files or implant malicious programs. McAfee produced a software update in February but described it only as offering new feature enhancements. Many corporations and government agencies are reluctant to update software unless necessary because of fears that doing so might introduce new problems."

cancel ×

65 comments

Sorry! There are no comments related to the filter you selected.

What a shock (2, Funny)

AgentRavyn (142623) | more than 8 years ago | (#15721494)

There's bugs in software? And they were covertly fixed? Never!

Re:What a shock (0)

Anonymous Coward | more than 8 years ago | (#15721526)

And that's one of the caveats against using closed source software. For a business or a government agency, using proprietary code on mission critical systems is simply not an option... In fact it's really foolish. Does any of us want to entrust our personal information to Outlook?

Bad software coupled with user stupidity is dangerous enough, and this sort of deception exacerbates the problem. I applaud Debian and the likes, for being so forth coming when they mess up!

Re:What a shock (0)

Millenniumman (924859) | more than 8 years ago | (#15721747)

If something goes critically wrong with commercial software, you have someone to sue. OSS doesn't have that luxury. And, is it really practical for a company to hire a bunch of engineers to fix their programs when they break?

Re:What a shock (3, Insightful)

jpvlsmv (583001) | more than 8 years ago | (#15721802)

You obviously don't read your EULA. Every single one disclaims all liability and warranty. Or do you know of a single instance where a commercial software company has been sued for a software bug?

--Joe

Re:What a shock (1)

C-Shalom (969608) | more than 8 years ago | (#15721854)

Except for the fact that many states have laws essentially stating that you can't sign away your rights to/for something before it happens. In GA for example, I can sign all those waivers I want but if something happens and it's their fault or they failed to properly warn/inform me, then that waiver isn't worth the paper is's printed on.

Re:What a shock (1)

ray-auch (454705) | more than 8 years ago | (#15722421)

EULAs are just for consumer stuff, in business ("enterprise" software I guess) there is invariably a real contract, in which there is invariably indemnity and liability.

> Or do you know of a single instance where a commercial software company has been sued for a software bug?

Yep. I recall EDS paid over $100M compensation to HMRC for buggy uk tax credits system (not sure if HMRC actually filed suit but you can be sure it threatened to to get that settlement).

Also, I know of plenty of instances where litigation has been threatened over software bugs.

Personally, I don't take these as idle threats. If I went into a project review and the customer brings in lawyer+contract then I'd be worried, and if I came out of it and said "pay no attention, no one ever got sued for a bug", then I'd be fired.

Re:What a shock (0)

Anonymous Coward | more than 8 years ago | (#15721805)

Not true. If you read the licensing agreement on most commercial software, they specifically say that you can't sue the company if the software screws up.

Re:What a shock (1)

Profane MuthaFucka (574406) | more than 8 years ago | (#15722687)

That's an insightful observation. OSS writes itself. There's nobody to sue.

Re:What a shock (5, Insightful)

quanticle (843097) | more than 8 years ago | (#15721535)

I think the problem is that McAfee mislabeled the patch as "offering new functionality" rather than "fixing design flaw". There are customers who may put off installing patches of the first type while the full consequences of the new functionality are explored, while the second type of patch would get put into production, because of the fact that it fixes a potential security breach.

Re:What a shock (4, Funny)

mbadolato (105588) | more than 8 years ago | (#15721594)

I think the problem is that McAfee mislabeled the patch as "offering new functionality" rather than "fixing design flaw"

Bah, that's just a semantic (bad psuedo pun?) technicality! "New Functionality: Ownz Blocker - Now limits you from being h4x0r3d"

Re:What a shock (1, Funny)

Anonymous Coward | more than 8 years ago | (#15721643)

This explains the cryptic message left on many State Department servers last week by unknown hackers: "All your capitalist base are belong to us." However, Senator Ted Stevens explained what it meant: "You see, the Korean hacker guys, they used these tube things on the Internet, it's very complicated. It was probably them... Can you help me, I can't get my iPotato thing to work. Where does the CD slide into this thing? it's so small. Help. Help."

Fear, uncertainty, doubt. (4, Interesting)

metasecure (946666) | more than 8 years ago | (#15721504)

I'm gunna have to call FUD on this one... The news report is inaccurate - McAfee clearly acknowledges eEye Digital as discovering the claim, not their own engineers as the article states.

Link to McAfee knowledgebase article: http://knowledge.mcafee.com/SupportSite/search.do? cmd=displayKC&docType=kc&externalId=9925498&sliceI d=SAL_Public [mcafee.com]

Copy of message sent by McAfee:
> On July 5th, McAfee, Inc. was notified of a security vulnerability, by a private security vendor, that could affect McAfee ePolicy Orchestrator (ePO) Common Management Agent 3.5, and earlier versions. In order to accomplish this exploit, an attacker would need network access to the client machine and would then need to construct a message consisting of proprietary information. The attack is quite complicated and requires several steps of reverse engineering of the software as well as the communication protocols. > > McAfee> '> s key priority is the security of its customers and it takes the quality of its software very seriously. McAfee has been extremely proactive in this area and has a dedicated team run by a leading industry expert that pushes tools and knowledge throughout the product development organization. As a result, the company has a good track record on security. Nonetheless, software can be incredibly complex. > > In the event that a vulnerability is found within any of McAfee> '> s software, there is a strong process in place to work closely with the relevant security research group to ensure the rapid and effective development of a fix and communication plan. McAfee is therefore alerting its customers of the security flaw. > > McAfee apologizes for any unintended impact to customers as a result of this published vulnerability. We know that our ability to protect customers quickly in the event of an outbreak depends largely on your confidence in our work. We are determined to earn that trust every day and will do everything in our control to mitigate this problem now and in the future. > > For more information on this security vulnerability, please visit http://www.mcafee.com/us/support/default.asp [mcafee.com] . If that link does not work, then click here: http://www.mcafee.com/us/enterprise/support/index. html [mcafee.com] and go to "Corporate Technical Support". You will see the bulletin on the left-hand side under "Announcements." >

Re:Fear, uncertainty, doubt. (0)

Anonymous Coward | more than 8 years ago | (#15721563)

So by your logic 5th July 2006 is several months ago, and before they fixed the problem.

Re:Fear, uncertainty, doubt. (1)

metasecure (946666) | more than 8 years ago | (#15721579)

And by your logic it's impossible for them to release new code that does not contain a vulnerability present in a previous version of the code, all the while not being aware of said vulnerability...no that never happened before.

Re:Fear, uncertainty, doubt. (1, Informative)

Anonymous Coward | more than 8 years ago | (#15721742)

Sorry, but you're not making a whole load of sense here.

McAfee found a design flaw back in February and quitely fixed it, meanwhile some other dudes, independently, find the flaw in the OLD FLAWED implementation between May and July.

I can't see anything that you have cited that frankly indicates that the news report is inaccurate. Perhaps you can provide some time line of events that supports your original assertion.

Re:Fear, uncertainty, doubt. (1)

ray-auch (454705) | more than 8 years ago | (#15722555)

Sorry, but you're not making a whole load of sense here.

makes sense to me

McAfee found a design flaw back in February and quitely fixed it

GP point is that we don't know that is what happened.

What we know is that versions post the Feb. update are not vulnerable. So, the Feb. update did something that made this exploit stop working.

That does not, however, mean that it was designed to block the exploit based on knowledge of the exploit. In fact, as GP suggested, it is actually quite common for code changes to stop a security exploit from working as an unintentional side effect (in the same way as they can and do enable new exploits as a side effect).

I'm done with McAfee (0)

Anonymous Coward | more than 8 years ago | (#15722254)

I use a web-subscription version. I finally decided to Scan something on demand and got scripting errors from internet explorer. So I followed their help link to check how to fix the problem. No lie, here, McAfee said in order to use VirusScan, I have to Set internet security to medium or low, allow unsigned ActiveX controls to install and run automatically. NO THANK YOU. I'm getting Symantec AV.

Rumour has it... (4, Funny)

GillBates0 (664202) | more than 8 years ago | (#15721533)

which lets attackers seize control of computers to steal sensitive data, delete files or implant malicious programs.

...that they used the above said flaw to quietly install the update.

Security: The new feature! (-1, Troll)

extremescholar (714216) | more than 8 years ago | (#15721556)

Sounds like a Microsoft ploy. Windows Vista, now with Security! Okay, not really.

This is hardly exclusive to McAfee..... (4, Interesting)

8127972 (73495) | more than 8 years ago | (#15721585)

....... As I am sure that software vendors who do regular updates (in other words MOST if not ALL of them) quietly fix stuff that they perceive to be bad (as in "this could keep people from buying our stuff" bad). It's not in their interest to make noise about it.

Re:This is hardly exclusive to McAfee..... (1, Interesting)

Anonymous Coward | more than 8 years ago | (#15721649)

There's a difference between not taking out full page ads letting everyone know, or publishing the gory details, and mislabeling a critical update as a noncritical one.

Besides, I don't really know what you're defending, Mcaffee openly says it was a screwup and that because they depend on their customers trusting them they shouldn't have handled it the way they did.

Re:This is hardly exclusive to McAfee..... (3, Interesting)

8127972 (73495) | more than 8 years ago | (#15721660)

"Besides, I don't really know what you're defending, Mcaffee openly says it was a screwup and that because they depend on their customers trusting them they shouldn't have handled it the way they did."

I'm not defending anything. I'm just saying that this behaviour is:

1. Not new in this industry.
2. If you trust them, this might make you think twice as they said that they did this WAY after the fact.

Good for McAfee! (1, Funny)

Anonymous Coward | more than 8 years ago | (#15721609)

Good for McAfee fixing their software flaws quietly. I mean, they shouldn't be such braggarts about it.

I don't know how it's still around... (5, Interesting)

fonetik (181656) | more than 8 years ago | (#15721629)

"Many corporations and government agencies are reluctant to update software unless necessary because of fears that doing so might introduce new problems."

The irony of this is, if you made the decision to run Mcafee corporate AV products, you have demonstrated that you do not possess the level of intelligence to comprehend concepts like "introducing new problems". In a decade as an engineer/administrator I have yet to encounter a less user-friendly, more bewildering and functionally inept product. The sheer lack of elegance in the ePO server interface should tip anyone off that this is not ready for prime time. How it gets chosen over Trend-micro and Norton's (Corporate) products, or even finds it's way into the competition is something I have yet to discover.

To anyone that has had the misfortune of being an ePO administrator, none of this news would come as a surprise. Personally, I removed the product from my resume simply because it's presence at a company seems to predicate larger problems, and the only work I ever want to do with it again is replacing it.

Re:I don't know how it's still around... (2, Insightful)

rts008 (812749) | more than 8 years ago | (#15721717)

I agree, McAfee has slipped, as has Norton AV the past several years.

Note to AV vendors: you can't rest on your past laurels, to stay competetive you must move forward and innovate to keep from being dethroned by your "more hungry" competitors.

Past and recent experience has forced me to consider McAfee and Norton as "has beens", and no longer viable contenders. YMMV, but this is the way I see it.

Re:I don't know how it's still around... (1)

smvp6459 (896580) | more than 8 years ago | (#15721762)

Are you talking about Norton/Symantec home products or enterprise products?

Re:I don't know how it's still around... (1)

Amouth (879122) | more than 8 years ago | (#15721857)

yea the only place that Norton has sliped is in the small home/ office area..

when you get to the enterprise products they are still just as good as ever and getting better.

personaly i think most of their falling in the home area is ignorace in the consumers.. people want flashy very very very easy to understand things.. so Norton tryed to make it.. they failed.. instead they made it cumbersome and crippled.

but when you look at the higher lever stuff they still rock..

Re:I don't know how it's still around... (1)

fonetik (181656) | more than 8 years ago | (#15721858)

Speaking for myself, strictly Corporate products. I haven't used any of their home products in some time since they added all the Anti-spy/spam/worm/pop-up/productivity/time/matter /space 'improvements'. My home computers have never needed AV, I just keep them vigilantly updated and watch the firewall with an occasional free web scan from trend-micro. Then again, my home is also free of attachment clicking dummies, so I am fortunate. Whenever I have a need to install one though, I just use the corp product.

Re:I don't know how it's still around... (1)

rts008 (812749) | more than 8 years ago | (#15721953)

Good question, and most relevant.
Mainly was talking about their personal/home products. That is what I have to deal with the mos, but as far as their business product goes, it is "good", but not great, as it used to be the best as far as popularity goes.
They have slipped. Their corporate/business version is still okay, but their home/personal version is crud.
The reason I mention this is- how many people have Norton on their work PC, assume that the home version is what they should run on their home PC?
Do you see where I am coming from? I'm not trying to totally disabuse Norton, but there is a huge difference between the two versions, and most sheeple will not realise this, just assume that they are the same.

Re:I don't know how it's still around... (1)

drinkypoo (153816) | more than 8 years ago | (#15722050)

Norton has been pure crap since (at the latest) corporate version 7. I have little technical respect for anyone who has had a chance to replace it and hasn't. I realize lots of people can't possibly get approval for a shift like that.

Re:I don't know how it's still around... (1)

nighty5 (615965) | more than 8 years ago | (#15722496)

I agree, I have had the misfortune of working with Symantec (i'm a security consultant) and for a product to claim itself as an AV which has no malware, trojan detection is a slap in the face.

I've seen many many instances of trojan's hyjacking corporate networks, taking down systems etc internally (stuff you won't read in the papers) and Symantec has been fully patched with latest updates.

I'm also refering to the corporate edition, it totally stinks.

Stay away!

Re:I don't know how it's still around... (0)

Anonymous Coward | more than 8 years ago | (#15721833)

You can't believe that Trend has a superior product compared to McAfee and Symantec's corporate offerings. I have worked at two companies which have both ditched Trend as their AV software because of it's continued inability to properly update network clients, and trend's slow response time at releasing useful detection definitions. Maybe McAfee's ePo isn't the greatest, but it's loads better than Trend.

Re:I don't know how it's still around... (1)

fonetik (181656) | more than 8 years ago | (#15722042)

What product were you running? I frankly don't remember much about the trend micro server I had experience with because it was built before I came on site and ran so well that it never required much attention. It was a very elegant interface that seemed to have a lot of good ideas in the way of deployment or clients and administration.

As for the slow response in releasing definitions and updates, there could be many good reasons for that. One of which is this story. :)

Re:I don't know how it's still around... (0)

Anonymous Coward | more than 8 years ago | (#15722449)

It was OfficeScan. The central management interface was great, but detection and definition updates left something to desire. I've seen an entire company get taken down even though it was running trend, and seen other companies have ditched it for Symantec/McAfee corporate offerings. Regardless, after seeing it with my own eyes, and knowing of another organization which was affected in the same way (by the same virus) running Trend, it doesn't seem like a very good choice.

Re:I don't know how it's still around... (1)

toadlife (301863) | more than 8 years ago | (#15722690)

I adminster an EPO server. It works great, it's not confusing to me, and it gets the job done. Each to his own I guess.

Re:I don't know how it's still around... (1)

dickens (31040) | more than 8 years ago | (#15724231)

So what are tne good alternatives to the "corporate edition" products from NAI and Symantec?

Meaning products that centrally report their activity and status? I need to be able to know at a glance (every day)that say, 50 systems all have the latest definitions, all got scanned at 4:30 this morning, and none found any malware.

Fire the PR department (4, Insightful)

alshithead (981606) | more than 8 years ago | (#15721642)

Which will make customers more unhappy? Notifying users of an issue and presenting a fix or hiding an issue and surreptitiously issuing a fix hidden in an upgrade? Situations like this cause customers to lose trust and once it is lost it is very difficult to earn back.

You missed one. (2)

ScentCone (795499) | more than 8 years ago | (#15721812)

Which will make customers more unhappy? Notifying users of an issue and presenting a fix or hiding an issue and surreptitiously issuing a fix hidden in an upgrade? Situations like this cause customers to lose trust and once it is lost it is very difficult to earn back.

You're forgetting the third group: people who are glad they fixed it, and who are also glad that they minimized the vulnerability's exposure to the wider Guild Of Naughty People.

Re:You missed one. (1)

midnighttoadstool (703941) | more than 8 years ago | (#15721959)

Agreed. If they were to make this kind of behaviour official policy I would warm to them.

Full (and pre-mature exposure) is just too dangerous.

Re:Fire the PR department (1)

avirrey (972127) | more than 8 years ago | (#15722065)

I believe that in 'some' situations, ignorance is bliss. In this case, it's certainly the prefered option from my perspective. Look at what Microsoft migrated from. They used to announce the bugs, and not patch them until later which provided a flag to exploiters out there to 'go find' what Microsoft said was vulnerable. Therefore, 1) Notification 2) Hacker (Black Hatter) exploitation 3) Patch. Where as with McAfee, though misleading, did not raise that flag informing the Hacker (Black Hatter) community of something to exploit. Once the fix was in place they AT LEAST told us we were lied to, but in doing so we were protected from an onslaught of attempts to break in. Microsoft has since migrated to telling you the issue and patching on the same Tuesday, every month.

Oh jeez oh man (2, Insightful)

Dachannien (617929) | more than 8 years ago | (#15721688)

Many corporations and government agencies are reluctant to update software unless necessary because of fears that doing so might introduce new problems.

For that matter, many home users are starting to feel the same way.

(This paranoia has been brought to you by the letters W, G, and A.)

Re:Oh jeez oh man (0)

Anonymous Coward | more than 8 years ago | (#15721728)

That's not true. The majority of home users don't know, nor do they care, what WGA is. They'll only care when their computer is given a 30-days-to-shut-down command, and they have to shell out cash for a new copy of their OS. And even then, most will probably think a hacker has installed a program on their computer and is trying to extort money from them.

Gramma: I think I saw something on CBS Evening News about hackrs breaking in and making you pay for something to get your computer to work again!

OT, please disregard (3, Interesting)

TheDarkener (198348) | more than 8 years ago | (#15721699)

Aside from this specific instance of a security vulnerability in McAfee products, seriously. McAfee *was* a decent product. In, say, 1993. For DOS. Because it was just about the only antivirus protection you could get at the time.

Now, you have *many* choices. I don't see why you would ever want to choose a McAfee product as any level of protection (be it firewall, antivirus, anti-spam, or whatever) - it's just that the software has evolved into this huge monolithic POS that crashes your system, slows it down ungodly, bugs you like a Japanese whore (OMGLOLIBLOCKEDAHAX0R!) and, I don't have much doubt at all that it corrupts your system far beyond what's been reported before [slashdot.org] , just out of pure experience with anomolies on customers' computers with it installed.

AVG. Seriously, it's much simpler, faster, and *just*doesn't*mess*with* Windows like McAfee does.

Re:OT, please disregard (0)

Anonymous Coward | more than 8 years ago | (#15721722)

OMGLOLIBLOCKEDAHAX0R!

Man, you know you've been exposed to futabachan and nichanneru too much when you parse that as OMG LOLI BLOCKED A HAX0R and you remember the amusing picture of ME-tan being protected from the evil internet by a firewall-tan with a leek.

Re:OT, please disregard (1)

Alien Being (18488) | more than 8 years ago | (#15722344)

A better product was MS's own format program. It really doesn't matter how good or bad the virus detection software is. The ubiquity of the defective Wintel platform guarantees that those who run it will always be vulnerable. I thank them for leaving their keys in the ignition so that my own ride can remain relatively safe.

Mod me a troll if you want; I don't care. I've had a shitty day and after a few beers it feels good to laugh at someone else's problems.

Re:OT, please disregard (0)

Anonymous Coward | more than 8 years ago | (#15723167)

have you ever run the Enterprise AV? It dosent use the same format as the home products. Actually, McAfee 8.0i Enterprise AV takes up less memory and CPU then AVG, so dont speak of things you dont understand...

McAfee + Symantec=sucky (3, Insightful)

BalkanBoy (201243) | more than 8 years ago | (#15721749)

they both produce an antivirus solution which annoys me with their anal-retentiveness. Since joining my current company, I discovered they used NOD32 - as soon as I installed it, I never ever wanted to go back to either McAfee or Symantec. I ditched McAfee about 6-7 years ago, and Symantec as of a year or so ago. Couldn't be happier. NOD32 is the most unobtrusive antivirus I've ever had. Ditch McAfee and/or Symantec, get NOD32 (or something better if it exists). Give the underdog a chance.

Who's right about what happened here? (4, Insightful)

MrNougat (927651) | more than 8 years ago | (#15721774)

This c|net article [com.com] says:

McAfee was notified of the flaw by eEye Digital Security on July 5, but at the time had already fixed the flaw in an update to its software that was released in January, Viega said. That update was meant to fine-tune the system, not fix security flaws, he said. The current version of ePO is 3.6, according to McAfee.

"We did not realize that we had fixed a security vulnerability until eEye alerted us to the problem last week," Viega said. "We were optimizing the system, not looking for security vulnerabilities." The optimization included changing from storing data in files to storing it in memory, which removed the flaw, he said.


So what that means is that McAfee issued a feature update in January. eEye alerted them to a flaw in July - said flaw exists in systems that do not have the January feature update applied.

If the above is correct, and it would seem to be, McAfee did nothing wrong at all.

Re:Who's right about what happened here? (1)

sgbett (739519) | more than 8 years ago | (#15722118)

What a shame this is way down the list of replies. If only you could TTT comments!

excellent point sir.

Re:Who's right about what happened here? (1)

jeepmeister (241971) | more than 8 years ago | (#15723107)

I'm a McAfee customer and responsible for the Anti-Virus and host intrusion prevention security engineering for 170,000 + workstations and servers managed by ePO. The software vulnerability disclosed today is found in ePO agents (the software that allows communication between the endpoint and the ePO server) prior to the latest release. The agent which is not vulnerable was released early this year to support some hooks into McAfee's recently released Host Intrusion Prevention (HIPS) product called "Entercept." This morning I received an e-mail from our customer support engineering contact at McAfee advising that the vulnerability is somewhat obscure, would require reverse engineering of proprietary McAfee code and no exploit has thus far been observed in the field. Since the fix, the current release of the agent, has been in the field for about the same length of time as the discovery of the vulnerability, this whole situation in my opinion is somewhat of a non event, as long as you keep your AV, agent and ePO software current. If you manage an enterprise under ePO and you don't keep your AV and ePO software current, you're begging for trouble. So you're right, no fault, no foul on McAfee's part.

Re:Who's right about what happened here? (1)

MrNougat (927651) | more than 8 years ago | (#15723136)

My point was really this: the Slashdot article claims that eEye notified McAfee of a flaw, then McAfee fixed the flaw inside an update only labeled "feature update." According to the c|net article, McAfee released the feature update in January, eEye found the flaw in July, and it turns out that the way the January feature update changed data handling also eliminated the flaw, serendipitously.

So, McAfee did not release the feature update after the notification from eEye, as suggested here. Now that everyone knows the January feature update also serves to eliminate the flaw, McAfee can retest it, and relabel it as such. That's why there's no foul on anyone's part.

Happy happy joy joy! (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#15721845)

Don't you just love when computer programs come to solve problems that didn't exist before computers existed?

Re:Happy happy joy joy! (0)

Anonymous Coward | more than 8 years ago | (#15722175)

Don't you just love when chemo comes along to help cure cancers that didn't exist before chemo?

Hmmm... (-1, Troll)

infosec_spaz (968690) | more than 8 years ago | (#15721898)

Back in the day....Okay, not really, but I have always wanted to start a comment with that :o) McAfee is number one (holding up middle finger) in my book. I think I have about the best anti-virus you can get, it is called L I N U X.

UNfixed: Serious Design Flaw (0)

Anonymous Coward | more than 8 years ago | (#15721919)

Up to date $29 store-bought version 10.0 with 1-use serial number,
still warns a logged in user that McAfee had previously downloaded
the latest updates, but requires that an administrator be logged in.

no need for McAfee anymore (-1, Troll)

Anonymous Coward | more than 8 years ago | (#15722053)

too many other good alternatives

Virus Companies suck (1)

ezwip (974076) | more than 8 years ago | (#15722138)

McAfee is just a leech. They shouldn't even exist. Microsoft should have it's own virus scanner that protects users. I don't understand why these companies like McAfee, Nortons, Kaspersky, or anything else should even exist. Microsoft charges you 100's of dollars for a product that you can't safely use online without paying another company to patch it for you. I know you want to mod me down go ahead because I'm trying for a -5. If it wasn't for Microsoft being so damn incompetent our entire economy would collapse. Giant corporations would flounder, entire IT divisions let go, and we wouldn't have to lock up a bunch of kids for hacking.

Beware of McAfee (2, Informative)

pobster (988514) | more than 8 years ago | (#15722415)

McAfee is possibly my least favorite piece of software - not only does it do it's job badly & slow down everything but it doesn't uninstall even vaguely properly.

It can be a heck of a fight to actually get rid of it - see http://www.myfixes.com/articles/mcrem [myfixes.com] for details on how to root it out.

Removing over 100 spyware progs from my friends poor PC gave less of a speedup than finally removing McAfee! Get AVG or NOD32 for antivrus, Zonealarm for firewall and Adaware SE, Spybot S & D and Spywareblaster for antispyware. Try HijackThis and SysInternals stuff if you really want to know whats happening on your Windows Installation.

Or just get Ubuntu or PClinuxOS already...

It is the worst case scenario for an AV company (3, Interesting)

Opportunist (166417) | more than 8 years ago | (#15722424)

Imagine malware akin to the Word/Excel/Powerpoint exploits that entertained us the last 3 months (accurately released right after the MS patchday), but targeting a buffer overflow in an AV product. The results would be devastating. EVERYONE who uses that AV software WILL be infected. Not can, but WILL.

On-access scanners, which pretty much every AV soft uses, will scan the file as soon as you open it. If a buffer overflow is crafted (to, say, use a flaw in the scanners static unpacking algo for UPX), your AV soft will actually run the viral code.

This can happen. And it will. It's a matter of time. I'm quite sure the malware writers are already poking at the scanners of McAfee, Kaspersky, Symantec etc. to find useable overflows.

I think the future of AV soft is in servers, not client products. The future is in secure, chroot'ed scanning environments that examine the passing traffic, which, in turn, are constantly scanned from a second scanner outside that chroot environment, checking the integrity of the scanning subsystem inside the chroot.

Re:It is the worst case scenario for an AV company (0)

Anonymous Coward | more than 8 years ago | (#15722492)

I think so does Xambala. [xambala.com]

Re:It is the worst case scenario for an AV company (1)

ZzzzSleep (606571) | more than 7 years ago | (#15730290)

I'm pretty sure something similar has happened already. The witty worm spread through a vulnerability in blackice firewall didn't it?

Hmm... (1)

htns (979962) | more than 8 years ago | (#15722973)

McAfee Quietly Fixes Software Flaw

It's not so quiet now, is it?

FUD (1)

nozzo (851371) | more than 8 years ago | (#15724158)

oh I do like it when everyone shouts about stuff they do not understand.
If you really look into the actual fix you will discover it only relates to an old version of the ePo agent and not the core antivirus product.
2ndly, out of the box the AV product has a lot of options switched on which may slow down older PCs with certain configurations. It calls for some analysis and tuning on your part but you can get World Class Virus/Worm/Malware protection without compromising your PCs speed. Before trumpeting that such and such a vendor's product is better because it doesn't slow your PC down, please make sure you read the comparative studies to see why that may be.

McAffee sucks (0)

Anonymous Coward | more than 8 years ago | (#15725764)

McAffee never was worth using anyway. I mean given it couldn't find a virus with a guide and a map, who'd notice if it was broke?

I don't know why anyone would use it. This is just reason 37 why.

If you feel the need to pay for Antivirus, then get Norton, otherwise use Antivir/SpyBot S&D/SpyWare Blaster.

Tachyon
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>