Slashdot Mirror

← Back to Stories (view on slashdot.org)

McAfee Artemis Claims Protection Online, On-the-Fly

Posted by kdawson on from the like-a-signature-database-in-the-cloud dept.

Seems like McAfee has created a new Internet-based service to provide active protection on the fly when a PC gets hit by malicious computer code. "[Artemis] is a lot faster than traditional methodologies and it closes the gap between when a piece of malware is written, discovered, analyzed and protected against ... Artemis is available at no charge as part of McAfee VirusScan Enterprise or McAfee Total Protection Service for small and medium-sized businesses. Artemis is also available for McAfee's consumer products, where the functionality is called Active Protection."

8 of 107 comments (clear)

  1. This is why you read the fine print... by pushing-robot · · Score: 5, Informative

    TFA basically states that anything behaving "suspiciously" on your PC will be automatically back to McAfee for analysis. There's no mention at all of possible privacy risks.

    Sheezus.

    --
    How can I believe you when you tell me what I don't want to hear?
    1. Re:This is why you read the fine print... by Anonymous Coward · · Score: 5, Funny

      No, this is why *you* read TFA and summarize it for us. Real slashdotters can't be bothered, you insensitive clod!

    2. Re:This is why you read the fine print... by brucifer · · Score: 5, Informative

      I've actually spoken with McAfee about this at length. If a suspicious file is found (not going into what is deemed suspicious out of professional courtesy) a fingerprint (hash) of the file is sent back to McAfee to see if it matches a known malware sample. If it matches, then the file is deleted or quarantined, or whatever the default behavior is. This only takes place if the malware doesn't trigger one of the other protection pieces in place.

      There are settings in both the corp and home editions that let you decided if you want to send samples back to McAfee or just turn the feature off. It's a surprisingly cool thing to come out of one of the big players.

  2. ugh. by X_Bones · · Score: 5, Insightful

    This advertisement^Warticle looks like it was written by some marketing exec's high-school kid. It's chock full of clumsy grammar and useless buzzwords, yet somehow almost completely content-free. Can someone please explain to me again why this belongs on the front page?

    --

    the coolest club on /.
  3. Big Brother gets to examine all your files by Animats · · Score: 5, Insightful

    Here's McAfee's explanation of how it works:

    1. A user receives a file that the scan agent deems suspicious (for example, an encrypted or packed file) and for which there is no signature in the local .DAT database.
    2. Using McAfee Artemis Technology, the agent sends a fingerprint of the file for instant lookup to the comprehensive database at McAfee Avert® Labs.
    3. In less than a second, if the fingerprint is identified as known malware, an appropriate response is sent to the user to block or quarantine the file.

    In other words, every time you download a binary file, McAfee HQ knows about it and logs it. Was this dreamed up by the RIAA, the NSA, or the anti-child-porno people?

  4. Flawed methodology by mcrbids · · Score: 5, Insightful

    Using anti-virus to "protect" your computer is like trying to avoid collisions by studying your rear-view mirror. By definition, it only "catches" compromises AFTER THEY ARE SUCCESSFUL.

    Then, we have to trust that:

    1) The compromise is one of the known viruses, or falls into the realm of "suspsicious activity".

    2) The compromise was successfully noticed.

    3) All aspects of the virus are known and can be removed.

    4) You (the end user) have sufficient system permissions to remove the virus.

    5) You (the end user) have all updates applied.

    The whole system is woefully fragile and ineffective. Most estimates today seldom put A/V effectiveness above 50% effective, despite the considerable resources consumed by the software. It may be better than poking yourself with a sharp stick, but not by much!

    And here's a good example of this: My kids' computer. It's an Athlon XP 3400 with a GB of RAM and an 80 GB HDD. I got sick of reloading the !@#@$ computer every 3 months when it got all horked with god-knows-what so I did the nasty, this time.

    I installed ALL O/S patches while hooked up to a private network. I installed AVG antivirus. I let the kids only use the computer as the most limited user available: guest. I installed FF and made it the default browser, along with Open Office and a few legal games. (not warez!) I set WinXP to self-update every single day, and not ask about it. The Windows firewall was on, and the computer is on a NAT network, connected to another highly firewalled DMZ.

    Despite all this hassle and inconvenience, the system is STILL behaving rather poorly, 6 months later. Bought me 3 months, but only three more.

    Compare/contrast with the Mac. Same kids. Same amount of usage. Same type of usage for the same purposes. Blogging, MySpace, games, homework. All else the same, but I never bothered with antivirus. Yet it works fine! No bogging down. No strange behavior. Same thing with my Linux laptop, which after some 10 years is still using the same /home partition.

    Good security isn't something you "band aid", it's something you design from the beginning.

    --
    I have no problem with your religion until you decide it's reason to deprive others of the truth.
    1. Re:Flawed methodology by Urkki · · Score: 5, Funny

      Good security isn't something you "band aid", it's something you design from the beginning.

      Yes, but that still doesn't work. You'd have to remove the human element. Enough nuking from orbit should remove both the virus creator and the hapless user, so as long as you protect the actual computer from the EMPs during the bombardment that's probably the safest way to go.

    2. Re:Flawed methodology by im_thatoneguy · · Score: 5, Interesting

      Here here.

      I usually run on a DMZ. No firewall local or at the router.

      I even have a dynamicDNS directed to my main computer.

      I scan regularly. And haven't been infected in over 8 years. (which was my fault for opening an attachment without thinking.)

      My current windows install is about 2 years old with LOTS of use. The computer is 5 years old and it's time to junk it. It's also still suffering from a 4 year old Norton uninstall that seems to have never completed and is getting worse. Norton was the worst thing that ever happened to one of my computers and I still haven't completely purged it.

      What junks up my Windows PCs aren't the illicit viruses that get installed without my permission. It's all the crap that comes along with little freeware worthless pieces of crap that I need to use once to convert some file or another.

      Windows PCs and Macs get used very differently. Having run both of them I used them very differently myself--largely because there just isn't the world of little crappy apps available.

      I'm with parent. Your comparison is apples to oranges.