Slashdot Mirror

← Back to Stories (view on slashdot.org)

McAfee Uses Web Beacons That Can Be Used To Track Users, Serve Advertising

Posted by timothy on from the keeping-some-tabs-on-you dept.

An anonymous reader writes: A test of seven OEM laptops running Windows has shown consistent privacy and security issues, including an interesting revelation that the McAfee Antivirus running on six of them is using web beacons to serve ads and possibly even track users online. The seven laptops – Lenovo Flex 3, Lenovo G50-80 (UK version), HP Envy, HP Stream x360 (Microsoft Signature Edition), HP Stream (UK version), Acer Aspire F15 (UK version), and Dell Inspiron 14 (Canada version) – have been tested by the security research team of Duo Security by simply sniffing the traffic sent from and to them once they have been taken out of the box, plugged in, and connected to a network.

48 of 73 comments (clear)

  1. AVs are back to being actively harmful by sinij · · Score: 5, Insightful

    Unhappy with being merely ineffective, AV products are back to being actively harmful for the user.

    1. Re:AVs are back to being actively harmful by tatman · · Score: 1

      I suppose we shouldn't be surprised by this. It's all about revenue and nothing else matters when it comes to big corporation behavior. I have no problem that a business is in the business for $. I do have a problem when the $ means more than integrity.

      --
      I've always said English was my second language. Had Romeo and Juliet been written in C, I might have understood it.
    2. Re:AVs are back to being actively harmful by Anna+Merikin · · Score: 1

      I forget who said it -- might have been Peter of the Peter Principle -- "Everything which can be done will be done."

      It might have been a corollary to his famous law.

    3. Re:AVs are back to being actively harmful by MightyMartian · · Score: 2

      I'm not clear. When is it exactly that there weren't being actively harmful?

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    4. Re:AVs are back to being actively harmful by ThatsNotPudding · · Score: 1

      Unhappy with being merely ineffective, AV products are back to being actively harmful for the user.

      They're just trying to keep up with (most) OSes.

    5. Re:AVs are back to being actively harmful by davester666 · · Score: 1

      Then you have a problem with America and capitalism. The $ is more important than anything else.

      --
      Sleep your way to a whiter smile...date a dentist!
  2. Seems to be more and more by Anonymous Coward · · Score: 2, Interesting

    prevalent, these "security" apps, companies, whatever, actually straddling the fence, as it were. Ghostery and ABP are but a couple that serve two masters. At present, the only software I trust is uBlock Origin. In the end, I think people will either have to roll their own or there needs to be a public, open source project whereby transparency is the order of business. The Cold War with ad companies and ad blockers has started, and I, for one, will not allow ads on machines I control, either at home or at work.

    What I've been thinking is similar to what some of us did when Flash was still prevalent. I symlinked .adobe and .macromedia to /dev/null and by doing this, I was able to view Flash content without the hassle of LSOs/DOM worry. The website thought it was writing to disk and all was well. I'd like to extrapolate this idea out to ads/tracking cookies/beacons/bad Javascript and simply write this nonsense to /dev/null. I believe this is possible, but my programming skills extend to Bash and Perl scripting only.

    Any thoughts?

    Captcha: Sorcery

    1. Re:Seems to be more and more by LichtSpektren · · Score: 2

      Just use open source things and make sure you skim through the source code to make sure there's no shit like this to be found.

    2. Re:Seems to be more and more by invictusvoyd · · Score: 3, Insightful

      skim through the source code to make sure there's no shit like this to be found.

      Seriously?

    3. Re:Seems to be more and more by PolygamousRanchKid+ · · Score: 1

      I guess you've never heard of the infamous Ken Thompson Hack: http://c2.com/cgi/wiki?TheKenT...

      Skimming through the source code is not enough. However, using Open Source enables a bunch of eyes to review the code.

      --
      Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
    4. Re: Seems to be more and more by pla · · Score: 1

      They take money in exchange for "acceptable ads". There are no acceptable ads for people like me

      So turn them off - As simple as ticking off a checkbox. And if you find some still sneak through, you can manually add rules to block those. Don't blame ABP for your own laziness.

      As for Ghostery, they fill a slightly different niche, but the way I see it, "still better than nothing". I'll take 99% tracker blocking over 0%.

    5. Re: Seems to be more and more by Grishnakh · · Score: 1

      Why would I want to waste time with manually adding stuff when I can just install uBlock Origin, which is made by people who agree with me that there's no such thing as an "acceptable ad" that only become "acceptable" because they paid someone off?

      Hey, if you like supporting payola, why don't you just say so?

    6. Re:Seems to be more and more by Frosty+Piss · · Score: 3, Insightful

      However, using Open Source enables a bunch of eyes to review the code.

      That something can happen doesn't mean it does happen. In fact, very little Open Source other than high profile code, gets "reviewed" by anyone knowledgeable enough to know what they are looking at, other than the authors themselves.

      --
      If you want news from today, you have to come back tomorrow.
    7. Re: Seems to be more and more by cfalcon · · Score: 1

      Just use ublock origin. It blocks ads with no drama. The only acceptable ad is a dead ad.

    8. Re:Seems to be more and more by spire3661 · · Score: 2

      We know. Many eyes still creates a possibility space not available in closed source. None of us claims its perfect, its just another avenue.

      --
      Good-bye
    9. Re:Seems to be more and more by I4ko · · Score: 1

      Dunno, I do have some thoughts I'm pretty happy going BSG style with my computers. Only one needs to be connected to internet. Behind a NAT running only Virtualbox under Linux; Virtualbox is running only a single VM configured with immutable harddrive - MS appcompat IE 11 on Win 7 (directly from MS http://modern.ie./ Every web page I visit is in separate vm. I kill the VM after I am done with the web page, and nothing remains on its disk. Other services that make sense to use are IRC and some usenet. the Web is place I no longer want to be, especially AJAX, WebRTC, WEBGL, and such. You simply don't need those. All the content is crap, the valuable resource are people interactions, and a ham radio will do better than facebook these days.

  3. And still people wonder why I always uninstall AV by xxxJonBoyxxx · · Score: 3, Interesting

    And still my friends and relatives wonder why one of the first things I do when I "clean their computer" is delete crap like McAfee, Norton or whatever other third-party AV suckerware is living on their machines.

  4. Anybody still... by FaxeTheCat · · Score: 1

    ...use McAfee? Wow...

    1. Re:Anybody still... by CimmerianX · · Score: 2

      IT comes preinstalled on alot of machines. Its something I remove when de-crapifying any new system.

    2. Re:Anybody still... by castionsosa · · Score: 3, Insightful

      It is one of the few AV products that runs on Linux, Solaris, and AIX. Not that LPARs or LDOMs will be getting viruses anytime soon, but it is necessary for making the legal eagles happy and checking the "all machines, logical and physical, have AV running on them" box.

      It is far easier to just toss McAfee on there than to try to explain or write exceptions to an auditor.

    3. Re:Anybody still... by MightyMartian · · Score: 2

      Nowadays we just reimage new equipment. We don't even bother removing it. We have vanilla Windows images with the software needed and that's what goes on. The idea of spending any time removing the shit that Toshiba, Lenovo and the rest of them throw on the computers is a useful activity is long gone now.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    4. Re:Anybody still... by MightyMartian · · Score: 1

      I can do the same thing at home. I grab an OEM install ISO, gather all the drivers, and reinstall. It's a bit more of a pain, but operating systems are getting better suites of built in drivers all the time.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    5. Re:Anybody still... by Chelloveck · · Score: 1

      I can do the same thing at home. I grab an OEM install ISO , gather all the drivers, and reinstall.

      Oh? Where does a technically competent but non-computer-professional find an OEM install ISO?

      --
      Chelloveck
      I give up on debugging. From now on, SIGSEGV is a feature.
    6. Re:Anybody still... by omnichad · · Score: 1

      Windows Media Creation Tool

      And for Windows 8.1 too

      You're out of luck for Windows 7 if you're not halfway expert. You have to convert a standard Windows 7 ISO to Universal or acquire a premade one and use the OEM key from the sticker.

    7. Re:Anybody still... by Chelloveck · · Score: 1

      Huh. I had no idea! Thanks, that looks like it might be very useful!

      --
      Chelloveck
      I give up on debugging. From now on, SIGSEGV is a feature.
  5. Argh,,,, too tired this morning. by mark-t · · Score: 1

    I read "beacons" as "bacon". And went, like, "huh?"

    Oh how I truly hate daylight savings time.

    --
    File under 'M' for 'Manic ranting'
  6. McAfee is owned by Intel by LichtSpektren · · Score: 1

    Inspires a lot of confidence in all those nifty new features of the Intel Skylake CPUs, eh?

  7. And people wonder why I run Linux by AntronArgaiv · · Score: 4, Insightful

    At this point, my favorite reply is "Look, it doesn't suck any worse than Windows."

    And.. no antivirus, no unexpected updates changing system configuration, no "defective by design" security issues, and on and on.

    Linux isn't perfect, but it does 95% of what I need to do, and I have a VirtualBox VM with XP loaded to do the rest. And with Microsoft and friends (like McAffee) shooting themselves in the foot every chance they get, Linux is becoming a better choice every day.

    1. Re:And people wonder why I run Linux by invictusvoyd · · Score: 1

      defective by design

      There are now .

      Clue: Know that fella who worked on ALSA?

    2. Re: And people wonder why I run Linux by cfalcon · · Score: 1

      > The only benefit of Linux is the less than 2% market share.

      People said this when Windows had spy and monitor services listening to the naked internet, that got whole boxes owned.
      People said this during the shit festival than was Internet Explorer.
      People said this when Windows had every user running as admin.
      People said this when Windows was the only guy on the block not using ASLR.

      Now they say it in a world where Windows lacks SE Linux level security entirely, in a world where much of the code is still written with a plug-n-chug factory mentality, in a world where critical code is kept hidden for competitive reasons- and most importantly, in a world where Windows boxes are routinely malicious piles of shit, and almost nothing else is.

      Talk about marketshare all you like, Windows has been a total pile of shit on security and always fucking will be. At this point it would take like twenty fucking years of flawless performance to reverse this well deserved reputation. It's never been safe, it's not safe now, but Windows users will put up with ANYTHING- and then rationalize it, lol.

    3. Re:And people wonder why I run Linux by AntronArgaiv · · Score: 1

      There are now .

      Clue: Know that fella who worked on ALSA?

      I didn't say Linux was free of security issues. But Linux packages typically have unused ports closed by default, compared to Windows' "leave 'em open" approach. I'm not comfortable trusting Microsoft to do what's right, security-wise. I feel better with Linux.

      I'll be the first to admit, Linux isn't for everyone. But I just can't count on Windows any more...you never know what Microsoft is going to do to you.

  8. Re:And still people wonder why I always uninstall by AntronArgaiv · · Score: 1

    At work, we use Malwarebytes. And the IT guys are fairly savvy, so I'm guessing it's a bit better than the "old guard" AV products.

  9. McAfee really? by ole_timer · · Score: 1

    Who uses that crap?

    --
    nothing to see here - move along
    1. Re:McAfee really? by invictusvoyd · · Score: 1

      Botnet pawns

  10. Firewall by Anonymous Coward · · Score: 1

    This is why you also need to install McAfee Firewall!

    1. Re:Firewall by ole_timer · · Score: 1

      block all things mcafee - I like it!

      --
      nothing to see here - move along
  11. Re:And still people wonder why I always uninstall by TheGratefulNet · · Score: 1

    at my last 'windows based' job, they also insisted on malware bytes. the admins tended to be clueful there, too. so maybe there's something to it.

    at home, though, I refuse to run them. I refuse to run windows7 update and have deinstalled all bad updates.

    backup and restore is my new friend. that, and avoiding doing anything online with windows, as much as I can.

    antirvir is not useful for techies and its more trouble than its worth.

    --

    --
    "It is now safe to switch off your computer."
  12. WIPE by Anonymous Coward · · Score: 2, Insightful

    And thats why if i buy hardware (phone/laptop/tablet/pc) the very first thing i do is WIPE it. Not uninstall , WIPE !!!! ;)

    1. Re:WIPE by castionsosa · · Score: 1

      Depends on what the product is. Enterprise level desktops, if I have time, I like running a Linux CD boot to zero out HDDs or blkdiscard -s SSDs, then PXE booting the desktop so it can load an image. This way, I'm sure no data is present that shouldn't be there.

      Personal stuff, same thing. However, I use an imaging utility (Ghost, CloneZilla) to save the contents of the original HDD off, as there might be a driver on the original OS load that isn't available for downloading. Then, the SSD gets completely trimmed, and I install the OS from scratch. Even Macs, I zero out the storage, then boot El Capitan from a USB flash drive, so I know the machine is clean.

  13. Re:And still people wonder why I always uninstall by CimmerianX · · Score: 1

    When I managed my old company network, I used malware bytes also. There's no money to be made destroying your PC, only in controlling it.

    I used a host file per machine to block sites and GPOs to lock down the user's temp dirs so no EXEs could be run from there (mostly for the crypto infections.

    Other than that, if a person ever got infected, the machine was immediately imaged back to its weekly image. That threat kept people from risky clicks more than anything else.

  14. John McAfee himself said it by gizmod · · Score: 1

    Responding to a question in a Reddit AMA, the self-described eccentric millionaire said: "McAfee is one of the worst products on the f**king planet."

  15. Duct Tape solves everything by houghi · · Score: 1

    I just put a tape over my camera. If I were less lazy, I would desolder the camera and the microphone. I have never ever had a use for them anyway.
    For now duct tape is good enough.

    --
    Don't fight for your country, if your country does not fight for you.
  16. The question is by perryizgr8 · · Score: 1

    Why the fuck would you buy a signature edition laptop and proceed to install Mcafee on it, thereby ruining it completely? One can only be so stupid, right? Right??

    --
    Wealth is the gift that keeps on giving.
  17. Re:A more important question ... by Grishnakh · · Score: 1

    Not likely. This is from McAfee Software (a division of Intel), which John McAfee has no control or ownership of.

    Also, John McAfee has publicly stated that McAfee software is "the worst software on the planet". If the guy it's named after says it's total crap, that should tell you something.

    Usually, when I bring this up, some naÃve moron replies with some idiotic response about how John doesn't know anything about current McAfee software, some BS about brand value, etc. Obviously, as we can see from this article, John was right all along: this software IS crap, and it's downright malware.

  18. Re:A more important question ... by MightyMartian · · Score: 2

    Obviously John has never used Norton's fine products.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
  19. So uninstall McAfee and install Windows Defender? by Chas · · Score: 1

    HA! Thought they were serious for a minute.

    What? What do you mean it's not April 1st?

    Recommending Windows Defender is like suggesting someone bare-ball it across the net.

    --


    Chas - The one, the only.
    THANK GOD!!!
  20. Built-in protection by JustAnotherOldGuy · · Score: 1

    So...how long before McAfee advertises that it'll protect you against itself?

    "New McAfee 10, with Advanced Protection Against McAfee 10!"

    --
    Just cruising through this digital world at 33 1/3 rpm...
  21. McAfee is owned by Intel. by Futurepower(R) · · Score: 2

    McAfee is owned by Intel Corporation. Former Intel CEO Paul Otellini bought McAfee for $7.6 billion.

    Quote from that New York Times story: "There are no immediate synergies that I can see," said Stacy A. Rasgon, an analyst with Sanford C. Bernstein & Company. "It is a strategic deal, and it is a pretty rich price for a strategic buy."

    Ohhh. It's a "strategic deal". Oh, well then, that's okay? Why are writers with no interest or understanding of technology allowed to write stories about technology?

    My best guess is that's why Otellini was fired.

    Stories about John McAfee, who started the company:

    1) Meet the harem of SEVEN women who lived with fugitive software tycoon John McAfee before he fled Belize

    2) Bath Salts, Orgies, Murder, and Anti-Virus Software

    3) U.S. antivirus legend John McAfee wanted for murder in Belize

    McAfee is a "legend"? McAfee software was always undesirable, in my experience.

    4) John McAfee: Addict, coder, runaway

    Quote from that BBC story: "At the time of the raid, McAfee had begun an affair with a 16-year-old ex-prostitute he had met on Belize Independence Day."

    She was an "ex-prostitute"? She was no longer a prostitute?

    Another quote: "One night Emshwiller took McAfee's gun. She aimed it at his head, squeezed her eyes shut and pulled the trigger. She missed." John McAfee's response: "All she did was burst my eardrum. I'm deaf in one ear now, but I don't have a bullet in my head. Forgiveness is one of the graces that we have as human beings. Can I be faulted for indulging in it?"

    Not-prostitute Emshwiller is quoted as saying, " 'One time before, I held him in the corner and I put a knife at his throat," she says.'

    Former Intel CEO Paul Otellini got Intel, a hardware company, involved in that by buying McAfee, a software company. Would you use Intel McAfee software? It seemed to me that buying McAfee damaged Intel's reputation, and continues to damage Intel's reputation.