McAfee Takes Six Months To Patch Remote Code Exploit In Linux VirusScan Enterprise

mask.of.sanity writes: A researcher has reported 10 vulnerabilities in McAfee's VirusScan Enterprise for Linux that when chained together result in root remote code execution. McAfee took six months to fix the bugs issuing a patch December 9th.
Citing the security note, CSO adds that "one of the issues affects Virus Scan Enterprise for Windows version 8.7i through at least 8.8." The vulnerability was reported by Andrew Fasano at MIT's federally-funded security lab, who said he targeted McAfee's client because "it runs as root, it claims to make your machine more secure, it's not particularly popular, and it looks like it hasn't been updated in a long time."

I had a contractor recommend McEnterprise.

And I fired him that day.

Re: I had a contractor recommend McEnterprise.

You bastard! I'll get you for this!!! I'll make you pay!!!!!!!

Re: I had a contractor recommend McEnterprise.

You gotta let it go OP. Yeah, that guy had sex with your wife, but you can't change the past, ya know?

Re: I had a contractor recommend McEnterprise.

But he had sex with her! I have to get him back!

Re: I had a contractor recommend McEnterprise.

[mallyn]

Yes, but I did something better. I invited your wife to be my apprentice in woodworking and cabinetmaking. She did so well that she decided to go into business making fine furniture and selling it to very fine hotels for 5,000 to 10,000 per piece. Just recently she made and sold an exact replica of an antique desk for over 50,000.

Now that she has this skill, she wants to divorce you and make a name for herself far away from the tech world!

And I did not have to come any where near having sex with her!!

Besides, I am queer with a fetish in clear plastic.

Re: I had a contractor recommend McEnterprise.

[streetajebo]

lool....mean

McAfee

That dude's bad news. Somebody should burn his house down.

Re:McAfee

Nah, just shoot his dog.

Re:McAfee

[antdude]

Even if he is not part of the company anymore? :P

Re:McAfee

[unixisc]

Actually, didn't Intel change the name to Intel Antivirus or something? Why is it still being called McAfee?

Re:McAfee

[mallyn]

Yes, they did. However, many of those folks, like myself, are now Escaped Mental Patients From Intel Corporation. They are now living happy lives in places like the Shangri-La of Bellingham, Washington and volunteering for places such as the Spark Museum of Electrical Invention fixing antique vintage vacuum tube radios and electronics and having one heck of a good time!

Re: McAfee

I don't think you've seen John Wick.

Anti-Virus on Linux?

How common is it for Linux systems to have discrete anti-virus software running on them?

Re:Anti-Virus on Linux?

How common is it for Linux systems to have discrete anti-virus software running on them?

Nowadays it's unheard of. Everybody uninstalled antivirus on linux because of the false positives from systemd.

Re:Anti-Virus on Linux?

[DivineKnight]

You

Re: Anti-Virus on Linux?

Not at all. Explains why
no one cared, even the vendor.

Any sane Linux user knows this.

Re: Anti-Virus on Linux?

[bsDaemon]

They can be used to scan emails coming in our out of your mail server; scan files on web servers for thing that might there to be infect other end points, etc. As to how common it is in the "real world," I don't know. I remember arguing about a requirement to support Mcafee with DISA a while back because running a competitor's product on the control plane of our own certainly was a non-starter, but they had a requirement around it. We won the argument, but it took some doing.

Re:Anti-Virus on Linux?

[LVSlushdat]

Last company I worked for before I retired in 2010, had a compute cluster of a bit over 100 Dell 1U servers running, at the time, RHEL3/4. One of my tasks at the time was to upgrade them from RHEL3/4 to 5.. I suggested going with CentOS5 to save some serious $$$. I was shot down, as the PTB decided that RHEL5 was the way they would go, AND each node would get McAfee AV. Cue me shuddering.. Fortuantly, the PTB got a quote from Redhat that apparently shocked even them and I was given the goahead to use CentOS5 and only put AV on the master node which would get ONE license for RHEL5. We also had several Precision workstations running Linux and I was directed to put McAfee on them.. WHAT a pain in the ass to get that piece of shit even working correctly..
Up to that point, I'd never seen AV on any Linux machine besides a mailserver to stop malware getting on any Windows clients...

Re:Anti-Virus on Linux?

One place I worked installed it... but made damn sure it wouldn't run.

Yep - anti-virus installed. passed audit.

We just had to be careful not to say it didn't work.

Re: Anti-Virus on Linux?

[streetajebo]

the risk on linux is just too much http://www.streetajebo.com/

Re:Anti-Virus on Linux?

I worked for McAfee for a while running a decent sized linux infrastructure. We used clamav to meet our virus scan compliance requirement.

Re:So many vulnerabilities in Linux

[pixel+sorceress]

AmigaOS or GTFO.

Re:So many vulnerabilities in Linux

http://cvedetails.com

You are completely wrong, but I'm sure that this isn't the first time.

Re:So many vulnerabilities in Linux

MS-DOS 2.0/2.1 is quite secure from what I hear. Hey 2.1 even supports something they are calling subdirectories.

Re:So many vulnerabilities in Linux

...aaaaaand you've just been trolled

Re:So many vulnerabilities in Linux

MS-DOS 2.0/2.1 is quite secure from what I hear. Hey 2.1 even supports something they are calling subdirectories.

I just ordered a new one for my mother with a bigger screen, which may be easier to read, but that won't be there for several days. It was a 15.6" 1080P for $339. asus laptop The main things there is it is 5.1 pounds, 15.6" and 1080P.

I just heard her current one is asking to call an 800 number... Does anyone have any tips for securing windows 10 beyond the usual updates and such? I'll reimage the older laptop to linux, which should at least help, but 10 is likely better for the high DPI display on the newer one.

Also if anyone is thinking of buying a 32GB eMMC based win 10 laptop, well don't, at least if you plan to keep 10. You rapidly run out of space and the updates fail. You can get around it with some work, but it is a pain. I considered a chromebook, but that limits what is possible to run on it a fair amount. The new laptop has a cheap 500GB hard disk, which would allow me to dual boot linux mint, though I'm not sure if that complexity is worth it. Still, it might provide a backup OS should the primary be compromised.

Yep, between the net & user Windows. IPS for L

[raymorris]

Exactly as he said. You put profesionally managed Linux or FreeBSD boxes directly connected to the internet, between the net and your users on Windows desktops. Especially 5-20 years ago, when Windows was SO vulnerable, it made (and makes) good sense to put some protection between the users and the internet.

To protect *nix boxes, especially servers, some people use an intrusion detection system / intrusion prevention system (IDS/IPS). You can set it to alert you if any files change on the server, other than the types of changes you expect in the data files. Mod_security can block and report any suspicious web requests, etc. Because the servers typically have one job to do, or just a few tasks, you can configure it to block everything other than the expected traffic and behavior. Therefore you don't need to detect malware or other bad stuff, you just define the few things that *are* allowed and deny anything else.

McAfee is only for the clueless

[pete6677]

You can tell a company IT department is run by clueless morons if they install McAfee products, which have always caused many more problems then they've prevented.

Re:McAfee is only for the clueless

[Billly+Gates]

I know it's a good thing we run Symantec here ... Oh wait :-(

Actually is there any good AV solution for an IT department? And no saying telling users not to click on attachments won't fly?

Re:McAfee is only for the clueless

[a_n_d_e_r_s]

Yes, its called Linux.

Re:McAfee is only for the clueless

Actually is there any good AV solution for an IT department? And no saying telling users not to click on attachments won't fly?

Yes, its called Linux.

And in all seriousness, "Linux for the Internet stuff" can actually be a solution even in an otherwise Windows-only environment. No, you don't need a separate workstation next to your Windows PC, no, you don't need to run a virtual machine on it that slows it down to a crawl, no, you don't need VNC.

Just try X2Go. Works seamless with single applications (Browser, E-Mail, PDF viewer, Office) between Linux and Windows like Citrix (just the other way round - Linux server, Windows clients), has audio support as well, and separates the dangerous Internet from your priceless company and customer data.

See, for example:
http://wiki.x2go.org/doku.php/doc:deployment-stories:electronic-glovebox

Full Disclosure:
I'm the Lead Evangelist and Community Manager of X2Go, and my company also sells commercial support for such solutions. You're free to roll your own, though - X2Go is 100% F/LOSS, and always will be.

-Stefan Baur

Re:McAfee is only for the clueless

[Billly+Gates]

Really? I can run IE 6 apps on Linux? I can read CIsco SecureEmail emails on Linux? I can get a decent email client with calandar functionality compatible with MS Exchange on Linux? I can set GPO for HIPPA compliance like banning printing on a OU folder on Linux? I can deploy applications with SCCM on Linux?

I have Symantec Disk Encryption compability on Linux?

Re:McAfee is only for the clueless

Really? I can run IE 6 apps on Linux? I can read CIsco SecureEmail emails on Linux? I can get a decent email client with calandar functionality compatible with MS Exchange on Linux? I can set GPO for HIPPA compliance like banning printing on a OU folder on Linux? I can deploy applications with SCCM on Linux?

I have Symantec Disk Encryption compability on Linux?

Yes. No. Yes. No. Yes. No.

3 / 6 is a pretty good grade considering you are _insisting_ to use those particular technologies. Otherwise, there are manageable alternatives for Linux-based operating systems which can also fill the gap for the three negatives above.

McAffee was good but is now junk

[melting_clock]

Many years ago, McAfee was a good AV product but it has been junk for several years now. Unfortunately, it is getting tough to find a reliable AV that is suitable for computer literate customers. This story is not the only example of McAfee actually reducing the security of the machines it is installed on.

In the past, I encouraged people in a business environment to used the AV product that they preferred. That diversity can help to catch threats that a single product misses. Those with McAfee installed were the laptops that were most often infected by a virus and often the evidence of infection came from other computers with different AV products that prevented an infection. It was scary just how bad it was so I had to change the policy to ban it.

Unfortunately, it is tough to find a good AV product, that is reliable and does not cause more problems than an extensive infection. Too many false positives, huge drops in performance, interruption work of productive work with forced reboots and annoying popups are widespread. I used AVG for many years, including in a volume licensed business environment, until it became crapware as well... Now I rely on other security products and systems that a virus resistant.

Re:McAffee was good but is now junk

Nod32, Kaspersky, MalwareBytes, Webroot, these have too many drawbacks or false positives or performance hits?

Re:McAffee was good but is now junk

[Billly+Gates]

Nod32, Kaspersky, MalwareBytes, Webroot, these have too many drawbacks or false positives or performance hits?

None of those are enterprise ready. So why corporations only use Mcrappy or Symantec? Because of endpoint enterprise management and custom GPOs. For example if you have an infected station the policies can remove it from the the domain and the Cisco port can be disabled automatically

Re: McAffee was good but is now junk

How about Avast?

Good experience with the free one and looks like they have an enterprise offering.

Re:McAffee was good but is now junk

They all have performance hits. Uninstall it and watch as your Computer seems to of magically doubled in speed.

Re:McAffee was good but is now junk

Why isn't ESET Endpoint enterprise ready? We use it nicely with SCCM and other solutions. Kaspersky and ESET/NOD32 have plenty of endpoint management.

That's cool

It takes me 6 months to stop laughing when someone suggests their products are a good solution to any given problem.

Why put up with false positives?

Most responses I get to anti virus or security on a Linux desktop is that you don't need it. Much like what Mac OS users tell their flock. Because of the lack of total user base, I think support for Linux from these companies is a token attempt at satisfying the few. Obviously they do not do that very well.

In McAfee's defense

[jayhawk88]

They were probably pretty shocked to learn that anyone was using this product. Or perhaps that they even made it at all.

Hosts files have no such issue

See subject: Hosts block infection blocking ability to communicate w/ sources of infestation in 1st place (more proactive vs. antivirus letting you be infested & removing it IF it can. It's better than "heuristics" inaccuracies antivirus uses too - false positives galore it's prone to).

Hosts = NATIVE part of IP stack you already have using FAR less resources + moving parts for exploit (antivirus is prone to as this article shows along w/ TAVIS ORMANDY finding security holes in antiviruses galore)

* Hosts = IMMEDIATELY EDITABLE by users (e.g. notepad.exe) for "self-patching" adding OR removing entries manually.

APK

P.S.=> For automated production & maintenance of hosts (4 more speed, security, reliability & anonymity online)? APK Hosts File Engine 9.0++ SR-4 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ ... apk