Slashdot Mirror
McAfee Takes Six Months To Patch Remote Code Exploit In Linux VirusScan Enterprise (theregister.co.uk)
mask.of.sanity writes: A researcher has reported 10 vulnerabilities in McAfee's VirusScan Enterprise for Linux that when chained together result in root remote code execution. McAfee took six months to fix the bugs issuing a patch December 9th.
Citing the security note, CSO adds that "one of the issues affects Virus Scan Enterprise for Windows version 8.7i through at least 8.8." The vulnerability was reported by Andrew Fasano at MIT's federally-funded security lab, who said he targeted McAfee's client because "it runs as root, it claims to make your machine more secure, it's not particularly popular, and it looks like it hasn't been updated in a long time."
Citing the security note, CSO adds that "one of the issues affects Virus Scan Enterprise for Windows version 8.7i through at least 8.8." The vulnerability was reported by Andrew Fasano at MIT's federally-funded security lab, who said he targeted McAfee's client because "it runs as root, it claims to make your machine more secure, it's not particularly popular, and it looks like it hasn't been updated in a long time."
And I fired him that day.
How common is it for Linux systems to have discrete anti-virus software running on them?
Nowadays it's unheard of. Everybody uninstalled antivirus on linux because of the false positives from systemd.
You
AmigaOS or GTFO.
They can be used to scan emails coming in our out of your mail server; scan files on web servers for thing that might there to be infect other end points, etc. As to how common it is in the "real world," I don't know. I remember arguing about a requirement to support Mcafee with DISA a while back because running a competitor's product on the control plane of our own certainly was a non-starter, but they had a requirement around it. We won the argument, but it took some doing.
Exactly as he said. You put profesionally managed Linux or FreeBSD boxes directly connected to the internet, between the net and your users on Windows desktops. Especially 5-20 years ago, when Windows was SO vulnerable, it made (and makes) good sense to put some protection between the users and the internet.
To protect *nix boxes, especially servers, some people use an intrusion detection system / intrusion prevention system (IDS/IPS). You can set it to alert you if any files change on the server, other than the types of changes you expect in the data files. Mod_security can block and report any suspicious web requests, etc. Because the servers typically have one job to do, or just a few tasks, you can configure it to block everything other than the expected traffic and behavior. Therefore you don't need to detect malware or other bad stuff, you just define the few things that *are* allowed and deny anything else.
Even if he is not part of the company anymore? :P
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
Actually, didn't Intel change the name to Intel Antivirus or something? Why is it still being called McAfee?
You can tell a company IT department is run by clueless morons if they install McAfee products, which have always caused many more problems then they've prevented.
Last company I worked for before I retired in 2010, had a compute cluster of a bit over 100 Dell 1U servers running, at the time, RHEL3/4. One of my tasks at the time was to upgrade them from RHEL3/4 to 5.. I suggested going with CentOS5 to save some serious $$$. I was shot down, as the PTB decided that RHEL5 was the way they would go, AND each node would get McAfee AV. Cue me shuddering.. Fortuantly, the PTB got a quote from Redhat that apparently shocked even them and I was given the goahead to use CentOS5 and only put AV on the master node which would get ONE license for RHEL5. We also had several Precision workstations running Linux and I was directed to put McAfee on them.. WHAT a pain in the ass to get that piece of shit even working correctly..
Up to that point, I'd never seen AV on any Linux machine besides a mailserver to stop malware getting on any Windows clients...
THANK YOU, Edward Snowden!! Americans owe you a debt of gratitude (whether they know it or not..)
Many years ago, McAfee was a good AV product but it has been junk for several years now. Unfortunately, it is getting tough to find a reliable AV that is suitable for computer literate customers. This story is not the only example of McAfee actually reducing the security of the machines it is installed on.
In the past, I encouraged people in a business environment to used the AV product that they preferred. That diversity can help to catch threats that a single product misses. Those with McAfee installed were the laptops that were most often infected by a virus and often the evidence of infection came from other computers with different AV products that prevented an infection. It was scary just how bad it was so I had to change the policy to ban it.
Unfortunately, it is tough to find a good AV product, that is reliable and does not cause more problems than an extensive infection. Too many false positives, huge drops in performance, interruption work of productive work with forced reboots and annoying popups are widespread. I used AVG for many years, including in a volume licensed business environment, until it became crapware as well... Now I rely on other security products and systems that a virus resistant.
Yes, they did. However, many of those folks, like myself, are now Escaped Mental Patients From Intel Corporation. They are now living happy lives in places like the Shangri-La of Bellingham, Washington and volunteering for places such as the Spark Museum of Electrical Invention fixing antique vintage vacuum tube radios and electronics and having one heck of a good time!
Most Respectfully Yours Mark Allyn Bellingham, Washington
the risk on linux is just too much http://www.streetajebo.com/
They were probably pretty shocked to learn that anyone was using this product. Or perhaps that they even made it at all.