Slashdot Mirror

← Back to Stories (view on slashdot.org)

McAfee Says It No Longer Will Permit Government Source Code Reviews (reuters.com)

Posted by msmash on from the tussle-continues dept.

Dustin Volz, Joel Schectman, and Jack Stubbs, reporting for Reuters: U.S.-based cyber firm McAfee said it will no longer permit foreign governments to scrutinize the source code of its products, halting a practice some security experts have warned could be leveraged by nation-states to carry out cyber attacks. Reuters reported in June that McAfee was among several Western technology companies that had acceded in recent years to greater demands by Moscow for access to source code, the instructions that control basic operations of computer equipment. The reviews, conducted in secure facilities known as "clean rooms" by Russian companies with expertise in technology testing, are required by Russian defense agencies for the stated purpose of ensuring no hidden "backdoors" exist in foreign-made software. But security experts and former U.S. officials have said those inspections provide Russia with opportunities to find vulnerabilities that could be exploited in offensive cyber operations. McAfee ended the reviews earlier this year after spinning off from Intel in April as an independent company, a McAfee spokeswoman said in an email to Reuters last week.

79 comments

  1. Maybe if Russia stops meddling in our elections by Anonymous Coward · · Score: -1

    but until then we can't give them access to our corporate secrets.

    1. Re:Maybe if Russia stops meddling in our elections by Archangel+Michael · · Score: 4, Insightful

      You mean, stop bribing Secretary of States, former presidents under the watchful eye of the Robert Mueller FBI ?

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    2. Re:Maybe if Russia stops meddling in our elections by Anonymous Coward · · Score: -1

      lol Dotard, is that you???

    3. Re:Maybe if Russia stops meddling in our elections by Anonymous Coward · · Score: 0

      but until then we can't give them access to our corporate secrets.

      Perhaps a seasoned politician's highly classified emails sent from a personal server across unencrypted channels could provide a sufficient deterrent...

    4. Re:Maybe if Russia stops meddling in our elections by sit1963nz · · Score: 0

      Then perhaps the USA could lead the way and stop meddling in the affairs of other nations.

    5. Re:Maybe if Russia stops meddling in our elections by Anonymous Coward · · Score: 0

      Found Trump's cockholster

    6. Re:Maybe if Russia stops meddling in our elections by Anonymous Coward · · Score: 0

      LOL, good bait my man. The rutards are here.

      Donald Trump fingers his ass. What a sick old faggot! Dumb fucker, too.

    7. Re:Maybe if Russia stops meddling in our elections by Anonymous Coward · · Score: 1

      Found Trump's cockholster

      You keep telling yourself that.

      The "RUSSIANS STOLE THE ELECTION!!!" narrative is blowing up in Democrat's faces.

      Exclusive: In Hill interviews, top Dems denied knowledge of payments to firm behind Trump dossier

      Sitting next to Podesta during the interview: his attorney Marc Elias, who worked for the law firm that hired Fusion GPS to continue research on Trump on behalf of the Clinton campaign and DNC, multiple sources said. Elias was only there in his capacity as Podesta's attorney and not as a witness.

      On Tuesday, that law firm, Perkins Coie, wrote in a letter that it had retained Fusion GPS as part of its representation of the Clinton campaign and the DNC. The disclosure of the Democratic funding source for Fusion GPS is raising new questions for the congressional Russian investigators.

      Note also that Perkins Coie hiring Fusion GPS would have been required to be reported to the FEC:

      Hillary Clinton's Campaign Wasn't Honest About Paying for Trump Dossier

      Hillary Clinton's presidential campaign has been hit with a new complaint that alleges it tried to cover up the fact that it helped pay for the infamous "Trump Russia Dossier."

      The Washington-based Campaign Legal Center (CLC) said in a Wednesday complaint to the Federal Election Commission (FEC) that Hillary for America and the Democratic National Committee (DNC) broke campaign finance law by trying to hide payments related to the dossier...

      Note that those are CNN and Newsweek - hardly right-wing news outlets.

      That's not even getting into how Robert Meuller's FBI helped hide the bribery in the Uranium One deals that netted the Clinton's $145 million dollars....

    8. Re:Maybe if Russia stops meddling in our elections by Anonymous Coward · · Score: 0

      SOMETHING that is
      MUCH more interesting... and concerning... and worrying...
      is that something like goverment source code reviews even exists...
      that is some very sick stuff in my opinion and it is very twisted to begin with.. .that is MESSED UP!

      Like... really... messed....up...

  2. More fake news by Anonymous Coward · · Score: -1

    Trump is strong, honest president and is make America great again. Russia is scapegoat for noisy Democrats.

    1. Re:More fake news by Anonymous Coward · · Score: -1

      Clever use of Google Translate, comrade.

    2. Re: More fake news by Anonymous Coward · · Score: 0

      A snowflake in you can't spot a troll post.

  3. Is China going to give the Windows source back? by Anonymous Coward · · Score: 0

    Why am I guessing not?

  4. Clickbait headline by Anonymous Coward · · Score: 0

    The headline implies that no government will be able to conduct source code reviews, but in reality this only pertains to foreign government.

    What is up with these clickbait headlines?

    1. Re:Clickbait headline by Anonymous Coward · · Score: 2, Insightful

      Of course, the US govt doesn't need to review mcafee's source code, they already know exactly what back doors they have inserted into it, just like they claim Russia has done

    2. Re: Clickbait headline by Anonymous Coward · · Score: 0

      Are there any US govt designed antivirus apps? Will make a nice gift.

    3. Re:Clickbait headline by Anonymous Coward · · Score: 0

      If McAfee rejects all foreign government requests, this is looking like they've actually put a backdoor in, one they don't want a 'foreign' government detecting. Any guesses who paid them?

    4. Re: Clickbait headline by Anonymous Coward · · Score: 0

      Of course, the US govt doesn't need to review mcafee's source code, they already know exactly what back doors they have inserted into it, just like they claim Russia has done

      Exactly this. I'd actually respect a company that would deny the lying US spy agencies access to its code instead.

  5. In Russia antivirus hack you! by Anonymous Coward · · Score: 0

    In Russia antivirus hack you!

    1. Re:In Russia antivirus hack you! by DontBeAMoran · · Score: 1

      In antivirus, hack Russia you!

      --
      #DeleteFacebook
    2. Re:In Russia antivirus hack you! by Anonymous Coward · · Score: 0

      In America, the Goat C shirt wears you!

  6. Why are there no FOSS antivirus programs? by Anonymous Coward · · Score: 0

    Given clear supieroity of FOSS software to commercial software, why is it that any serious antivirus software is always commercial closed source product? It makes me question my long held and baselesss belief that FOSS is programming manna from heaven, gods gift to the world programming.

    1. Re: Why are there no FOSS antivirus programs? by Anonymous Coward · · Score: 0

      >implying a FOSS OS would require a third-party "anti-virus" watchman

      hello mr. gates. shouldnt you be busy ruining punlic schools?

    2. Re:Why are there no FOSS antivirus programs? by hackel · · Score: 1

      https://www.clamav.net/

      The fact is, researching new viruses and maintaining up-to-date signatures requires constant work, which means the need for paid employees. This is really something that should be a collaboration between all the governments of the world and provide for free, thus facilitating far greater FOSS anti-virus solutions. As it is, it's just not something that's interesting enough for anyone to want to do as a hobby. Add to that the fact that those of us running FOSS operating systems don't use anti-virus software in the first place. I think the last time I had an anti-virus application running on my own machine was in the late 90s.

    3. Re:Why are there no FOSS antivirus programs? by Anonymous Coward · · Score: 0

      There will probably never be a free open source competent AV. The nature of the beast is you are going to need a department of researches to investigate the latest malware threats and build definitions for it. Trying to do this all off people doing it in their free time is going to mean a woefully inadequate product with slow updates for virus definitions.

      Unless the FOSS community built the front end and engine, and used someone like mcafee's or symantec's definitions. Good luck with the legal aspects of that.

      This might have been possible back in the day. I remember when Mcafee's definitions were released as a self extracting archive uploaded to their FTP site on a weeklyish basis and you would go manually download the archive to update your AV. No reason a user couldn't have downloaded that self extracting package and applied the definitions to a FOSS piece of software. With everything having now gone with "live update" type BS. good luck with an easy way to get your hands on the definition files without having something like mcafee's or symantec's product already installed.

    4. Re:Why are there no FOSS antivirus programs? by Anonymous Coward · · Score: 0

      No itch to scratch. Why would I check executable code against some publicly-collected blacklist, when I can just check it against my whitelist?

  7. The Antivirus War is On by cloud.pt · · Score: 3, Insightful

    This is interesting news, I didn't know Russia demanded this, but I guess they wised up before, well, the US.

    I do love the tongue-in-cheek from McAfee: they're blatantly trying to get the Kaspersky US market with the patriotic card by exiting the Russian one, and going backwards on the exact thing Kaspersky has stated they would allow from US!

    Now, in all seriousness - does McAfee really think they are gonna catch any market with this? Does anyone with a 2 digit IQ still install McAfee?

    1. Re:The Antivirus War is On by Aighearach · · Score: 1

      Even an unpopular offering will likely experience increased sales when one of their biggest competitors is burning down and everybody is jumping ship.

      For example, there are probably lots of people who dislike Symantec and don't want to install their product, and those people might not know which other companies have a good product. They might only know that McAfee has been around for a long time, and try it.

      McAfee at least is easier to uninstall.

    2. Re:The Antivirus War is On by Frosty+Piss · · Score: 1

      I do love the tongue-in-cheek from McAfee: they're blatantly trying to get the Kaspersky US market...

      McAfee is already on many of the DoD computers I use, working hard to slow them to a crawl...

      --
      If you want news from today, you have to come back tomorrow.
    3. Re:The Antivirus War is On by DontBeAMoran · · Score: 1

      Doesn't Windows come with a built-in antivirus these days?

      --
      #DeleteFacebook
    4. Re:The Antivirus War is On by Gilgaron · · Score: 1

      If the government regulations require an antivirus that meets A,B, and C, and only one company has those, then they win even if the application is a dumpster fire. You won't get any of those govt contract without meeting their requirements.

    5. Re:The Antivirus War is On by geekmux · · Score: 1

      Doesn't Windows come with a built-in antivirus these days?

      "It's secure. Trust me."

      After looking at the rather colorful history of the built-in browser, tends to make you wonder just how many times we're gonna believe that line...

    6. Re:The Antivirus War is On by HalAtWork · · Score: 1

      It makes no sense. I'd rather more countries review it, so there's more eyes on it and less likely to have something nefarious that only benefits one or some countries.

      --
      Twinstiq, game news
    7. Re:The Antivirus War is On by Anonymous Coward · · Score: 0

      Yes. I have a 2 digit IQ, and I install McAfee every month. It takes a while though, since my computer is kind of slow.

    8. Re:The Antivirus War is On by Anonymous Coward · · Score: 0

      It's like Nigerian spam. When you're going after the idiot market you deliberately dumb-down your pitch.

    9. Re:The Antivirus War is On by Anonymous Coward · · Score: 0

      This is interesting news, I didn't know Russia demanded this, but I guess they wised up before, well, the US.

      I do love the tongue-in-cheek from McAfee: they're blatantly trying to get the Kaspersky US market with the patriotic card by exiting the Russian one, and going backwards on the exact thing Kaspersky has stated they would allow from US!

      Now, in all seriousness - does McAfee really think they are gonna catch any market with this? Does anyone with a 2 digit IQ still install McAfee?

      Do you have a two digit IQ?

    10. Re:The Antivirus War is On by Anonymous Coward · · Score: 0

      IQ may be questionable, but the US Department of Defense is heavily invested.

    11. Re:The Antivirus War is On by Anonymous Coward · · Score: 0

      Two kinds of voters would. Trump Voters. And Clinton Voters.

      Does anyone with a 2 digit IQ still install McAfee?

    12. Re:The Antivirus War is On by cloud.pt · · Score: 1

      Yeah you have a fair point!

    13. Re:The Antivirus War is On by cloud.pt · · Score: 1

      If that is true it makes me cringe a bit. But then again Kaspersky use induced in stolen info so I digress...

    14. Re:The Antivirus War is On by cloud.pt · · Score: 1

      Another fair point indeed.

    15. Re:The Antivirus War is On by cloud.pt · · Score: 1

      2 digit, _positive_ IQ

      I laughed kinda hard on that one. Good job!

    16. Re:The Antivirus War is On by cloud.pt · · Score: 1

      I guess joke's on me for not making it clear. I obviously meant "at least a 2 digit IQ". And to answer your question as is: no. I believe last time I tested it I was safely on the 3 digits, and it was less than 10 years ago.

      In my defense I'm no native English speaker. I kind of assumed "at least" could be implied, when you say stuff like "anyone with ", when used in a question at least.

    17. Re:The Antivirus War is On by cloud.pt · · Score: 1

      Had no idea of this. Tantalizing. Reminds me of my junior high, where all PCs also had it

  8. Double standard, anyone? by Scarred+Intellect · · Score: 2, Insightful

    So it's OK for the US to audit Kaspersky's source code for hidden backdoors (and Kaspersky is highly regarded for offering it), but it's not OK for Russia to audit McAfee's source code for hidden backdoors.

    Because Russia.

    Did I get that right?

    1. Re:Double standard, anyone? by Anonymous Coward · · Score: 1

      There is no right or wrong. There is either wanting to do business or not.

    2. Re:Double standard, anyone? by Frosty+Piss · · Score: 4, Insightful

      So it's OK for the US to audit Kaspersky's source code for hidden backdoors (and Kaspersky is highly regarded for offering it), but it's not OK for Russia to audit McAfee's source code for hidden backdoors.

      McAfee does not set the policies of Kaspersky as to if they let people look at the code. Whether or not it's "OK" for one company to choose one thing and another company to choose another thing is a false dynamic. Both can choose to do whatever they like.

      --
      If you want news from today, you have to come back tomorrow.
    3. Re:Double standard, anyone? by dabadab · · Score: 0

      Because Russia.

      Did I get that right?

      Yes. And coming from an ex-Eastern Block country that seems to be a damn good reason.

      --
      Real life is overrated.
    4. Re:Double standard, anyone? by Jeremi · · Score: 2

      Really it doesn't make much difference either way.

      Unless you are as familiar with the codebase as its authors are (and you definitely won't be) and unless you are doing all of the compilation from source yourself (which you probably won't be), you're still more or less at the mercy of the software vendor.

      Even if you read all of the source code they provide you with to "prove" the program doesn't do anything nefarious, there is no guarantee that the binary you install on your computers was based on the source code you read, and not some other version of that source code with a back-door installed.

      So it comes down to the same thing -- you either trust your Anti-virus company not to spy on you, or you don't.

      --


      I don't care if it's 90,000 hectares. That lake was not my doing.
    5. Re:Double standard, anyone? by geekmux · · Score: 1

      Really it doesn't make much difference either way.

      Unless you are as familiar with the codebase as its authors are (and you definitely won't be) and unless you are doing all of the compilation from source yourself (which you probably won't be), you're still more or less at the mercy of the software vendor.

      Even if you read all of the source code they provide you with to "prove" the program doesn't do anything nefarious, there is no guarantee that the binary you install on your computers was based on the source code you read, and not some other version of that source code with a back-door installed.

      So it comes down to the same thing -- you either trust your Anti-virus company not to spy on you, or you don't.

      A world full of social media narcissists who post every detail about their lives online via dozens of apps that abuse 100 back-channels of telemetry and data aggregation is worried about Nation States stealing shit via hidden anti-virus code.

      Fucking hell.

      If you're looking for a horror story, read a EULA sometime.

    6. Re:Double standard, anyone? by Oswald+McWeany · · Score: 1

      So it's OK for the US to audit Kaspersky's source code for hidden backdoors (and Kaspersky is highly regarded for offering it), but it's not OK for Russia to audit McAfee's source code for hidden backdoors.

      Because Russia.

      Did I get that right?

      And Russia is perfectly welcome to not install McAfee on THEIR government computers. Infact, it would be wise if they didn't.

      --
      "That's the way to do it" - Punch
    7. Re:Double standard, anyone? by gravewax · · Score: 1

      If you are relying on code obscurity for a security product you are already fucked. All this does is reduce their own market. Almost every country in the world demands these security reviews/checks before use by government.

    8. Re:Double standard, anyone? by Jeremi · · Score: 1

      A world full of social media narcissists who post every detail about their lives online via dozens of apps that abuse 100 back-channels of telemetry and data aggregation is worried about Nation States stealing shit via hidden anti-virus code.

      I was thinking more of the NSA, DOD, and other government agencies that have made the (questionable) decision to run their critical infrastructure on Windows, and now find themselves in the position of depending on Kaspersky/McAfee/etc to protect their computers against malware, and therefore having to trust said companies not to be installing malware themselves.

      Whether government agencies are full of social media narcissists or not, I don't know... I try not to spend a lot of time at government agencies :)

      --


      I don't care if it's 90,000 hectares. That lake was not my doing.
    9. Re:Double standard, anyone? by Dare+nMc · · Score: 1

      > If you are relying on code obscurity for a security product you are already fucked.

      If your relying on anti-virus for your primary security, you are already fucked. It is the barn door was left open and the horse is out, try and close the barn door solution. It is important that it doesn't have back doors, but everything else is just a last hope that it saves you.

      Providing the source to eyes that may make malware, if they don't also provide vulnerability feedback or sales to mcafee is useless. Especially as AV is a cat and mouse product, where they attempt to detect malware, and the malware attempts to evade. It doesn't fit as nicely into a open security model.

    10. Re:Double standard, anyone? by Anonymous Coward · · Score: 0

      Yeah, you got it right - up until you said 'Because Russia'

      It seems OK for countries to place extra requirements on foreign software like this. It's also OK for software makers to opt out of the requirements (and the market).

      Some people in the US are acting like the Russia-phobia is way out of proportion, and perhaps there's some truth to that - but the compelling evidence the US spy agencies claim to have about Russian interference in US politics should be very alarming for Americans. It should be alarming to Republicans, who have for a long time - right up until Russian backed their candidate! - been very concerned about Russian aggression.

      Let's not banter over whether they have it - there's no evidence they could show us that would prove anything beyond any possible doubt, anyway.

  9. I agree w/ BOTH Symantec & McAfee... apk by Anonymous Coward · · Score: 0

    See subject: It's 1 big downside OpenSORES has - it's far easier to find bugs TO USE AGAINST YOU when you have sourcecode & it's their "lifeblood" intellectual property (or 1 of them) too - I am SURE they don't want it imitated OR neat routines stolen too.

    * I won't give away source to my work for the same basic reasons (idiots here who constantly 'stalk' harass me would possibly turn it into a bogus malicious 'doppleganger' like happened to GOOGLE in Chrome EFast https://www.google.com/search?q=Chrome+EFast&btnG=Search&hl=en&gbv=1/ & I won't allow that - too bad - because I would opensource it so others could potentially/possibly IMPROVE it...)

    APK

    P.S.=> So, imo @ least? They're doing the right thing (by themselves)... apk

  10. Misleading headline by Anonymous Coward · · Score: 0

    It should read: "McAfee Says It No Longer Will Permit FOREIGN Government Source Code Reviews ".
    They apparently still allow domestic (U.S.) government to perform such reviews.

  11. fuck8er by Anonymous Coward · · Score: -1

    private se8 party And personal Frre-loving climate The point more

  12. that's nuts by Anonymous Coward · · Score: 0

    Symantec and McAfee are effectively withdrawing from the governmental sector of the global market. Do they really think they're going to be able to sell to countries like China, or India without allowing for code review? Their shareholders ought to sue them.

  13. Easier Translation by Anonymous Coward · · Score: 0

    US Gov, you're not allowed to use Kaspersky? aka the better product? Pleasechooseuspleasechooseus please o please o please choose us!

  14. Government Source code reviews by Anonymous Coward · · Score: 0

    McAfee Says It No Longer Will Permit Government Source code reviews

    TLA government agencies from $COUNTRY will review their code anyway, whether they submit it or not.

  15. Re: Maybe if Russia stops meddling in our election by Anonymous Coward · · Score: -1

    Hilldog, is that you?

    Ridiculous right, Russia could never bribe a secretary of state. But "hacking" an election is child's play.

  16. just the foreign ones... by Anonymous Coward · · Score: 0

    are excluded now.. so the u.s. still has free reign. ok. didn't use mcafee shit anyway.

  17. The Anti-Antivirus war is on by TiggertheMad · · Score: 1

    It makes no sense. I'd rather more countries review it, so there's more eyes on it and less likely to have something nefarious that only benefits one or some countries.

    It is a two edged sword. More people look at the code, the more confidence you have that it isn't hiding anything. But then, you also have more people who understand how to write malware that either attacks the AV app, or is able to bypass it entirely. You can have it both ways of course, if you don't let select countries that have historically acted against US interest (cough cough Russia) look at the code.

    --

    HA! I just wasted some of your bandwidth with a frivolous sig!
    1. Re:The Anti-Antivirus war is on by Anonymous Coward · · Score: 0

      If someone sees something in the code they can't be sure others won't see the same thing and exploit it there as well. It's in everyone's best interest to get all holes fixed.

  18. That's actually a great idea by Anonymous Coward · · Score: 0

    Hey, that's fine. Just remember that this policy is also denying us access to our corporate secrets too.

    If McAfee's software can't be audited, then if your company does anything that could be dangerous or handles data that could be sensitive, then McAfee isn't a serious option. And if you're caught using it, everyone will know beyond a shadow of a doubt that your company is wilfully reckless. Should something happen, you knew it was coming and you are responsible.

    Your idea might be just the sort of thing we need to get some corporate accountability. Instead of them shrugging and saying "Hey, we thought we could trust our virus scanners, because everyone's checking it," they'll be saying "yes, we knew it couldnt' be checked and we used it anyway. That last breach was our fault and we easily could have prevented it, but we decided to be fast'n'loose with your data. Sorry. We'll be liquidating all our company's assets in order to pay a portion of the damages. Any of our stockholders (*ahem* Chairman of the Board *cough*) who knew we were still running McAfee, might be able to pay more than their mere equity in our company, so feel free to pursue them."

    1. Re: That's actually a great idea by Anonymous Coward · · Score: 0

      This could only come from a competitor. This statement makes absolutely no sense.

      The more people allowed to audit the source code, the more vulnerable it will be.

      You must also think the governement should audit what happens in your bedroom as well. Wouldnt want to have anything be private, because clearly that means you must be hiding something.....SMH

  19. How do code reviews do anything? by llZENll · · Score: 2

    Enterprise software is so complex that there must be thousands of source files with hundreds of thousands of lines of code. How does a code review catch anything? If a company has a backdoor, why on earth would they provide it in a source review? Just remove the backdoor, submit the files, and pass. Source review seems like a waste of time, how do they, or did they ensure the source they were reviewing is the source that's in the application? Perhaps they did the review, compiled, packaged, then copied to memory for installation?

    1. Re:How do code reviews do anything? by Theaetetus · · Score: 1

      Enterprise software is so complex that there must be thousands of source files with hundreds of thousands of lines of code. How does a code review catch anything? If a company has a backdoor, why on earth would they provide it in a source review? Just remove the backdoor, submit the files, and pass. Source review seems like a waste of time, how do they, or did they ensure the source they were reviewing is the source that's in the application? Perhaps they did the review, compiled, packaged, then copied to memory for installation?

      I think at a minimum, the best practices for any source code review include compiling and packaging, and at least calculating a hash of the executable and comparing it to a hash of the distributed product executable.

      I agree, you shouldn't immediately trust distributed software just because they open sourced it, but rather, the point is that you can roll your own and/or compare it to the distributed version to make sure they're the same.

    2. Re:How do code reviews do anything? by Anonymous Coward · · Score: 0

      I have been involved in a source code review performed for/by FSB, that is "Russian government." It involved an security product roughly comparable to McAfee, with millions of lines of code, and the review was necessary in order to sell the product for certain close-to-government markets in Russia.

      The way code reviews were set up made it glaringly obvious it was practically impossible to use these audits to spot anything but the most obvious backdoors, not to mention that such audits would be a security risk for sensibly designed piece of software. If your product relies on bad engineering, unfounded marketing promises or security by obscurity, maybe you're in hot water in such a review. If you actually do solid and honest engineering and have thought out your product, it's just a bureaucratic hurdle (surely quite a big one, but still). To an extent these reviews are a protectionist measure, but I actually believe they also serve a genuine purpose, and only in the case of the worst products, cause any security risk to the users.

      Sadly I think large portions of the IT security product market are not properly engineered, and hugely inflate their capabilities. From average customer viewpoint, apart from maybe the largest governments, it's very hard to spot the difference between well engineered and benchmark-optimized product. Utterly bad engineering does become evident in source reviews, though. At the same time, reviews where FSB has no chance to, for instance, acquire a copy of source code they could transport from the site, it's pretty far-fetched to think they could find vulnerabilities in the source code (without somehow exposing this find to the company under scrutiny), unless it's utter crap. And if it is, often they could find out this just by looking at the binary.

      I believe McAfee knows all this very well. Also, on basis of hands-on torture of their products I do know they *are* crap, like most antivirus/antimalware products. I actually fear that many targeted attacks would first attempt to exploit the antivirus product in use, they're that bad, and McAfee is in no way better than the rest.

    3. Re:How do code reviews do anything? by Anonymous Coward · · Score: 0

      So true! Anti-virus is crap. It's a fraud. Always has been. Give me the code. That's what I really want. I want openly developed code where every patch is reviewed as its submitted.

  20. Why do you use McAffee again? by Anonymous Coward · · Score: 0

    Because it makes no sense. Avast is pretty good, but had a serious breach recently, that only leaves Kaspersky and F-Secure as the major non-American AV suites which are not required to either let NSA in, or to conveniently ingore certain malwares.

  21. Re: Maybe if Russia stops meddling in our election by Anonymous Coward · · Score: 0

    This is all bullshit. All it means is the government of the Russian Federation is not going to use McAffee products anymore, but a domestic product. Russia usually wins going that route of cutting out a foreign competitor in favor of domestic productions, much like the sanctions have strengthened the RF economy instead of weakening it.

  22. Re: Maybe if Russia stops meddling in our election by Archangel+Michael · · Score: 2

    The amount of Russian Meddling in our elections is by far, much less than the Obama Administration Meddling in Israeli elections.Perhaps the world should stop doing business with the US who meddles everywhere all the time, then whines when 100,000 facebook ad campaign is all the "proof" of meddling by Russians shows up.

    --
    Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
  23. won't use it anyway by Anonymous Coward · · Score: 0

    I don't use an OS that needs a virus scanner, but if I did I'd just use Kaspersky. Even if the Russians put backdoors in it, I'm less worried about them showing up at my door.

  24. Pretend the headlines are from The Onion by Anonymous Coward · · Score: 0

    love the spin. lol.

  25. It's a "war" amongst equally untrustworthy parties by jbn-o · · Score: 1

    McAfee, Norton, and Kaspersky all have the same problem: they're all nonfree software. No one of them is more trustworthy than the others because none of them give users the freedom to run, inspect, share, and modify the program at any time for any reason.

    --
    Digital Citizen
  26. So, a new backdoor was just added? by Anonymous Coward · · Score: 0

    First Symantec and now McAfee. More likely explanation is NSA just added a new backdoor to these two AV software, and they don't want anyone else to find out.

    Combined with the smear campaign against Kaspersky, they want to maximise the coverage of their new backdoor..

  27. Re: Maybe if Russia stops meddling in our election by Anonymous Coward · · Score: 0

    LOL, you can't decide whether to deflect with Hillary falsehoods, or Obama. What a pathetic little cocksucker you are.