RSSFlaw Found in 2006 McAfee Products
By Ed Oswald | Published August 1, 2006, 12:26 PM
A flaw in many of McAfee's security products could open up users to a data exposure risk, security firm eEye Digital Security warned late Monday. Among the programs affected are Internet Security Suite, SpamKiller, Privacy Service and Virus Scan Plus, although the 2007 versions, released Saturday, are immune.
McAfee has confirmed the flaws and is working on a fix, saying a patch would be delivered automatically to subscribers by midweek. No known attacks have been reported to be taking advantage of the vulnerability. Exploit code is not available on the Web, researchers said, thus it's likely no attacks would occur.
"A flaw exists in multiple McAfee consumer products that could allow an attacker the ability to execute arbitrary commands on the vulnerable systems," eEye warned in its advisory.
"This can lead to complete system compromise at which point an attacker could install trojans, modify/delete files, or perform any other activity as a normal logged on user would."
A similarly dangerous flaw was discovered by the firm in May affecting Symantec products. In that issue, after the vulnerability is exploited, a hacker gains access to the command shell and is able to perform just about any action. The hole was patched quickly by Symantec.
eEye had also detected a flaw in McAfee programs protecting business computers in mid-July. However, unlike the consumer vulnerability the issue had been already addressed. McAfee said it did not warn customers of that problem, leading to criticism last month.
I recall a Mcafee product used in about 1999. Never looked back. Will never consider it.
Score: 0
|big ****ing suprise there right? Is there a company which sucks more than mcafee? PC_Tool sums it up nice :/
Score: 0
|For it's features and reliability, it's decent enough. My main issue is with the massive amount of 'components' one has to deal with on an un-install (also the source of most of the bloat and resource usage).
If they were to consolidate these *components* into one application / service, they'd cut down on the uninstall nightmare and bloat, the resource usage would likely go down quite a bit as well. (No longer using 6 processes to get the job done of one.)
Norton I.S. is as bad, if not worse in this regard.
What we need is better control over the XP firewall and a decent corporate-approved app like NOD32 (Spyware / Virus / Threat Database AIO).
But take this with a grain of salt as it's coming from an admitted NOD32 fanboy. ;)
Score: 0
|Flaw Found in 2006 McAfee Products
Aside from the bloat, horrible un-installs, and resource hogging?
Didn't think it could get much worse. ;)
Score: 0
|Agreed.
Score: 0
|