Print this article  |  E-mail this article  |  Comment on this article

Flaw Found in 2006 McAfee Products

By Ed Oswald, BetaNews

August 1, 2006, 12:26 PM

A flaw in many of McAfee's security products could open up users to a data exposure risk, security firm eEye Digital Security warned late Monday. Among the programs affected are Internet Security Suite, SpamKiller, Privacy Service and Virus Scan Plus, although the 2007 versions, released Saturday, are immune.

McAfee has confirmed the flaws and is working on a fix, saying a patch would be delivered automatically to subscribers by midweek. No known attacks have been reported to be taking advantage of the vulnerability. Exploit code is not available on the Web, researchers said, thus it's likely no attacks would occur.

"A flaw exists in multiple McAfee consumer products that could allow an attacker the ability to execute arbitrary commands on the vulnerable systems," eEye warned in its advisory.

"This can lead to complete system compromise at which point an attacker could install trojans, modify/delete files, or perform any other activity as a normal logged on user would."

A similarly dangerous flaw was discovered by the firm in May affecting Symantec products. In that issue, after the vulnerability is exploited, a hacker gains access to the command shell and is able to perform just about any action. The hole was patched quickly by Symantec.

eEye had also detected a flaw in McAfee programs protecting business computers in mid-July. However, unlike the consumer vulnerability the issue had been already addressed. McAfee said it did not warn customers of that problem, leading to criticism last month.

Add a Comment (5 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By mjm01010101

posted Aug 1, 2006 - 4:47 PM

I recall a Mcafee product used in about 1999. Never looked back. Will never consider it.

Score: 0

By debonair

posted Aug 1, 2006 - 1:05 PM

big ****ing suprise there right? Is there a company which sucks more than mcafee? PC_Tool sums it up nice :/

Score: 0

By PC_Tool

posted Aug 1, 2006 - 2:45 PM

For it's features and reliability, it's decent enough. My main issue is with the massive amount of 'components' one has to deal with on an un-install (also the source of most of the bloat and resource usage).

If they were to consolidate these *components* into one application / service, they'd cut down on the uninstall nightmare and bloat, the resource usage would likely go down quite a bit as well. (No longer using 6 processes to get the job done of one.)

Norton I.S. is as bad, if not worse in this regard.

What we need is better control over the XP firewall and a decent corporate-approved app like NOD32 (Spyware / Virus / Threat Database AIO).

But take this with a grain of salt as it's coming from an admitted NOD32 fanboy. ;)

Score: 0

By PC_Tool

posted Aug 1, 2006 - 12:57 PM

Flaw Found in 2006 McAfee Products

Aside from the bloat, horrible un-installs, and resource hogging?

Didn't think it could get much worse. ;)

Score: 0

By GCoder

posted Aug 1, 2006 - 1:04 PM

Agreed.

Score: 0

Nov 21 - 9:29 PM ET Hurd's the word in Ballmer's e-mail nightmares

Nov 21 - 6:51 PM ET Coalition urges better laws for e-mail and cell phone privacy

Nov 21 - 6:42 PM ET How is Internet advertising faring in this bad economy?

Nov 21 - 6:15 PM ET From out of the Amazon Cloud, an AWS winner emerges

Nov 21 - 5:20 PM ET Mufin music finder enters public beta, adds widgets

Nov 21 - 5:01 PM ET Google launches its SearchWiki semantics plug-in

Nov 21 - 4:57 PM ET Asus previews a slimmer, less costly Eee PC

Nov 21 - 4:32 PM ET New Adobe Media Player ushers in AIR 1.5

Nov 21 - 2:11 PM ET AT&T to add Pantech's low-cost C630 phone to 3G lineup

Nov 21 - 1:11 PM ET iPhone gets firmware 2.2 update