Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Businesses Security IT Linux

McAfee Takes Six Months To Patch Remote Code Exploit In Linux VirusScan Enterprise (theregister.co.uk) 45

mask.of.sanity writes: A researcher has reported 10 vulnerabilities in McAfee's VirusScan Enterprise for Linux that when chained together result in root remote code execution. McAfee took six months to fix the bugs issuing a patch December 9th.
Citing the security note, CSO adds that "one of the issues affects Virus Scan Enterprise for Windows version 8.7i through at least 8.8." The vulnerability was reported by Andrew Fasano at MIT's federally-funded security lab, who said he targeted McAfee's client because "it runs as root, it claims to make your machine more secure, it's not particularly popular, and it looks like it hasn't been updated in a long time."
This discussion has been archived. No new comments can be posted.

McAfee Takes Six Months To Patch Remote Code Exploit In Linux VirusScan Enterprise

Comments Filter:
  • by Anonymous Coward

    And I fired him that day.

  • by pete6677 ( 681676 ) on Saturday December 17, 2016 @10:50PM (#53506117)

    You can tell a company IT department is run by clueless morons if they install McAfee products, which have always caused many more problems then they've prevented.

    • I know it's a good thing we run Symantec here ... Oh wait :-(

      Actually is there any good AV solution for an IT department? And no saying telling users not to click on attachments won't fly?

      • Yes, its called Linux.

        • Really? I can run IE 6 apps on Linux? I can read CIsco SecureEmail emails on Linux? I can get a decent email client with calandar functionality compatible with MS Exchange on Linux? I can set GPO for HIPPA compliance like banning printing on a OU folder on Linux? I can deploy applications with SCCM on Linux?

          I have Symantec Disk Encryption compability on Linux?

  • Many years ago, McAfee was a good AV product but it has been junk for several years now. Unfortunately, it is getting tough to find a reliable AV that is suitable for computer literate customers. This story is not the only example of McAfee actually reducing the security of the machines it is installed on.

    In the past, I encouraged people in a business environment to used the AV product that they preferred. That diversity can help to catch threats that a single product misses. Those with McAfee installed

  • They were probably pretty shocked to learn that anyone was using this product. Or perhaps that they even made it at all.

Science is to computer science as hydrodynamics is to plumbing.

Working...