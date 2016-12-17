McAfee Takes Six Months To Patch Remote Code Exploit In Linux VirusScan Enterprise (theregister.co.uk) 45
mask.of.sanity writes: A researcher has reported 10 vulnerabilities in McAfee's VirusScan Enterprise for Linux that when chained together result in root remote code execution. McAfee took six months to fix the bugs issuing a patch December 9th.
Citing the security note, CSO adds that "one of the issues affects Virus Scan Enterprise for Windows version 8.7i through at least 8.8." The vulnerability was reported by Andrew Fasano at MIT's federally-funded security lab, who said he targeted McAfee's client because "it runs as root, it claims to make your machine more secure, it's not particularly popular, and it looks like it hasn't been updated in a long time."
How common is it for Linux systems to have discrete anti-virus software running on them?
Nowadays it's unheard of. Everybody uninstalled antivirus on linux because of the false positives from systemd.
Last company I worked for before I retired in 2010, had a compute cluster of a bit over 100 Dell 1U servers running, at the time, RHEL3/4. One of my tasks at the time was to upgrade them from RHEL3/4 to 5.. I suggested going with CentOS5 to save some serious $$$. I was shot down, as the PTB decided that RHEL5 was the way they would go, AND each node would get McAfee AV. Cue me shuddering.. Fortuantly, the PTB got a quote from Redhat that apparently shocked even them and I was given the goahead to use CentOS
They can be used to scan emails coming in our out of your mail server; scan files on web servers for thing that might there to be infect other end points, etc. As to how common it is in the "real world," I don't know. I remember arguing about a requirement to support Mcafee with DISA a while back because running a competitor's product on the control plane of our own certainly was a non-starter, but they had a requirement around it. We won the argument, but it took some doing.
Yep, between the net & user Windows. IPS for L (Score:2)
Exactly as he said. You put profesionally managed Linux or FreeBSD boxes directly connected to the internet, between the net and your users on Windows desktops. Especially 5-20 years ago, when Windows was SO vulnerable, it made (and makes) good sense to put some protection between the users and the internet.
To protect *nix boxes, especially servers, some people use an intrusion detection system / intrusion prevention system (IDS/IPS). You can set it to alert you if any files change on the server, other t
McAfee is only for the clueless (Score:3)
You can tell a company IT department is run by clueless morons if they install McAfee products, which have always caused many more problems then they've prevented.
I know it's a good thing we run Symantec here
... Oh wait :-(
Actually is there any good AV solution for an IT department? And no saying telling users not to click on attachments won't fly?
Yes, its called Linux.
Really? I can run IE 6 apps on Linux? I can read CIsco SecureEmail emails on Linux? I can get a decent email client with calandar functionality compatible with MS Exchange on Linux? I can set GPO for HIPPA compliance like banning printing on a OU folder on Linux? I can deploy applications with SCCM on Linux?
I have Symantec Disk Encryption compability on Linux?
McAffee was good but is now junk (Score:2)
Many years ago, McAfee was a good AV product but it has been junk for several years now. Unfortunately, it is getting tough to find a reliable AV that is suitable for computer literate customers. This story is not the only example of McAfee actually reducing the security of the machines it is installed on.
In the past, I encouraged people in a business environment to used the AV product that they preferred. That diversity can help to catch threats that a single product misses. Those with McAfee installed
Nod32, Kaspersky, MalwareBytes, Webroot, these have too many drawbacks or false positives or performance hits?
None of those are enterprise ready. So why corporations only use Mcrappy or Symantec? Because of endpoint enterprise management and custom GPOs. For example if you have an infected station the policies can remove it from the the domain and the Cisco port can be disabled automatically
They were probably pretty shocked to learn that anyone was using this product. Or perhaps that they even made it at all.