lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <003201c42fe9$0e292740$6500a8c0@p41700>
From: chows at ozemail.com.au (Gregh)
Subject: Macafee Stupid Little Tricks continue

This isnt anything but an annoying "feature" but to some, like an annoying
"Feature" that Windows had last year that we all remember well....Blaster.

Mcafee Virusscan and Spamkiller 5 both act through their Security Centre
program. This means that all are linked. Uninstalling one product does not
necessarily clear programming problems up, from Mcafee.

With this in mind, it has become apparent, recently, that with the ever
increasing popularity of Bagle to produce new variants, that Mcafee has a
problem. If you receive a few Bagle worms in email or a few Netsky (or
variants of either) or a mixture of both, when it comes in to Spamkiller,
Virusscan knows this and rightly deletes it. Unfortunately, Spamkiller 5
doesnt like this but continues to work OK for the moment. The problem arises
when one, or more, of the worms arriving actually arrives from an address
marked as a friend. Those emails go into the "accepted mail" pile. When you
review them with Spamkiller and find that they ARE infected emails and you
choose to BLOCK them or block any OTHER email (eg, new spam, junkmail from a
real friend etc), Spamkiller loses contact with all it's email in both the
accepted emails and the blocked emails piles. The entire screen shows as if
nothing is waiting. Spamkiller 5 continues to pick up mail at it's set
period and also continues to block spam it knows about. However, it will not
display any email UNTIL you reboot.

>From that example above, you can see that any business who has both
Spamkiller 5 and Virusscan installed - which REQUIRES Security Centre to be
installed, too - loses track of incoming email. If the user knows to reboot
the machine, they have lost time while it does that.

Mcafee have been informed about this on a few occasions by me. The only
reply they can give to fix this is to fully uninstall *ALL* Mcafee products
then go through their manual registry removal document to get rid of the lot
THEN reinstall it all. On even SMALL installations of say 5 users if all of
them have these products installed on all machines, that can be hours doing
this and setting personal filters back on again. It also does NOT solve the
problem as it always comes back.

Conclusion:

Until Mcafee gets up off their backsides and fixes this one, your Windows
users are well advised to consider their alternatives. Eg, no Mcafee
product, alternatives to either of those products if they insist on keeping
one or if they dont want to give up any Mcafee product, tell them they must
keep rebooting every time it happens which can be quite a few times a day.

Tested only on XPSP1 so far. I have Win 98SE users and 2K users at different
installations and have had to steer them away from Mcafee for now until they
fix this.

Greg.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ