SECURITY

McAfee Security Flaw Highlights Need for Updates

Print Version
E-Mail Article
Reprints

By Jennifer LeClaire
TechNewsWorld
03/21/05 8:19 AM PT

Basex CEO and analyst Jonathan Spira said the flaw should highlight for consumers the importance of updates. "If a customer does not subscribe to the update, they have basically terminated their relationship with McAfee, as the whole point of updates is to ensure that the system is updated," he said.


Be a Rockstar to Your Marketing Department
These days, IT staffers work to fulfill a lot of requests. Like finding an email marketing solution for your marketing department. Lyris ListManager is the robust, scalable, and easily integrated solution your team needs. Download your free trial version today.

Intrusion detection and prevention systems provider Internet Security Systems (Nasdaq: ISSX) Latest News about Internet Security Systems (ISS) issued a "protection advisory" targeting older versions of McAfee's anti-virus software engine last Thursday.

Attackers are able to trigger a stack overflow within the process importing the McAfee AntiVirus Library, according to ISS.

Assessing Vulnerability

This vulnerability, which can be triggered by an unauthenticated remote attacker without user interaction, affects both the VirusScan and GroupShield McAfee product lines.

According to the posted ISS advisory: "Compromise of antivirus protected networks and machines may lead to exposure of confidential information, loss of productivity, and further network New HP LaserJet P4014n Printer Starting at $699 after $100 instant savings. compromise. ... Successful exploitation of this vulnerability could be used to gain unauthorized access to networks and machines being protected by McAfee AntiVirus Library product."

Don't Panic

Basex CEO and chief analyst Jonathan Spira told TechNewsWorld that though the flaw is important, it represents a relatively minor speed bump on the information superhighway.

"Obviously, the security flaw which was uncovered is significant," Spira said. "But putting this in perspective, it's not terribly different than the news about vulnerabilities in Microsoft (Nasdaq: MSFT) Free Trial. Security Software As A Service From Webroot. Latest News about Microsoft IE that come out on a regular basis."

Regular Updates

McAfee stated that if users download the company's latest security signatures, the hole will be plugged.

Spira said it may be ironic for a security company to face a security flaw, but McAfee is not the only one. The fact that is was found on older versions and subsequently corrected, he said, should propel customers to maintain regular updates.

"If a customer does not subscribe to the update, they have basically terminated their relationship with McAfee, as the whole point of updates is to ensure that the system is updated," he said.

Social Networking Toolbox:
Talkback: Be the first to comment on this story.

Print Version E-Mail Article Reprints More by Jennifer LeClaire   RSS

Don't miss a story -- sign up for our FREE e-mail newsletters and view the latest headlines at a glance.
Tech News Flash [ View Sample ]
E-Commerce Minute [ View Sample ]
ECT News Network Weekly Newsletter [ View Sample ]