Basex CEO and analyst Jonathan Spira said the flaw should highlight for consumers the importance of updates. "If a customer does not subscribe to the update, they have basically terminated their relationship with McAfee, as the whole point of updates is to ensure that the system is updated," he said.
Is Your Website Killing Customer Confidence?
Your Website's privacy policy can be a key factor in a customer's decision to do business with you, and it is vital to ensuring you don't run afoul of your online legal and regulatory responsibilities. Need more reasons? Read on.
Intrusion detection and prevention systems provider Internet Security Systems (Nasdaq: ISSX) (ISS) issued a "protection advisory" targeting older versions of McAfee's anti-virus software engine last Thursday.
Attackers are able to trigger a stack overflow within the process importing the McAfee AntiVirus Library, according to ISS.
This vulnerability, which can be triggered by an unauthenticated remote attacker without user interaction, affects both the VirusScan and GroupShield McAfee product lines.
According to the posted ISS advisory: "Compromise of antivirus protected networks and machines may lead to exposure of confidential information, loss of productivity, and further network compromise. ... Successful exploitation of this vulnerability could be used to gain unauthorized access to networks and machines being protected by McAfee AntiVirus Library product."
Basex CEO and chief analyst Jonathan Spira told TechNewsWorld that though the flaw is important, it represents a relatively minor speed bump on the information superhighway.
"Obviously, the security flaw which was uncovered is significant," Spira said. "But putting this in perspective, it's not terribly different than the news about vulnerabilities in Microsoft (Nasdaq: MSFT) IE that come out on a regular basis."
McAfee stated that if users download the company's latest security signatures, the hole will be plugged.
Spira said it may be ironic for a security company to face a security flaw, but McAfee is not the only one. The fact that is was found on older versions and subsequently corrected, he said, should propel customers to maintain regular updates.
"If a customer 
does not subscribe to the update, they have basically terminated their relationship with McAfee, as the whole point of updates is to ensure that the system is updated," he said.
Print Version
E-Mail Article
Reprints
More by Jennifer LeClaire
Next Article in Security
|
Online Banking Gets Bad Rap March 21, 2005 
The updated report from the Better Business Bureau study shows that fear has unrealistically worsened. "Our numbers show that fears about online identity fraud may be out of proportion to the relative risk, causing consumers to ignore the most glaring issues," Javelin's founder and chief analyst, James Van Dyke, said.
|
Related Stories
|
Another Security Flaw Found in IE January 17, 2005 
Symantec Corp. issued an advisory based on the publication of the latest Internet Explorer flaw. The company said that IE's download-detection function can be overridden by certain combinations of coding that includes an automatic download function and other HMTL coding tags.
|
Related News Alerts
More by Jennifer LeClaire
|
The Digital Car: Cool Automotive Accessories, Part 2 January 16, 2007 
Not all the latest high-tech automotive electronics are built to entertain. Many give the driver more information and more control. Vehicle tracking devices can tell where the car is at any time, software installed in a smartphone can turn off a vehicle's security system whenever the owner approaches, and diagnostic tools can tell what's wrong with the engine -- and how much it'll be to fix it.
|
'World of Warcraft' Wows 8 Million Subscribers January 12, 2007 
"World of Warcraft," the massively multiplayer online role-playing game, has reached the 8 million subscriber mark. Since debuting in North America in Nov. 2004, "World of Warcraft" has become the most popular MMORPG in the world. The franchise is available in seven different languages and is played on at least four continents.
|
AT&T Bids Goodbye to Cingular Brand January 12, 2007 
Starting Monday, AT&T will launch a multimedia campaign to transition the Cingular Wireless brand name into its advertising and customer communications. The campaign will integrate popular imagery, phrases and icons from Cingular's traditional advertising, including the "raising the bar" tagline, the "Jack" character and the color orange.
|
Get Business and Technology News Alerts
Most Popular | Spotlight Features | Exclusives
This Week on ECT News Network | Podcasts
Online Retail Transaction Performance Indices
Inside E-Commerce Times
|
Reader Services
|
Corporate
|
Headline Feeds
Talkback: 
