By Jennifer LeClaire TechNewsWorld Part of the ECT News Network
08/01/06 2:03 PM PT
McAfee confirmed Tuesday that a flaw in some versions of its security sofware for consumer PCs may leave users open to attackers. The vulnerability affects McAfee's Internet Security Suite, SpamKiller, Privacy Service and Virus Scan Plus titles. A patch is slated to be released on Wednesday, McAfee said.
McAfee on Tuesday confirmed that consumer versions of its leading software for securing PCs is vulnerable to a flaw that could leave users open to hackers.
Security software developer eEye discovered the vulnerability on July 19 and reported it to McAfee. The flaw means attackers could retrieve passwords and other sensitive personal information stored on a user's computer. An attack could also lead to complete system compromise at which point an attacker could install Trojans, modify or delete files, or perform any other activity as a normal logged-on user would.
The vulnerability affects McAfee's Internet Security Suite, SpamKiller, Privacy Service and Virus Scan Plus titles, according to eEye. The firm rates the severity as "high."
McAfee's Response
McAfee spokesperson Siobhan MacDermott confirmed that the company created a patch on July 25. The patch is now in quality assurance testing, with consumer distribution planned for Wednesday.
McAfee is in the process of informing its customers about the security flaw and is asking users to verify that they have received the latest update by visiting www.macafee.com/us/support/default.asp or calling 888-622-3911.
"In order for someone to accomplish the exploit, an attacker would need to remotely execute arbitrary code, which requires assistance by an authenticated end user in order to be successfully exploited," MacDermott told TechNewsWorld. "This vulnerability does not affect our Falcon 2007 consumer products."
Bad Timing for McAfee
The publicity black eye comes at a bad time with McAfee announcing a new line of security products this week. McAfee on Tuesday unveiled an identity theft protection system designed to thwart social engineering attacks including spyware, spam and other malicious programs through with its next generation of security service suites.
Both McAfee Internet Security Suite and McAfee Total Protection intend to offer theft protection to prevent the multiple scams that identity thieves use to target unprotected -- or under-protected consumers.
Then again, some subscribe to the theory that there is no such thing as bad publicity. McAfee knew a public announcement of the vulnerability was forthcoming, but stood strong in its new product announcements nonetheless.
"Consumers have grown increasingly concerned about protecting their personally identifiable information as they search, browse and transact online," said Marc Solomon, Director of Product Management, McAfee Consumer.
"With our new suites, McAfee arms consumers with improved and new technologies protecting them from traditional threats such as viruses, Trojans and spyware, as well as solutions for emerging threats such as rootkits," he continued.
A Proactive Approach
A recent Harris Interactive (Nasdaq: HPOL) survey reported that while 88 percent of computer users have antivirus software on their PCs, 65 percent of them have postponed updating the programs.
To address this issue, all of the McAfee suites are offered via subscription and provide automatic updates and upgrades which download so consumers' activities are not disrupted.
Firefox a Growing Target for Hackers August 01, 2006
While the Firefox browser has generally been considered a more secure alternative to Microsoft's Internet Explorer, its increased market share and corporate deployment have finally made it a worthwhile target for malware authors. Users are advised to start treating Firefox with the same level of security preparedness they used to reserve only for IE.
Related Stories
Yahoo Teams With Symantec on Web Security July 25, 2006
Yahoo and Symantec will join forces to provide a co-branded Web security service. The two firms plan to market the new service across Yahoo's network, including it within its mail service and inside other Web tools. The companies will also develop a co-branded toolbar that will have automatic links to more security resources, such as spyware.
Microsoft Kicks Off Security Push With Antigen June 07, 2006
"There's a spectrum from 'no way, ever,' to 'wait and see,'" IT-Harvest Chief Research Analyst Richard Stiennon told TechNewsWorld. "This is going to be a product, certainly in the enterprise, that people aren't going to deploy just because it's Microsoft."
Related News Alerts
More by Jennifer LeClaire
The Digital Car: Cool Automotive Accessories, Part 2 January 16, 2007
Not all the latest high-tech automotive electronics are built to entertain. Many give the driver more information and more control. Vehicle tracking devices can tell where the car is at any time, software installed in a smartphone can turn off a vehicle's security system whenever the owner approaches, and diagnostic tools can tell what's wrong with the engine -- and how much it'll be to fix it.
'World of Warcraft' Wows 8 Million Subscribers January 12, 2007
"World of Warcraft," the massively multiplayer online role-playing game, has reached the 8 million subscriber mark. Since debuting in North America in Nov. 2004, "World of Warcraft" has become the most popular MMORPG in the world. The franchise is available in seven different languages and is played on at least four continents.
AT&T Bids Goodbye to Cingular Brand January 12, 2007
Starting Monday, AT&T will launch a multimedia campaign to transition the Cingular Wireless brand name into its advertising and customer communications. The campaign will integrate popular imagery, phrases and icons from Cingular's traditional advertising, including the "raising the bar" tagline, the "Jack" character and the color orange.
Headline Feeds
Talkback: 
