Advertisement
  • About the Author
  • About this Blog

    • Posts Tagged: mcafee

    Other / Time to Patch14 Comments
    20
    Jul 10

    Adobe: ‘Sandbox’ Will Stave Off Reader Attacks

    Adobe Systems Inc. said today the next release of its free PDF Reader application will include new “sandbox” technology aimed at blocking the exploitation of previously unidentified security holes in its software.

    Sandboxing is an established security mechanism that runs the targeted application in a confined environment that blocks specific actions by that app, such as installing or deleting files, or modifying system information. Adobe said that in developing the sandbox technology, it relied on experts from Microsoft and Google (the latter already has incorporated sandboxing into its Chrome Web browser).

    “The idea is to run Reader in a lower-privilege mode so that even if an attacker finds an exploit or vulnerability in Reader, it runs in lower rights mode, which should block the installation of [malware], deleting things on the system, or tampering with the [Windows] registry,” said Brad Arkin, director of product security and privacy at Adobe.

    Even if only somewhat effective, the new protections would be a major advancement for one of the computing world’s most ubiquitous and oft-targeted software applications. The company is constantly shipping updates to block new attacks: Less than a month ago, Adobe rushed out a patch to plug vulnerabilities that hackers were using to break into vulnerable machines. Security vendor McAfee found that roughly 28 percent of all known software exploits in the first quarter of 2010 targeted Adobe Reader vulnerabilities. According to anti-virus maker F-Secure, Reader is now the most-exploited application for Windows.

    Continue reading →

    Latest Warnings9 Comments
    22
    Apr 10

    Rogue Antivirus Gangs Seize on McAfee Snafu

    Purveyors of rogue anti-virus, a.k.a. “scareware,” often seize upon hot trending topics in their daily efforts to beef up the search engine rankings of their booby-trapped landing pages. So it’s perhaps no surprise that these scammers are capitalizing on search terms surrounding McAfee, which just yesterday shipped a faulty anti-virus update that caused serious problems for a large number of customers.

    Continue reading →

    Latest Warnings / The Coming Storm23 Comments
    21
    Apr 10

    McAfee False Detection Locks Up Windows XP

    McAfee‘s anti-virus software is erroneously detecting legitimate Windows system files as malicious, causing reboot loops and serious stability problems for many Windows XP users, according to multiple reports.

    The SANS Internet Storm Center has received dozens of reports from McAfee users who complained that a recent anti-virus update (DAT 5958) is causing Windows xP Service Pack 3 clients to be locked out. According to SANS incident handler Johannes Ulllrich, McAfee is flagging “svchost.exe” as malicious. Svchost is a common system process typically used by multiple legitimate programs on a Windows system (although malware does often inject itself into this process), so having an anti-virus program that flags the process as a threat could cause major problems on a host system, Ullrich said.

    “The [reports] keep coming in,” Ullrich said. “Systems either get stuck in a reboot loop, or networking is no longer working.”

    One symptom seems to be that McAfee reports that user systems are infected with W32.Wecorl.a. The anti-virus program’s attempts to destroy or quarantine that targeted process then forces the Windows machine into a reboot cycle.

    McAfee’s own support forum is currently queuing up with a large number of users piping in with stories about how the incident is affecting their operations. That thread,which began at 9:54 a.m. today, has more than 27,000 views and 83 replies.

    Stay tuned for more updates as available.

    Update, 1:56 p.m. ET: McAfee released the following statement regarding this event. “McAfee is aware that a number of customers have incurred a false positive error due to incorrect malware alerts on Wednesday, April 21. The problem occurs with the 5958 virus definition file (DAT) that was released on April 21 at 2.00 PM GMT+1 (6am Pacific Time).

    Our initial investigation indicates that the error can result in moderate to significant performance issues on systems running Windows XP Service Pack 3.

    The faulty update has been removed from McAfee download servers for corporate users, preventing any further impact on those customers. We are not aware of significant impact on consumer customers and believe we have effectively limited such occurrence.

    McAfee teams are working with the highest priority to support impacted customers and plan to provide an update virus definition file shortly. McAfee apologizes for any inconvenience to our customers.”

    Update, 3:51 p.m. ET: McAfee’s main support forum is down due to an “unusually large traffic.” McAfee has posted a separate thread here that includes a couple of workarounds for customers struggling to deal with this problem.

    A Little Sunshine / The Coming Storm9 Comments
    14
    Jan 10

    McAfee: Internet Explorer 0day Fueled Attacks on Google, Adobe

    The recent targeted cyber attacks against Google, Adobe and other major companies were fueled in part by a previously unknown — and currently unpatched — security flaw in Microsoft‘s Internet Explorer Web browser, anti-virus vendor McAfee said today.

    McAfee said its investigation revealed that one of the malicous software samples used in the attacks exploited a new, not publicly known vulnerability in IE that is present in all of Microsoft’s most recent operating system releases, including Windows 7.

    Continue reading →