Advertisement
Promo

Security threats Toolkit

Critical holes found in McAfee consumer products

Dawn Kawamoto CNET News

Published: 02 Aug 2006 10:55 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

McAfee has patched flaws in its SecurityCenter software, pervasive technology found in all of its consumer products from VirusScan to Total Protection to its Internet Security Suite.

The company has sent out a SecurityCenter 7.0 update to address the vulnerabilities, which could allow intruders to gain remote control of PCs Systems if the user clicks on a link to a malicious Web site, according to a security bulletin posted by McAfee on Monday.

The problems relate to SecurityCenter 4.3 through 6.0.22, the company said. Consumers who prefer to stay with these older versions should expect to receive a security patch from McAfee on Wednesday. Enterprise versions of the software were not affected by the flaws, McAfee noted.

SecurityCenter is designed to provide people with information on the security status of their system with one click of a mouse. It is geared toward consumers and small businesses.

"SecurityCenter is a consumer product, so the level of defense is less than a corporate network," said Mike Puterbaugh, a spokesman for eEye Digital Security, which discovered and reported the flaw to McAfee.

eEye rates the vulnerabilities as "highly critical", due to its potential to allow remote execution of code. McAfee, however, rates the flaws as a "medium" threat, because it requires user intervention to take effect.

Consumers also tend to be less likely to install updates, unless they are clearly labeled as a security update, Puterbaugh said.

McAfee, which was notified by eEye of the SecurityCenter flaws on 19 July, said it has yet to receive any reports of systems being compromised.

Some customers have complained that the SecurityCenter 7.0 update caused Microsoft ActiveSync to fail when they tried to sync up their handheld computers. McAfee is reviewing the matter, a company representative said.

The SecurityCenter vulnerabilities mark the second time within a month McAfee has been notified by eEye of flaws in its software. Earlier in July, eEye announced it had found a flaw in McAfee's ePolicy Orchestrator, a centralised security management and monitoring console used by corporate customers. The flaw, which required no user interaction to exploit, was located in the Framework Service component of the console.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
85 out of 154 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:





Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

McKinnon lawyers seek judicial review

Lawyers seeking a judicial review for Nasa hacker Gary McKinnon lodged fresh evidence of his psychiatric state at the High Court on Thursday. Karen Todner, McKinnon's solicitor,... More

1 comment

Beware of keeping your head in the clo...

Information security professionals can look forward to a deepening appreciation for their skills as security continues to be recognised as an essential element for doing business in... More

1 comment

Civil liberties groups attack file-sha...

Civil liberties and digital rights organisations have strongly criticised Lord Mandelson's Digital Economy Bill. Liberty said in a position paper on Tuesday that the bill, part of... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters