ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

Critical holes found in McAfee consumer products

Dawn Kawamoto CNET News.com

Published: 02 Aug 2006 10:55 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

McAfee has patched flaws in its SecurityCenter software, pervasive technology found in all of its consumer products from VirusScan to Total Protection to its Internet Security Suite.

The company has sent out a SecurityCenter 7.0 update to address the vulnerabilities, which could allow intruders to gain remote control of PCs Systems if the user clicks on a link to a malicious Web site, according to a security bulletin posted by McAfee on Monday.

The problems relate to SecurityCenter 4.3 through 6.0.22, the company said. Consumers who prefer to stay with these older versions should expect to receive a security patch from McAfee on Wednesday. Enterprise versions of the software were not affected by the flaws, McAfee noted.

SecurityCenter is designed to provide people with information on the security status of their system with one click of a mouse. It is geared toward consumers and small businesses.

"SecurityCenter is a consumer product, so the level of defense is less than a corporate network," said Mike Puterbaugh, a spokesman for eEye Digital Security, which discovered and reported the flaw to McAfee.

eEye rates the vulnerabilities as "highly critical", due to its potential to allow remote execution of code. McAfee, however, rates the flaws as a "medium" threat, because it requires user intervention to take effect.

Consumers also tend to be less likely to install updates, unless they are clearly labeled as a security update, Puterbaugh said.

McAfee, which was notified by eEye of the SecurityCenter flaws on 19 July, said it has yet to receive any reports of systems being compromised.

Some customers have complained that the SecurityCenter 7.0 update caused Microsoft ActiveSync to fail when they tried to sync up their handheld computers. McAfee is reviewing the matter, a company representative said.

The SecurityCenter vulnerabilities mark the second time within a month McAfee has been notified by eEye of flaws in its software. Earlier in July, eEye announced it had found a flaw in McAfee's ePolicy Orchestrator, a centralised security management and monitoring console used by corporate customers. The flaw, which required no user interaction to exploit, was located in the Framework Service component of the console.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with Dell

Did you find this article useful?
85 out of 154 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:





Related Jobs

SAS Programmer - SAS Base, SAS ETL, SAS Console - Berkshire - Urgent

Console - as well as skills in Data Integration Studio and ETL tools. SAS Programmer required for a business critical SAS project at a retail giant ...

SAP Consumer Commerce and Industry Tech. Architect, 100k - 110k Base

It is essential that you have experience in the Consumer Commerce and Industry area and have proven capability in translating business needs into ...

Quality Lead - Unilever - Level C-00055185

As the Units Quality Lead, you will be responsible for the following activities: Interaction with key stakeholders to coordinate activities related ...

Featured Talkback

What was achieved there is recognised to be of fundamental importance to both winning the war (Churchill visited to say 'thank you' to them) and the development of the computer. Maybe Bill Gates doesn't want to support this museum because it underlines where electronic computing started i.e. here, not the U.S.

By: 1000103773

Read full story:
Bletchley Park faces bleak future

Sentry Posts Blog

Mobile Security Expert: Your Camera Ph...

Mobile Security Expert: Your Camera Phone Got Hacked Author: Eric Everson, Founder MyMobiSafe.com Have you ever heard someone say “I’d like to be a fly on the wall in that room.”?... More

Post a comment

Skype - The Roach Motel

Here is an interesting article from The National Business Review, pointing out once again that you can never delete a Skype account. Never. Period. This is something I am familiar... More

Post a comment

The vPhone: Why Visa Should Go Mobile

The vPhone: Why Visa Should Go Mobile Author: Eric Everson, Founder MyMobiSafe.com With all of the success of Apple’s iPhone, there is a growing case to support a company like Visa... More

Post a comment

Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers