back to article McAfee gaffe a quick AV kill for enterprising staff

Intel Security has fixed a flaw that made it possible to shut down its McAfee Enterprise virus engine, thereby allowing the installation of malware and pirated software. The hotfix addresses an issue that Agazzini Maurizio, senior security advisor at Rome-based consultancy Mediaservice, first warned about 15 months ago. McAfee …

  1. Ole Juul

    responsibility

    Avecto reckoned 97 percent of critical Microsoft vulnerabilities released in 2014 would be mitigated by removing admin rights.

    So for this little user convenience we all have to pay.

    1. LaeMing
      Unhappy

      Re: responsibility

      And 97 percent of the MS-Windows users' need for admin rights are from poorly written (mostly third-party) software who's programmers haven't realised it isn't '98 anymore! (But they still pay for it :-( )

      1. TonyJ

        Re: responsibility

        I hear this time and time again (still) - particularly about Citrix..."but the software needs admin rights"

        And my answer is always the same - "No it doesn't".

        All you need is Sysinternals' process monitor (and this dates back to when they came as filemon and regmon) and filter on the executable of the app(s) for access denied's.

        I have never yet found a piece of software that requires elevated rights that cannot be 'fixed' in this way but people are too lazy to put the effort in or too uneducated about the tools available.

        1. Orv Silver badge

          Re: responsibility

          I have never yet found a piece of software that requires elevated rights that cannot be 'fixed' in this way but people are too lazy to put the effort in or too uneducated about the tools available.

          Or, depressingly often, the software company considers running without admin rights an "unsupported configuration" and won't troubleshoot problems if you set it up that way.

          1. TonyJ

            Re: responsibility

            "...Or, depressingly often, the software company considers running without admin rights an "unsupported configuration" and won't troubleshoot problems if you set it up that way..."

            I must confess that isn't a problem I've ever encountered despite vendor support occasionally being involved. Of course, I'd be happy to show them that changing to an admin account makes no difference and it would always be a test anyway in case anything was missed in the original admin-removal process.

            It was always the same with Citrix - does the problem occur using RDP? Yes - most likely (not always) not a Citrix issue. No - most likely (not always) a Citrix issue.

            I'm intrigued by the downvotes - not that I'm unhappy but I'd love to know the counter arguments of my points? Or was this a case of the same laziness?

            One other thing I've noticed lately - there seems to be a lowering of basic troubleshooting and support skills. Some of it may be down to not having to wrangle with software to the level we used to even only ten years ago, but a significant portion simply seems to be a general lack of understanding. Worrying, really.

    2. AndrueC Silver badge

      Re: responsibility

      ..and if you must have admin rights then at least enable UAC so that you only activate them when needed. Okay so UAC was extremely annoying in Vista but it got a lot better in Win7. I always run with it and the only time it prompts me is when there's a good reason to be prompted.

      The trick is not to just click 'Ok' when prompted. For extra safety don't run as an administrator enabled user anyway and just accept that you'll have to enter credentials to get the rights. That can be confusing though if you're installing software as you won't be installing to your normal user account.

      1. Orv Silver badge

        Re: responsibility

        I run with UAC on too. About the only situation where it's a real problem is when a full-screen program (okay, game) wants network access. The dialog pops up *under* the program where I can't see it. I've learned to Alt-Tab when I hear the ding, but many games react very badly to having focus pulled away when they're in full-screen mode.

    3. DubiousMind

      Re: responsibility

      Avecto can recommend this, because their Defendpoint product provides, securely, the convenience of required rights for Standard Users, negating the need for an Administrator account.

  2. Snowy Silver badge

    Sorry but...

    what as an av going to do with stopping installing pirated software."?

    1. Hans Neeson-Bumpsadese Silver badge

      Re: Sorry but...

      It's far from unknown for pirated versions of software to include a malware payload as well. Install what you think is a hooky copy of Office and get a trojan or two into the bargain.

      1. Snowy Silver badge

        Re: Sorry but...

        @Hans Neeson-Bumpsadese While I do not use pirated software the idea that pirated programs = malware is wrong. Considering a few time genuine programs have included a free gift of Malware.

        1. Orv Silver badge

          Re: Sorry but...

          Think in terms of a corporation doing risk management. Pirated software creates a risk for them, not just in terms of malware, but in terms of getting sued by the BSA if they get audited. McAfee and other AV suites have become central monitoring systems for policy compliance.

  3. Anonymous Coward
    Anonymous Coward

    Local admins rule

    "The flaw requires users or attackers first gain local administrator privileges, a level of access that many organisations lazily afford staff."

    Maybe they're lazy because they don't realize that affording such local admin rights also conferred global kill rights over the AV software too. Ya think?

    1. Pascal Monett Silver badge

      Or maybe it is because the vast majority of companies do not have dedicated IT staff or even someone knowledgeable enough to properly manage what little IT they have, and if they did try to enforce no local admin rights there would be a lynching before noon on the next Monday morning ?

  4. Michael Thibault

    Some confusion here

    >Intel Security has fixed a flaw that made it possible to shut down its McAfee Enterprise virus engine, thereby allowing the installation of malware and pirated software.

    Being able to shut down McAfee... isn't that something of a blessing? So, shouldn't the above read:

    "Intel Security has fixed a flaw that makes it possible to install McAfee Enterprise virus engine, thereby allowing the installation of malware and pirated software."

    Clarity, please.

    1. Lysenko

      Infections...

      McAfee ... playing gonorrhea to Norton's tertiary syphilis.

      Both have been playing havoc with anything requiring multi process write access to ISAM files since the days of Clipper.

    2. Wade Burchette

      Re: Some confusion here

      I was confused too. However, I was wondering would anybody be able to tell McAfee detection was turned off since it couldn't find water standing knee deep in the ocean. And, like walking in the ocean, it slows you down to a crawl, on or off.

  5. Anonymous Coward
    Anonymous Coward

    It is truly near impossible to discover what rights processes need on Windows

    Software written by any other party, including Microsoft themselves is almost impossible to reliably discover the group policy required to operate it. Even MS provide solutions that are "only supported" when running as administrator even when no obvious administrator rights should be required.

    Not usually here to knock any particular OS but Windows can be particularly opaque on this, which then makes it very hard to lock solutions down to least privilege without guessing or attempting to diagnose permissions failures, which themselves can be hard to identify from third party software, even if the permissions are easily fixed.

    So, yes maybe organisations can be described as lazy, I would describe most of the development culture lazy, rather than the organisations attempting to cope.

    1. Sandtitz Silver badge

      Re: It is truly near impossible to discover what rights processes need on Windows

      "Even MS provide solutions that are "only supported" when running as administrator even when no obvious administrator rights should be required."

      Which solutions are those?

  6. wyatt
    WTF?

    I've got admin rights on my work laptop. I did suggest to my IT department that they gave me 2 accounts, a user one and an admin account but they didn't want to..

    1. Lysenko

      If you've got admin rights you can create a secondary account yourself?

      1. Richard 12 Silver badge

        Only locally

        Which doesn't help much.

        1. Lysenko

          It stops you running the local machine with dangerously elevated permissions allowing malware to potentially execute in an administrator context.

    2. DavCrav

      "I've got admin rights on my work laptop. I did suggest to my IT department that they gave me 2 accounts, a user one and an admin account but they didn't want to.."

      It seems our IT department at least has sorted this out. On my laptop I have <username> with no admin privileges and <adminname> with admin privileges.

      On our desktops we don't even have admin accounts, so at least we are down to just the 3%. I am not at all surprised that this is not the case elsewhere.

  7. Mikel

    Champions!

  8. Infernoz Bronze badge
    Flame

    Because windows security granuality is too coarse and static!

    The reason that a lot programs run at admin level is because of the crap static way, user access levels work and quite stupid default security restrictions on commonly used resources, so it is often much less faff to use compatibility mode with admin level or even turn off user access control!

    This keeps biting me as a developer, so damned right I need admin level access!

    I will agree that software trying to store config./extensions in Program Files is quite stupid, and too many programs still do this! Junk like Chrome goes too far and stores the software where only config. and extensions should be stored, SRWare Iron shames it!

    I hate that stodgy slowness call McAfee, especially on laptops, where the limited CPU and I/O bandwidth it wastes is even more costly!

  9. benderama

    A flaw, really?

    As soon as "all you need is local admin rights" was mentioned, I switched off.

  10. Anonymous Coward
    Anonymous Coward

    McAfee?

    Isn't that some malware that tries to install every week when you update flash player?

    1. Halfmad

      malware that installs following malware? Sweet.

  11. Inachu

    I do one better than that!

    Boot using bart PE bootable cd GUI interface and then visit the C:\program files\mcafee folder then you can directly delete the folder and subfolders without any errors.

    then visit the the common files and do the same there then reboot and take cd out and now your pc is free of mcafee and viruses can have a party on your system

    1. Midnight

      "Boot using bart PE bootable cd GUI interface and then visit the C:\program files\mcafee folder then you can directly delete the folder and subfolders without any errors."

      Boring.

      I prefer John McAfee's explanation.

      https://www.youtube.com/watch?v=bKgf5PaBzyg

    2. DavCrav

      "Boot using bart PE bootable cd GUI interface and then visit the C:\program files\mcafee folder then you can directly delete the folder and subfolders without any errors."

      Just you try it on my laptop (work), which has:

      1) McAfee;

      2) full disk encryption.

  12. DanboMB

    Oh the joys

    So VSE 8.8 Patch 7 doesn't install over Patch 6 without out 1st removing Patch 6. The upgrade just doesn't work - been here before... Seemingly also the new P7 version is stuck with DAT 1111 (even if the ePO extensions have been upgraded) and will not auto update to today's DAT.

    I continue testing P7....

    McAfee

    "We just make it worse".

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like