McAfee Shows Flaws of Status Quo - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile // Mobile Applications
Commentary
4/25/2010
05:40 PM
Dave Methvin
Dave Methvin
Commentary
50%
50%

McAfee Shows Flaws of Status Quo

Last week's McAfee meltdown showed that there is danger in automatic security signature updates. Yet as much as it would be easy to just blame McAfee, what this incident really shows is the insanity of the current security process.

Last week's McAfee meltdown showed that there is danger in automatic security signature updates. Yet as much as it would be easy to just blame McAfee, what this incident really shows is the insanity of the current security process.Initially, there's what I call a "malware detection honeymoon period" for a lot of users, where they have complete faith in what their security software tells them. Inevitably the software starts popping up warning dialogs, and they dutifully follow the suggestions to stop the "dangerous activity" that the scanner reports. Just last week I got a report from a user who was incensed that our company was trying to send them a virus; they knew we were guilty because their off-brand virus scanner said so. I checked the file with twenty-two different virus scanners and found it squeaky clean, but no -- they had faith in their scanner and something must be wrong with that file, and with our company.

Over time, though, users realize that their scanner isn't always right. When they always take its advice, their applications don't install or can't communicate with the Internet. After too many instances of security software crying "wolf", users change their attitude to skepticism; that makes them more likely to distrust and override its advice. At that point, it's a crapshoot whether any security software that gives the user veto power can offer effective protection.

Add to those sins the problem that happened with McAfee this time. An erroneous detection had McAfee's scanner deciding that an innocent svchost.exe file was malicious. McAfee removing the virus, er, critical system file, rendered it unbootable, which is a problem that can't be fixed without a face-to-face encounter with each PC. McAfee realized their mistake pretty quickly, although only after the fact.

This most recent episode does bring into question whether McAfee quality control and testing is good enough, and their answer darned well should be "no". Yet it isn't like this is the first time a problem like this has happened. False positives don't have to be very common to be catastrophic -- to the PC, to the IT department, and to the product's credibility. Is the industry's current approach really sustainable? Malware seems to have been able to stay ahead of security software for more than a decade; the good guys are constantly being reactive to threats and leaving open a window of vulnerability that is hours or even days long.

Given the flaws of the current system, is there any alternative? A few options do exist out there. For example, instead of depending on security scanners to find the malware needle in the software haystack using a blacklist, some products like Bit9 use a whitelist to only allow approved programs to run. In some environments this can be a much better approach. In a setting where users need to run arbitrary software on PCs, such as software development, it's not practical. Yet many offices really can make a short list of the software they want their users to run. Is yours one of them?

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Slideshows
11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
News
Time to Shift Your Job Search Out of Neutral
Jessica Davis, Senior Editor, Enterprise Apps,  3/31/2021
Commentary
Does Identity Hinder Hybrid-Cloud and Multi-Cloud Adoption?
Joao-Pierre S. Ruth, Senior Writer,  4/1/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Slideshows
Flash Poll