On The Insider: Sexy Aussie Babes
BNET Business Network:
BNET
TechRepublic
ZDNet
8 TalkBacks

By Dawn Kawamoto, News.com
Posted on ZDNet News: Aug 1, 2006 5:40:00 PM

McAfee has patched flaws in its SecurityCenter software, pervasive technology found in all of its consumer products from VirusScan to Total Protection to its Internet Security Suite.

The company has sent out a SecurityCenter 7.0 update to address the vulnerabilities, which could allow intruders to gain remote control of PCs Systems if the user clicks on a link to a malicious Web site, according to a security bulletin posted by McAfee on Monday.

The problems relate to SecurityCenter 4.3 through 6.0.22, the company said. Consumers who prefer to stay with these older versions should expect to receive a security patch from McAfee on Wednesday. Enterprise versions of the software were not affected by the flaws, McAfee noted.

SecurityCenter is designed to provide people with information on the security status of their system with one click of a mouse. It is geared toward consumers and small businesses.

"SecurityCenter is a consumer product, so the level of defense is less than a corporate network," said Mike Puterbaugh, a spokesman for eEye Digital Security, which discovered and reported the flaw to McAfee.

eEye rates the vulnerabilities as "highly critical," due to its potential to allow remote execution of code. McAfee, however, rates the flaws as a "medium" threat, because it requires user intervention to take effect.

Consumers also tend to be less likely to install updates, unless they are clearly labeled as a security update, Puterbaugh said.

McAfee, which was notified by eEye of the SecurityCenter flaws on July 19, said it has yet to receive any reports of systems being compromised.

Some customers have complained that the SecurityCenter 7.0 update caused Microsoft ActiveSync to fail when they tried to sync up their handheld computers. McAfee is reviewing the matter, a company representative said.

The SecurityCenter vulnerabilities mark the second time this month McAfee has been notified by eEye of flaws in its software. Earlier this month, eEye announced it had found a flaw in McAfee's ePolicy Orchestrator, a centralized security management and monitoring console used by corporate customers. The flaw, which required no user interaction to exploit, was located in the Framework Service component of the console.

  • Talkback
  • Most Recent of 8 Talkback(s)
Even free = No thanks
I can use McAfee for free thorugh my ISP (Comcast). I have 2 full versions of Symantec that cam bundled with my laptops. I use AVG and everything seems to run much smoother. It's also free, and I don't have to worry about subscriptions.... (Read the rest)
Posted by: fixmyhead Posted on: 08/03/06 You are currently: Logged In | Log out
It's time to toss your antivirus, again. georgeou   | 08/01/06
and rush out nomorems   | 08/01/06
I partially agree not of this world   | 08/01/06
Here's a stupid question.... Shelendrea   | 08/01/06
Every Large Corporate and Educational Organization adsanders@...   | 08/02/06
McAfee security holes doncowdrey   | 08/02/06
Church of the Painful OS Reverend MacFellow   | 08/02/06
Even free = No thanks fixmyhead   | 08/03/06

What do you think?

advertisement
advertisement