Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Just when you thought Macafee stuff was safe!

From: "Tim Saunders" <Tim.Saunders () aquilauk co uk>
Date: Tue, 23 Sep 2003 16:14:42 +0100
Or if your users have McAfee Virus scan wait for them to download a
large compressed file, I find zips of oracle CDs from partner.oracle.com
do nicely. Now watch McAfee crash as it tries to scan the contents of
the zip and times out (I believe) thus leaving the machine nice and
vulnerable since it doesn't auto restart. Any 300MB+ Zip, .tar.gz,
.cpio.gz etc seems to work. Smaller files may also work depending on
your machine.

Tim Saunders


-----Original Message-----
From: gregh [mailto:chows () ozemail com au] 
Sent: 23 September 2003 14:35
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] Just when you thought Macafee 
stuff was safe!


Try this one out for yourself.

1) Make sure you have all this set up on an email address 
that is getting lots of the latest virus infected emails.

2) Install Macafee Virusscan Online (AKA Macafee VSO).

3) Install Macafee's Spamkiller.

4) Note they are from the same company.

5) Pick up email with Spamkiller while VSO is running in the 
background.

6) Note how, for every infected email, you have to click 
"continue what I was doing" and "No" to "Do you want to scan 
your computer?"......as said for EVERY DAMNED EMAIL!

7) At some point during the email being checked by 
Spamkiller, watch Spamkiller stuff up as VSO has deleted log 
files etc that it decided were infected and auto cleaned.

8) Now imagine you have a network of around 20 or so users 
(more, if you
like) all with Macafee VSO and Spamkiller all going through 
what you just put yourself through and realise that your 
users probably just use computers to do their work on (and 
dirty web browsing habits - but that's another
story!) and cant afford the time to keep answering two 
questions per incoming email and then deal with the fact that 
Spamkiller has crashed or otherwise made life difficult. 
Imagine, if you were that user rushing to meet a deadline, 
what you would do? If you had the ability, you would stop 
Macafee VSO and/or Spamkiller and continue on.

9) Now with Spamkiller AND Macafee VSO stopped, imagine what 
work YOU will have very shortly, fixing this.

10) Now start to wonder what the Bofh'n heck you chose these 
two products for when they do that and why it is that Macafee 
hasnt fixed this!

.....sorta makes you realise why a major epidemic like we are 
currently experiencing works when users are forced to turn 
off the things meant to make their life easier and protect 
them to some extent, huh?

Greg.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: