RE: McAfee VirusScan vs Metasploit Framework v2.x

["Debasis Mohanty" <mail () hackingspirits com>]

> > From: H D Moore
> > Sent: Saturday, December 10, 2005 12:48 AM
> > To: full-disclosure () lists grok org uk
> > Subject: [Full-disclosure] McAfee VirusScan vs Metasploit Framework v2.x

> > Looks like some overzealous idiot at McAfee added "Trojan" signatures for
> > 202 files in the latest version of the Metasploit Framework.

Infact this doesn't really surprise me. Those overzealous idiots at McAfee
never fail to add any of those security related tools (apart from their own
security tools) available in this planet to their signatures. Wow !! Those
guys must be really smart!! 

Just for the info, they have also added Nmap as "potentially unwanted
application" (http://vil.mcafeesecurity.com/vil/content/v_100955.htm) and
they even didn't spare a demo tool which was developed by me to demonstrate
a firewall leak test
(http://vil.mcafeesecurity.com/vil/content/v_136350.htm). Although, I was
bit lucky here as they tagged it as a demo tool. However, an ordinary user
always gets scared by such warnings from the AV and will end of complaining
about the same. 

Someone just mentioned regarding those guns & criminals, the idea here is;
can't they have some safe program list and give the option to the users to
decided whether to have them on the system on not?? The user might draw
wrong conclusion by seeing such un-necessary & scary warnnings from McAfee. 

I am just wondering, how come they have failed to add their own security
tools to the non-wanted list. 


- D (aka T)


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/