Re: McAfee & nmap

[engage <engage () n0sq us>]

On Monday 29 August 2005 03:08 am, you wrote:
> On Sun, Aug 28, 2005 at 09:44:02PM -0600, engage wrote:
> > I am running McAfee AV 10.0.25 on XP Pro SP2. McAfee keeps
> > displaying a message everytime I try to run nmap. The box is calling
> > it a "potentially unwanted program".  Apparently, McAfee defines
> > this as spyware or adware or malware. Did I download a hacked
> > version of nmap or is this just another effort to kill the use of
> > nmap?
>
> Yes, that is highly annoying.  I notified McAfee last year that Nmap
> has never contained any spyware or advertising, nor any other code
> acting against the user's interests.  It is not bundled with anything
> else, and doesn't even offer an executable installer.  So it is hard
> to imagine someone installing it by accident.  I asked why they would
> possibly flag Nmap in their virus scanner.
>
> McAfee responded that they never called it a
> virus/trojan/adware/spyware/etc.  Instead, they describe it using the
> weasel-words "potentially unwanted application".  That is easy for
> them to justify, since any application can be "potentially unwanted".
>
> To their credit, they did add a description noting that Nmap "is not a
> virus or trojan" and even that "Nmap is a very efficient tool ... used
> by security experts to enhance their network security"
> (http://vil.mcafeesecurity.com/vil/content/v_100955.htm).  McAfee
> claims that this detection is disabled by default.  Is it possible
> that you changed the configuration to detect "potentially unwanted
> programs"?  Or maybe you are using a corporate AV system that is
> already configured that way?
>
> I regularly get complains/queries because of this bogus listing.  Most
> are polite from people concerned that their Nmap download might be
> infected with some virus because McAfee flagged it.  Other people send
> angry letters accusing me of distributing spyware, screwing up their
> PC, etc.  These mails always seem to be from McAfee users -- the other
> virus checkers seem to know better than to flag Nmap.  Or maybe they
> just describe the "issue" better so that fewer users are disturbed.
>
> McAfee claim that they flag Nmap because it "can also be used with
> malicious intent by hackers to target attacks on remote systems."
> Another free Windowws tool which can be used for this is McAfee's own
> FoundStone SuperScan.  Yet that doesn't seem to be detected -- they
> apparently don't consider Superscan to be potentially unwanted like
> Nmap is.  Nor do they flag ISS Scanner, Symantec NetRecon, or many of
> the other commercial scanners.  They don't even flag Nessus (not that
> they should!)  McAfee is clearly discriminating against Nmap by
> flagging it while ignoring so many other scanners (including their
> own).
>
> While I think McAfee should remove the listing, I haven't yet been
> able to convince them of that.  But they might listen if they hear it
> from enough customers.  If you have been annoyed by McAfee flagging
> Nmap, consider sending a polite email to Joe Telafici ( Joe_Telafici
> at avertlabs dot com) as well as virus_research () nai com.
>
> Also, if you are purchasing virus scanners for yourself or your
> organization, consider buying from a vendor other than McAfee until
> they stop flagging clean open source software such as Nmap (and wget).
> I'll let you know if/when they remove the bogus listing.
>
> Cheers,
> Fyodor


Thanks for the reply. I'll be sure to make McAfee aware of my disappointment 
concerning this issue.  Since this was preloaded onto my new Dell Inspiron 
600m laptop, I'll be sure to provide feedback to Dell also. Normally, I use 
Symantec so I will remove McAfee and install Symantec or AVG. I would also 
like to point out that the licensing agreement for McAfee requires that I 
agree to automatic renewals and that my credit card will be automatically 
billed when the renewal comes up. That'll be interesting to find out if Dell 
shared my credit card account number with McAfee.

Anyway, I've been using nmap with Mandrake Linux and rarely on the Windows 
platform for many years and find it useful. To the nmap developers: keep up 
the good work!



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev