 |
A project to make businesses more aware of their customer experience, and how to fix it. By Mark Hurst. |
| About Mark Hurst | Mark's Gel Conference | New York Times Story on This Is Broken | Newsletter: Subscribe | RSS Feed |
Search this site:
Categories:
- Advertising
- Current Affairs
- Customer Service
- Fixed
- Food and Drink
- Just for Fun
- Misc
- Not broken
- Place
- Product Design
- Signs
- Travel
- Web/Tech
Previous: Ford's "anniversary packages" | Main | Next: Elevator panel
June 15, 2006 12:03 AM
Broken: McAfee personal firewall application message
Arie Swartz points out:
This is an alert that McAfee personal firewall application triggered, stating that it did not recoginze itself and needed to ask for my permission to allow it access to the internet.
the thing is that these are two separate programs from the same company; one is a firewall and one is a 'privacy service', most likely tied to the anti-virus. Not technically the same program...
But broken nonetheless.
Did the user click on the "Tell McAfee about this program" link and let them know about their own software? :)
So who's to say that this "McAfee Privacy Service" executable file it detected isn't some sort of malware or trojan? It's only broken if it hasn't found an actual problem.
Looking at the "customer experience," you could say that it's broken because there is not tighter integration between the McAfee products, but I say Grant brings up a good point about Malware.
Not broken, just overkill. How does the computer know if it's a real or phony version of the software. It could be a well diguised virus. I think we have come to expect too many human qualities from our computers. They're just machines and are only as smart as people make them to be.
I will admit that this seems odd, however, it does show that the product is working properly. In using a firewall, I prefer to know when ANY program is trying to access the internet. If I had just installed McAfee and this showed up, I would probably just grant access. If I had installed it a while ago and this showed up, I would suspect that something is wrong (e.g. I picked up some malware masquerading as McAfee). If these firewalls automatically recognized themselves or other programs, it would open up a new vector for attack. Just look at all the problems caused by Microsoft's tight integration between Windows and Internet Explorer to see what happens.
I agree with all the people here that no program should be immune to firewalling, even programs that ship as part of the same software package. Otherwise, how could you ever fully trust the firewall knowing that one of McAfee's products *could* have a security hole in it and be immune to firewalling?
If McAfee doesn't know if it is malware, how am I to know? Isn't that what the firewall is supposed to do. I have the exact same problem with ZoneAlarm.
This reminds me of a time when my friend was using Microsoft Anti-Spyware, and it identified its own schedular as spyware.
I think the broken thing is not that Personal Firewall is asking for permission to let Privacy Service on the internet, since that's its job. What's broken is that it says it does not recognize Privacy Service. Not only are they from the same company, but they are both run through the McAfee Security Center.
Who am I? Who are you? What is this all about? Why are we here? Where is 'here'? What is the meaning of life? What is the answer?
The answer..... is 42. Q.E.D.
Have you seen the new McAfee Ultraprotect system? After every keystroke it asks: "Are you sure you intended to push that key?" It took me 2 hours to type this post.
yo dude ur wrong all secuity systems ask for other programs you have downloaded for accces to enternet. if i downloaded a game and it needed a patch or up date. it would give me a link on the game. when i click it my S.C.C. (saftey and securty system aol) asks me to grant acces or not.
Enters
W-H-Y-?
Stands clear as computer self-destructs as that is a question insoluable to man or machine...
Yeah, it seems computers are worse at identifying their programs than people are at themselves!
ROFL my pocket change.
"If McAfee doesn't know if it is malware, how am I to know? Isn't that what the firewall is supposed to do. I have the exact same problem with ZoneAlarm."
No. A firewall does only one thing: block TCP/UDP ports. If any program tries to access a port, it will ask you if you want to let traffic through. It's designed to give you controll, and as was mentioned earlier: What if someone made a piece of malware, named it "McAfee Privacy Service" and unleashed it onto the internet?
A firewall can't determine if I program is genuine or fake, and it can't tell if it's malicious or not. It's up to you to know whether or not a program run on your computer is supposed to access the Internet or not, because a firewall doesn't know, and if they programmed a way for firewalls to automatically grant certain programs rights to access the internet, they would by definition be programming security holes into their software.
Yeah, it's not the most "intellegent" software, and it may make for a slightly worse user experience, but with current technology, it's pretty much necessary.
>A firewall can't determine if I program is
>genuine or fake, and it can't tell if it's
>malicious or not. It's up to you to know
>whether or not a program run on your computer
>is supposed to access the Internet or not,
>because a firewall doesn't know...
You stated yourself. "What if someone made a piece of malware, named it "McAfee Privacy Service" and unleashed it onto the internet?". The point is that a user with a McAfee Privacy program installed would have NO WAY of knowing whether the program asking access to the internet was real or malicious. What's an end-user supposed to do, reverse-engineer the executable to try and discover what it does? Not likely, especially for the target market for Mcaffee security systems.
So what will happen, in the real world? The average user will allow the software to access the internet. They have no way of knowing what it does, so they will usually take the route of assuming it's not malicious and allowing it (if you don't believe me, think of the number of viruses that rely on the user running an executable file they recieved by email). In other words, the firewall is DECREASING the effective security by disclaiming responsibility and 'passing the buck' to the end-user.
If a little thought was put into it, you'd realise that a firewall could easily determine if something claiming to be a fellow Mcaffee program was genuine or fake. A simple MD5-style checksum routing (slightly modified in case the malicious users find a way to make a program with the same standard checksum as the real thing) would be one example, a good one in this example since it would be easy for Mcaffee to implement this in their own software, but it's by no means the only one. This would increase both ease of use (not bothering and alarming the user with dialogue boxes for a genuine app) and security (would identify and warn the user about a real malicious app, that in the current system, would probably just be allowed). Everyone wins (except 'beckett', whose evil plans to get everybody to switch to Mac will have been foiled ).
>>"The average user will allow the software to access the internet."
Every software firewall I've ever used (though I've never used McAfee or Norton) recomends that you NOT allow programs to access the Internet, see if it has any ill effect on using your programs, and if so allow it. And I know *my* first assumption when I program tries to access the Internet is that it *is* malicious. Granted, I'm not your average end user.
>>"The point is that a user with a McAfee Privacy program installed would have NO WAY of knowing whether the program asking access to the internet was real or malicious."
Well, they could. It would require them to know what they were launching and when, though.. so I guess that might be too much to ask. ;)
And as far as using file hashes to automate McAfee granted access to the web.. That would require McAfee to know the proper checksum of every single file (or at the very least executable) ever made, since hashes are really only used to tell you if a file is corrupt or not. I still stand by my assertion that programing any sort of automation into a firewall will inherently make it weaker, because a hacker WILL find a way to spoof whatever security would be used (point and case: MD5 and its successor SHA-1 have both been broken already).
Oh, I almost forgot: as so far as macs go, the only reason you don't get alot of malware or virii for macs is because they have a pittance of the market share. If your evil plot to encourage people to buy mac succeeds and people switch, you will very quickly begin to see nearly all the problems PC users have now, garunteed.
>>WiglyWorm:"Oh, I almost forgot: as so far as macs go, the only reason you don't get alot of malware or virii for macs is because they have a pittance of the market share."
This one's been shot down so many times it's getting ridiculous, but one more time won't hurt for those that still don't get it: Nobody disputes that 'security through obscurity' does help, but the facts remain that 1>OSX is an inherently more secure OS to begin with, and 2>the incidence of successful exploits for the Mac is significantly lower than their market share. This means that the ratio of security risks to user base is not only much lower than Windows but also much lower than 'security through obscurity' could ever account for.
So, yes, Windows gets hammered because it is dominant, and yes, Mac OS will get hit more as its prominence grows, but it STILL holds true that it is substantially less vulnerable to malware and virii.
Damn! Gil said it first, but it was exactly the same thought I had after re-reading the posts subsequent to my earlier one.
Ha ha...this doesn't surprise me. McAfee is the most annoying program I've got. I use Microsoft's XP firewall, yet because I have the suite of McAfee programs (virus, privacy service, etc.) it asks me EVERY TWO DAYS why I'm not using their freakin' firewall. My only choice when the reminder comes up is to update the program now (which I don't need to do since I'm using XP's firewall) or wait 2 days for yet another reminder. Can someone shoot their software designer for me, please, with a nice lemon cream pie?
Perhaps the program is not McAfee at all, but a program which has named itself as such and thereby would not be "recognized" by the firewall. In this case the program is doing its job quite well. Does McAfee install its products into Program Files\McAfee.com ?
Simon: The checksum wouldn't work in practice, I think, if only because that would mean McAfee would have to update the firewall every time it updated any of its other products, to have the new checksums inside it. (If the checksums lived in a file, the file would be easily attackable!)
I don't think this is broken, other than the way firewalls like that are inherently broken as a matter of UI. But that might be less costly than the alternative, for the target market... and unless someone can come up with a better compromise between protection, usability, and UI annoyance, I wouldn't call this broken per se.
hmmm.... it's a nice idea, although the checksum thing wouldn't really work. And to those of you advocating switching to mac...you can shove that stupid one button mouse up your arse...and then put linux on your computer.
Sounds like this program Virtual Bouncer (A fake anti-virus program). It turned out to be a version of VX2. It was so bad, we ended up having to wipe the C:\ drive.
Comments on this entry are closed
Previous: Ford's "anniversary packages" | Main | Next: Elevator panel
_@_v - first!
_@_v - well i couldn't resist...
Posted by: snesnailie_@_v at June 15, 2006 12:10 AM