Security software is an everyday necessity for most people, especially Windows users, businesses, and enterprises. But one of the ironies of security software is that, once in a while, it turns out to be the source of security problems all by itself. The latest instance involves McAfeeâ™s SaaS Total Protection suite, a cloud-based solution designed to provide comprehensive email and and Web filtering along with centralized security management for businesses and organizations. However, McAfee has just had to issue an update to the service to block a flaw that could let attackers execute code on protected machines, and to fix another problem that could potentially enable attackers to turn protected systems into spam relays.
âœTwo issues in SaaS for Total Protection have arisen in the past few days,â wrote McAfeeâ™s David Marcus in the companyâ™s blog. âœIn the first, an attacker might misuse an ActiveX control to execute code. The second involves a misuse of our â˜rumorâ™ technology to allow an attacker to use an affected machine as an â˜open relay,â™ which could be used to send spam.â
McAfee says the ActiveX control issue, while new, is similar to a problem the company patched back in August 2011: As long as customers have applied that update, they arenâ™t vulnerable to the new problem. McAfee has begun rolling out an update for the spam relaying issue, and customers should receive the update soon if they havenâ™t already.
The Saas Total Protection suiteâ™s âœrumorâ technology enables protected computers to communicate updates with each other in a fashion like peer-to-peer networking. The idea is to distribute updates automatically in-house on local networks rather than forcing every protected system to grab new updates from McAfee, potentially straining an organizationâ™s Internet connectivity. According to reports, the service installs itself even if users donâ™t specifically ask for it, and while it can be shut down using Windowsâ™ built-in administrative tools it gets restarted whenever McAfee delivers a software update.
Although the spamming vulnerability never put data on protected machines at any risk, attackers were able to use the rumor service to essentially bounce email messages off the protected systems, making it appear to the rest of the Internet that the McAfee-protected computers were the origin of the spam, rather than the attackers themselves. As a result, some McAfee users were mysteriously finding their machines and networks blocked by spam filters â” in one case, apparently by McAfeeâ™s own antispam technology within the organization.
McAfee was acquired by Intel in 2010.
This article was originally posted on Digital Trends
More from Digital Trends
Cisco: Unique malware multiplying in 2011
Rustock botnet mysteriously goes dark
67 percent of Facebook users were spammed in 2010
Sophos: U.S. still top spam sender