McAfee Finally Announces Security Flaw
Consumers have all the more reason to heed the warnings about updating their antivirus and antimalware software. It’s not just that it keeps you protected from threats that weren’t discovered when you first installed your software, but as security news surrounding McAfee’s VirusScan Enterprise for Linux shows, it might just fix a number of security flaws.
Ten, to be exact. This highly technical report from Charlie Osborne for ZDNet explains it rather well, but more importantly, it tries to sort out an explanation for the timeline behind it. More to the point, it asks why it took six months from the initial research discovery of flaws that potentially gave hackers root access before McAfee announced the discovery and released a patch.
In the realm of hacking and data breaches, it wasn’t uncommon for official disclosures to take the better part of a year. Consumers were often notified that their information had been compromised in the previous calendar year, in breaches that took place undiscovered for months at a time. Fortunately, efforts on the part of cybersecurity researchers, policymakers, and agencies like the Identity Theft Resource Center mean the time frame from discovery to disclosure is now something like a few days or weeks rather than months. The famous Snaphcat boss phishing attack that compromised the complete identities of about 700 employees was discovered and reported to the authorities within four hours.
Which begs the question, why the six month delay? And what was behind the lengthy period of complete silence just prior to the date the announcement was made earlier this month? Are we as customers becoming too needy when it comes to expecting a quality product, or is there truly that much effort involved in closing up these kinds of vulnerabilities? Unfortunately, without more transparency surrounding the process, consumers often lean towards the negative perception of a company and its product line. To the company’s credit, the initial August deadline for disclosure was renegotiated for September, with a nod towards waiting until the end of the year; that speaks to the possibility that this was not just a simple matter of closing a few holes.
Consumers have all the more reason to heed the warnings about updating their antivirus and antimalware software. It’s not just that it keeps you protected from threats that weren’t discovered when you first installed your software, but as security news surrounding McAfee’s VirusScan Enterprise for Linux shows, it might just fix a number of security flaws.
Ten, to be exact. This highly technical report from Charlie Osborne for ZDNet explains it rather well, but more importantly, it tries to sort out an explanation for the timeline behind it. More to the point, it asks why it took six months from the initial research discovery of flaws that potentially gave hackers root access before McAfee announced the discovery and released a patch.
In the realm of hacking and data breaches, it wasn’t uncommon for official disclosures to take the better part of a year. Consumers were often notified that their information had been compromised in the previous calendar year, in breaches that took place undiscovered for months at a time. Fortunately, efforts on the part of cybersecurity researchers, policymakers, and agencies like the Identity Theft Resource Center mean the time frame from discovery to disclosure is now something like a few days or weeks rather than months. The famous Snaphcat boss phishing attack that compromised the complete identities of about 700 employees was discovered and reported to the authorities within four hours.
Which begs the question, why the six month delay? And what was behind the lengthy period of complete silence just prior to the date the announcement was made earlier this month? Are we as customers becoming too needy when it comes to expecting a quality product, or is there truly that much effort involved in closing up these kinds of vulnerabilities? Unfortunately, without more transparency surrounding the process, consumers often lean towards the negative perception of a company and its product line. To the company’s credit, the initial August deadline for disclosure was renegotiated for September, with a nod towards waiting until the end of the year; that speaks to the possibility that this was not just a simple matter of closing a few holes.
