Hot Take Should You Trust McAfee in 2023?

Sorrento

Level 12
Verified
Top Poster
Well-known
Dec 7, 2021
592
I tried McAfee over a year ago & I decided it was one of the never try again AV's - Far to busy for me, too many features, the YouTube review was beyond dreadful also - My opinion of this AV is unlikely to change in my lifetime - It seems I don't want a product loaded with features?
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
F

ForgottenSeer 98186

I tried McAfee over a year ago & I decided it was one of the never try again AV's - Far to busy for me, too many features, the YouTube review was beyond dreadful also - My opinion of this AV is unlikely to change in my lifetime - It seems I don't want a product loaded with features?
McAfee has always been that way. It is like a high-school bus packed with 120 kids.
 

Dave Russo

Level 22
Verified
Top Poster
Well-known
May 26, 2014
1,148
I can understand that you didn't want Norton/Symantec before, it ate my computer. But what's the reason you don't want it today? Norton is fast and secure.
I have a activation and yes I agree its known as a A+ product, But It has horrible cost on its extra"s and they charged me 116 plus dollars without a warning (that I had automatic renewal) They did reimburse (thanks for paypal)When I installed ,my wifes computer started getting Norton pop ups,I hate being hard sold with their scare tatics that I need Lifelock and the price for that is not cheap,I like making more of my own decisions without a Big Brother holding my hand and wallet(If someone wants a activation send me a mail, you can have ,and who knows you probably will love it, Just not me.Thanks for your message
 

franz

Level 9
Verified
Well-known
May 29, 2021
432
I have a activation and yes I agree its known as a A+ product, But It has horrible cost on its extra"s and they charged me 116 plus dollars without a warning (that I had automatic renewal) They did reimburse (thanks for paypal)When I installed ,my wifes computer started getting Norton pop ups,I hate being hard sold with their scare tatics that I need Lifelock and the price for that is not cheap,I like making more of my own decisions without a Big Brother holding my hand and wallet(If someone wants a activation send me a mail, you can have ,and who knows you probably will love it, Just not me.Thanks for your message
Thanks for the offer but I have a license for Norton 360 Deluxe and I paid about 10 dollars for one year.

This was a special offer, but I've turned off auto-renewal, so I can probably make a good purchase when it's available again.
I use f-secure safe on my main machine and Norton on one of my other machines.
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
McAfee has always been that way. It is like a high-school bus packed with 120 kids.
It seems like since the business division got acquired, McAfee has been focused on core activities more (security and privacy) and much less on features not of first necessity. They got rid of anti-spam, tuneup, file encryption (which was outdated), web boost, pc boost (the one that prioritises processes), vulnerability scanning (app updates) and many others. They also got rid of intrusion detection in firewall, as they say this feature is now provided by modern CPUs (it used to block certain exploits).

McAfee now tries to compete with Norton better by offering what LifeLock does (credit monitoring, identity theft insurance, restoration, dark web scanning), personal data cleanup (sending data removal requests). Their implementation of these features is far better than Norton and detects a lot more and faster. LifeLock has notified me of 4 breaches and McAfee has notified me of over 100 which include a leaked password found in various combo lists.
McAfee notified me of the twitter breach a week before LifeLock.

McAfee’s VPN based on Tunnel Bear is far better and faster than Norton’s VPN based on Surf Easy.

I spoke to tier 2 support yesterday to establish when this re-written and cloud-oriented version that was announced in October will be released.
I was excited to test it, but it won’t download.
Apparently we are few months away. The new version will use global URL filtering based on web reputation (outbound connections only). It is a much needed improvement as McAfee is the only “big player” that blocks dodgy websites and C&C servers in-browser only.
I am not sure why an announcement has been published way ahead of the release.

They are definitely working hard to make their product better and will be tested soon.




 
Last edited:

Anthony Qian

Level 10
Verified
Well-known
Apr 17, 2021
454
I don't trust McAfee as an AV product due to its excessive reliance on cloud-based hash blocking. Even slight modification made to previously detected samples using Artemis technologies can cause it to fail in detecting them.

Also, as an AV product that heavily relies on cloud scanning, McAfee consumes an unreasonable amount of resources during scans, which is absurd.
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
I don't trust McAfee as an AV product due to its excessive reliance on cloud-based hash blocking. Even slight modification made to previously detected samples using Artemis technologies can cause it to fail in detecting them.

Also, as an AV product that heavily relies on cloud scanning, McAfee consumes an unreasonable amount of resources during scans, which is absurd.
Artemis technologies have long been replaced by JTI (Joint Threat Intelligence) that uses a mixture of static analysis, policies and reputation. Artemis was an early implementation that relied on cloud look-ups only. Apart from that McAfee uses Real Protect, Real Protect Script and Real Protect Non-PE technologies. How effective everything is is another question, like all other products there are vectors not well covered and there are vectors where others fail and McAfee succeeds (signed and inflated samples are one example).
McAfee offers better protection on downloads through their Web Advisor, which uses reputation more aggressively.

I don’t remember the resource usage so can’t really comment on that. It’s been a while since I’ve looked into it.
 
Last edited:

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
You can trust them, for sure

Its like norton as someone mentioned, always bundled with the new mobile/windows device...1 month free then you pay worst prices for next year

You just can get better product for better price
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
With Norton and McAfee users should avoid automatic renewal like plague. Although this is not hidden, renewal prices are well mentioned on the products pages, always make sure retail licenses are used and prices are well compared before purchasing.
If there is a nice deal, it may he worth merging few licenses together through support. Norton only allows up to 5 years, McAfee doesn’t have a limitation.
 

Anthony Qian

Level 10
Verified
Well-known
Apr 17, 2021
454
Artemis technologies have long been replaced by JTI (Joint Threat Intelligence) that uses a mixture of static analysis, policies and reputation. Artemis was an early implementation that relied on cloud look-ups only. Apart from that McAfee uses Real Protect, Real Protect Script and Real Protect Non-PE technologies. How effective everything is is another question, like all other products there are vectors not well covered and there are vectors where others fail and McAfee succeeds (signed and inflated samples are one example).
McAfee offers better protection on downloads through their Web Advisor, which uses reputation more aggressively.

I don’t remember the resource usage so can’t really comment on that. It’s been a while since I’ve looked into it.
Artemis = JTI. The detection name of McAfee on VirusTotal is still "Artemis!MD5". Real Protect is not so effective, especially against backdoor trojan samples that are prevalent in China. McAfee is VERY bad against script malware.
there are vectors where others fail and McAfee succeeds (signed and inflated samples are one example).
On the contrary, McAfee often fails to detect signed and inflated samples. Malware samples with valid signature (WHQL Rootkit for example) are likely to be whitelisted automatically by McAfee's False Positive Mitigation function. Some inflated malware are too big to be uploaded to VirusTotal, on which McAfee relies to obtain new samples and, possibly, detections from other vendors (yeah, I've found some evidence suggesting that McAfee copies other vendors' detection.) As a result, JTI/Artemis fails to detect these samples.
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
There are many that fail against signed malware for various different reasons. I’ve seen McAfee detecting a lot of them even when inflated as RealProtect/Peng-SDS!MD5.

The rootkits mentioned may not be added to detection at all due to them being threat artefacts and by themselves, unless deployed as part of an attack or abused, not really malicious.

Symantec for years has had a very clear and strict policy not to add threat artefacts to their detections, as virus definitions are not a bin for everything to be thrown in there. Others like Avira and Eset will even detect phishing pages and PDFs through definitions.
There are many components and each has its task. McAfee for the general home usage provides enough protection. In the cases of advanced attacks it will not be as good as others. It all depends on what one needs.
 
Last edited:

Anthony Qian

Level 10
Verified
Well-known
Apr 17, 2021
454
There are many that fail against signed malware for various different reasons. I’ve seen McAfee detecting a lot of them even when inflated as RealProtect/Peng-SDS!MD5.

The rootkits mentioned may not be added to detection at all due to them being threat artefacts and by themselves, unless deployed as part of an attack or abused, not really malicious.

Symantec for years has had a very clear and strict policy not to add threat artefacts to their detections, as virus definitions are not a bin for everything to be thrown in there.
There are many components and each has its task. McAfee for the general home usage provides enough protection. In the cases of advanced attacks it will not be as good as others. It all depends on what one needs.
These Rootkit samples are clearly malicious, which is confirmed by Microsoft, ESET, Bitdefender and Kaspersky's analysts. They are not threat artefacts.
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
The confirmation by Microsoft is very interesting, as in many cases Microsoft is the one signing them. So it seems like at Microsoft the left hand doesn’t know what the right one is doing.
Without looking at the samples it is difficult to tell what happened, why and how.

This problem with the rootkits, as well as with signed malware is very wide and not unique to McAfee. There are few like Bitdefender that handle everything properly.

Any driver is still an artefact, as just putting the driver on your desktop will not cause the desired effect. You are also not able to execute it. This by itself is a threat artefact.
 

Anthony Qian

Level 10
Verified
Well-known
Apr 17, 2021
454
The confirmation by Microsoft is very interesting, as in many cases Microsoft is the one signing them. So it seems like at Microsoft the left hand doesn’t know what the right one is doing.
Without looking at the samples it is difficult to tell what happened, why and how.

This problem with the rootkits, as well as with signed malware is very wide and not unique to McAfee. There are few like Bitdefender that handle everything properly.
VirusTotal -> Although McAfee detects it as Artemis!198877A8CE99 on VT, detection will not appear on the consumer side, due to False Positive Mitigation function. I've sent email to McAfee Lab many times, still not use.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top