McAfee antivirus updates fail critical test

Compatibility problems with Vista led to McAfee's VirusScan failing to protect against two pieces of malware
Written by Richard Thurston, Contributor on

McAfee's antivirus software failed a critical security test because the software failed to interact properly with a key security feature in Vista.

The VirusScan version 8.1i software — one of McAfee's main enterprise offerings — failed to detect two viruses that are currently found in the wild, according to security testing firm Virus Bulletin, despite informing testers that it had updated successfully.

Virus Bulletin tested 15 security products designed specifically for Microsoft's new Vista operating system, to see if they would detect a set of viruses. Four out of the 15 products tested failed to protect users, including Microsoft's own antivirus product, Live OneCare, and McAfee's VirusScan 8.1.

McAfee had claimed last week that Virus Bulletin had used an outdated version of VirusScan.

But according to the researchers, McAfee's product failed simply because it had not updated itself with the latest protection. "McAfee's problem was entirely due to the failure of the update method used," said Virus Bulletin's technical consultant John Hawes. "The product reported it had updated itself... A false sense of security is a dangerous thing."

"The problem we had can be put down not to an inability by McAfee to keep up with the latest malware, but rather to a failure to properly integrate all aspects of the proudct into the new Vista operating system, and most importantly the new security controls," Hawes added.

Virus Bulletin said the problem occurred in the way McAfee's software interacts with Vista's User Access Controls, which will force customers to run the operating system in standard mode, rather than administrator mode.

"Vista caused trouble for a lot of products and this, though seemingly a minor issue, had a major effect on the protection provided by McAfee's product," said Hawes.

Joe Telafici, vice president of operations for McAfee's Avert Labs, acknowledged Virus Bulletin's findings. "McAfee did not receive a pass since the manual update method would not properly update to the latest antivirus protection unless the manual update tool was run in administrator mode," Telafici told ZDNet UK.

"Customers should note that this does not impact any of the standard update mechanisms available within McAfee VirusScan Enterprise 8.5 or the managed update of .dat files available through ePolicy Orchestrator or Protection Pilot," Telafici added.

Shortly before the full commercial launch of Vista a fortnight ago, anti-spyware firm Webroot revealed a large number of potential security flaws related to Vista. It said the blocking capabilities of Windows Defender were "potentially ineffective" and that Live OneCare's antivirus capabilities were "weak".

Gerhard Eschelbeck, Webroot's chief technology officer, warned: "We want to make sure that users understand the Vista operating system's limitations, and caution them that Microsoft's default malware blocking application and antivirus programs may not fully protect them."

In its report, Virus Bulletin was critical of Microsoft Live OneCare, saying numerous virus samples had been missed and that the user interface was over-simplified. Researchers also had to disable user access controls in order to complete their testing.

Editorial standards