« McAfee Mayhem | Main | Local Media #fail »

Thursday, April 22, 2010

McAfee, ClamAV, McAfee: Why keeping security software up to date is mandatory, not optional

1: On March 31st, McAfee's support for their V1 format antivirus DAT files ended, and with it come the end-of-life for VirusScan 8.0. Plenty of warning had been given, and they'd even extended the end-of-life date by three months. Yet, come April 1st, McAfee's Community Forums were filled with tales of people whose antivirus had ceased updating. There was a twist to this tale, however. One customer was using a V2-supporting antivirus program, but it still wasn't updating. It turned out that updating to a later version of the McAfee Agent solved his problem.

2: The ClamAV Users' mailing list has become a bit of a flame-fest of late, all due to Sourcefire's withdrawal of support for versions pre-0.95. They'd announced all this six months ago, but users were still caught unawares. Unfortunately, the developers effectively "turned off" older versions when they issued a pattern update using a data format only supported by ClamAV 0.95 and later. And how the affected users howled.

3: Back to McAfee yesterday, and we find peoples' PCs being screwed up by a bad DAT update. Those who escaped unscathed were those who had read, comprehended, and implemented a setting change discussed in the last VirusScan 8.7 patch release notes. More luck than anything else, in this case, though.

Notice a common theme to all of these?

Due diligence, or lack of it. Not by the vendors, but by the users of their products.

Security software, by its very nature, requires frequent updates. Improvements to increase reliability, detect new classes of threat, and so on. It is critical to the security of an organisation's assets.

So why, oh why, are people sticking their heads in the sand and not keeping things up to date?


Posted by Phil at 10:55 PM
Edited on: Thursday, April 22, 2010 11:26 PM
Categories: Comment, Computer Security