Is the latest version of McAfee's VirusScan still using ActiveX?

Yes it is.

{QUOTE-> Is the latest version of McAfee's VirusScan still using ActiveX? <-QUOTE}
where i can found free mcafee 10??

Can someone explain to me why this is an issue? I have seen this as a reason why people will not use McAfee, but I don't understand the risk.

{QUOTE-> where i can found free mcafee 10?? <-QUOTE}
Nowhere.

If you have Comcast for your ISP, it will find you. :D

Is McAfee AV the same in all its different marketing avenues... so is the Comcast version the same as the US DoD version, or the same as what I'd download from mcafee.com?

The Comcast version is the same as the one from McAfee.com.

{QUOTE-> Can someone explain to me why this is an issue? I have seen this as a reason why people will not use McAfee, but I don't understand the risk. <-QUOTE}It would not be an issue for me, as Xp prompts me for permission to install any active x and I can turn off active x in explorer.

{QUOTE-> It would not be an issue for me, as Xp prompts me for permission to install any active x and I can turn off active x in explorer. <-QUOTE}
I suspect it would - McAfee won't update w/o ActiveX running.

Someone wanted to know what the risks are:
http://forums.net-integration.net/index.php?showtopic=3051

Even MS thinks (finally) that it's a risk:
{QUOTE-> By Gregg Keizer, TechWeb News

The Internet Explorer development team has revealed details of upcoming key features that will land in the next beta of IE 7.

Among the features demonstrated Tuesday at a Microsoft Professional Developer Conference presentation, then outlined on the IE team's blog, were Quick Tabs and Page Zoom.

Other new features, said Wilson, will include something he dubbed "ActiveX Opt-in," that will set most ActiveX controls (even those already installed) as disabled by default. Users can selectively enable controls as necessary. <-QUOTE}

http://www.techweb.com/showArticle.jhtml?articleID=170703182&cid=test1_rssfeed

This BTW is one of the few times that MS will actually practice "Default Deny" security philosophy - long overdue.

Regards - Charles

{QUOTE-> I suspect it would - McAfee won't update w/o ActiveX running.

Regards - Charles <-QUOTE} I know, so I would just leave it at prompt. The point I was making was simply that the security issue could be dealt with in a simple manner and because of that is overblown. I wonder if Starrob left any of that popcorn behind? ;D ;) Microsoft is simply giving users the increased control some have been clamoring for in IE 7. I will leave it at that as I know were going off topic.

Hello Hammer,

I know, so I would just leave it at prompt. The point I was making was simply that the security issue could be dealt with in a simple manner and because of that is overblown.
Two points here - prompting, ok you would, but average users would not, I've seen it countless times, compounded by how often the updater component wants to check for updates - could be as short as every 5 minutes - I know NIS under certain conditions will check from every 5 minutes to 4 hours.

What's overblown? Have you looked at any figures on the number of systems that are infected with unwanted adware/spyware? It also depends on the sites - if everyone stuck to security forums there would be no problems, obviously that's not the real world.

Besides which AFAIK, there isn't any security reason on the part of McAfee to do this - their Control Center is an Ad center, that's the reason for the ActiveX: marketing.

Microsoft is simply giving users the increased control some have been clamoring for in IE 7. I will leave it at that.
LOL, MS can't catch a break.

Regards - Charles

{QUOTE->
Besides which AFAIK, there isn't any security reason on the part of McAfee to do this - their Control Center is an Ad center, that's the reason for the ActiveX: marketing.

Regards - Charles <-QUOTE}

I have to disagree with this statement. McAfee was using Active X when it was a standalone AV and long before the Security Center ever came into play, and the idea of the Security Center being an "Ad center" is definitely misleading (for those not knowing what it is, and trying to decipher your comment).

Microsoft is going to give control of activeX to the user in IE 7 but activeX is still required to use windows updates :-\

{QUOTE-> I have to disagree with this statement. McAfee was using Active X when it was a standalone AV and long before the Security Center ever came into play, and the idea of the Security Center being an "Ad center" is definitely misleading (for those not knowing what it is, and trying to decipher your comment). <-QUOTE}I agree with you ,but it is a statement commonly made by reviewers of McAfee products in computer mags and on their web sites.

Hello JRCATES,

I'm not disparaging the quality of the AV/firewall - so lets get that out of the way.

There always was a version of CC, it just may not have been called that. The first time I saw McAfee run was in late 2003 - AV only. There were constant reminders/notifications to install the firewall, even though the user of course had a 3rd party firewall. After a while, I would call that badgering. Since then these kinds of "notifications" have grown to encompass whatever products McAfee sells. Reminds me of AOL :P fair enough, everyone has a right to push their products, but anyone contemplating it's use ought to be informed that that's what you get.

Regards - Charles

{QUOTE->
There always was a version of CC, it just may not have been called that. The first time I saw McAfee run was in late 2003 - AV only. There were constant reminders/notifications to install the firewall, even though the user of course had a 3rd party firewall. After a while, I would call that badgering. Since then these kinds of "notifications" have grown to encompass whatever products McAfee sells. fair enough, everyone has a right to push their products, but anyone contemplating it's use ought to be informed that that's what you get.

Regards - Charles <-QUOTE}

Hi Charles, fair enough....although I first used McAfee in 1999, and there was no "Security (or Control) Center" then.....at least, not with the standalone anti-virus subscription that I had. I never had a problem with McAfee, but like so many others, after my subscription expired I decided to "shop around", and try out some other products (because you never know what you like best and what is truly effective until you experiment a little). After a few years of using competing brands - and running into and having numerous problems - I went back to McAfee since I had not had those problems when using it. That is when I noticed that they had began including the Security Center as part of the product. Other than being told what a user's "security rating" is according to McAfee's products and protection guideline, I really don't find it bothersome.....but I'm using the Security Suite, so that probably explains that. For others using another firewall or that do not have SpamKiller or Privacy Service installed, being told their "security rating" is not perfect would probably disturb me a little as well, so I understand what those complaints about it are and can see the legitimacy of them. But to me, the system tray icon is one of the LEAST annoying icons that I have ever seen, and I'm surprised that so many seem to have this major problem or issue with it (unless it is black rather than red, and then I can understand somewhat - LOL)........

thanx man

I wanted to use a 30 day trial for mcafee personal firewall 7 and was disappointed with the security centre aspect of it, and i must agree it acts more like an ad or promotion centre for mcafee products (imo).The first thing that popped up was how i could save 20 pounds on thier suite...mmmm.As security centre and the firewall was listed in add/remove programs i thought id uninstall the security centre ,because i didnt want any antispam functions ,or antivirus functions ,or ads from mcafee telling me how to save money if i did want them.On trying to uninstall it said i had to uninstall all mcafee processes first which includes the firewall so you cant run it without the security centre.I uninstalled it all after about 1 hour because of the security centre baggage.Im sure it may have another valid purpose ,but theres no denying that its also to promote mcafee products.
ellison

McAfee is the only security software AFAIK that demands the use of IE's biggest secuity hole: activeX.

It uses it to run that dog & pony show called the Security Center.

Regards - Charles

ActiveX or not, I will use McAfee anyway. It is nice product. ;)

It is a excellent AV/FW product, but there are others that are equal or better and thankfully they don't, as of yet anyway, feel they have to put on a show.

Regards - Charles

{QUOTE-> Is the latest version of McAfee's VirusScan still using ActiveX? <-QUOTE}

Even if it does, what's the issue?

Does McAfee allow 3rd part software to access its ActiveX objects?

Hello Howard,

ActiveX has been a notorious source of insecurity in IE for years, one of the biggest security rationales for alternative browsers, especially Firefox.

If you go into IE's Security tab > custom level, and go through the activex settings, do you see anything there enabling you to select for McAfee? I don't, they are blanket settings, aren't they?

The point is, whether McAfee allows or doesn't allow access to its own activex setting, activex has to be enabled across the board in IE.

Regards - Charles

{QUOTE-> Hello Howard,

ActiveX has been a notorious source of insecurity in IE for years, one of the biggest security rationales for alternative browsers, especially Firefox.

If you go into IE's Security tab > custom level, and go through the activex settings, do you see anything there enabling you to select for McAfee? I don't, they are blanket settings, aren't they?

The point is, whether McAfee allows or doesn't allow access to its own activex setting, activex has to be enabled across the board in IE.

Regards - Charles <-QUOTE}

Many programs use ActiveX with no harm at all.

The problem occurs ONLY when a program, such as a browser, allows a 3rd party to slip an ActiveX critter onto your computer without your permission.

ActiveX from within the installed program is not the problem.
If McAfee is just using ActiveX internally, that's not a problem. If they are allowing oter ActiveX critters to execute, then there can be problems.

{QUOTE-> If they are allowing oter ActiveX critters to execute, then there can be problems. <-QUOTE}
Hi Howard,

ActiveX has to be turned on in IE for McAfee to download updates - so the issue then becomes is there an option to block Activex selectively.

The few times I've seen it running and tried to find a way to do just that, ended in frustration. Maybe I wasn't looking hard enough ;)

Regards - Charles

Those lucky enough to be using Virusscan Enterprise don't get any of that ActiveX crap.

I used Mcafee with it's activeX for many many years and it never caused any kind of problem. I really believe that a lot of the malware or exploits are blown clear out of reality by word of mouth information. That is not to say that there isn't some very real and dangerous malware out there. but mcafee's use of activeX is not one of them.

{QUOTE-> Hi Howard,

ActiveX has to be turned on in IE for McAfee to download updates - so the issue then becomes is there an option to block Activex selectively.

The few times I've seen it running and tried to find a way to do just that, ended in frustration. Maybe I wasn't looking hard enough ;)

Regards - Charles <-QUOTE}

THe original question in this thread was "Is the latest version of McAfee's VirusScan still using ActiveX?".

I have no idea what that question means.

All AV software does is examine files for viri, worms, etc.
Whether a file uses ActiveX code or whether the file is, say, an ActiveX DLL, what's that got to do with whether McAfee USES ActiveX?

McAfee might, itself, be using ActiveX DLLs to include its own code, so what, that's not an issue.

What is needed is clarification of the original question in this thread.

{QUOTE-> Hi Howard,

ActiveX has to be turned on in IE for McAfee to download updates - so the issue then becomes is there an option to block Activex selectively.

The few times I've seen it running and tried to find a way to do just that, ended in frustration. Maybe I wasn't looking hard enough ;)

Regards - Charles <-QUOTE}

The trial also uses activex to install.There is no .exe file that you can download.You need activex to install it so i guess those that have used IE eradicator may be out of luck with mcafee products.While im sure mcafee make excellent products , there doesnt seem to be any other reason to use activex, other than for ads or promotions....unless someone else knows the answer?.
ellison

ActiveX is nothing else than XUL in Mozilla. It's just a programming "language" for browser extensions. If McAfee uses it, thats not really an issue since ActiveX is made by McAfee Inc. It's safe i "assume" ::) But 3rd party unknown ActiveX plugins may pose a potential risk.

I think the point being made though ,is that ,you have to have activex enabled to use mcafee succesfully ,and the default setting in IE at present is to allow activex downloads ,which most people (who dont frequent forums like this) would use.It seems a little ironic to me that a great deal of spyware is installed using activex objects.... like porn diallers etc....,and yet a security firm is using that same medium, and for what exact reason ?
ellison

I guess heres a good example of activex insecurity?.....funnily enough involving mcafee virus scan
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=358
ellison

Well it doesn't matter much if you're not using IE6 for browsing.
I never bothered around ActiveX stuff that all people make so many noise, i use Firefox and sometimes Opera and had zero problems with "ActiveX" nasties.
IE6 is there but i don't use it.

{QUOTE-> Well it doesn't matter much if you're not using IE6 for browsing. <-QUOTE}
80+ % of windows users run IE. The issue here is that a security company is, as far as I can tell, using a browser security hole to deliver ads.

Regards - Charles

{QUOTE-> The trial also uses activex to install.There is no .exe file that you can download.You need activex to install it so i guess those that have used IE eradicator may be out of luck with mcafee products.While im sure mcafee make excellent products , there doesnt seem to be any other reason to use activex, other than for ads or promotions....unless someone else knows the answer?.
ellison <-QUOTE}

Not so.

ALL products that interface with Office MUST use ActiveX.
But that use is within te program itself and posts no danger to anyone.

{QUOTE-> I think the point being made though ,is that ,you have to have activex enabled to use mcafee succesfully ,and the default setting in IE at present is to allow activex downloads ,which most people (who dont frequent forums like this) would use.It seems a little ironic to me that a great deal of spyware is installed using activex objects.... like porn diallers etc....,and yet a security firm is using that same medium, and for what exact reason ?
ellison <-QUOTE}

The point that is being missed that ActiveX objects are used by ALL programs that interface with Office.

Of course, if you disable use of ACtiveX on your system, then lots of software will be unusable.

Enabling ActiveX in IE has got nothing to do with internal use by applications.

{QUOTE-> Enabling ActiveX in IE has got nothing to do with internal use by applications. <-QUOTE}
Hi Howard,

Unfortunately, ActiveX in IE has to be enabled to run McAfee. So if using IE to browse, that's a potential problem. If using Firefox et al, than there may be other problems, but not that one.

I can tell from your responses that you don't run McAfee and IE to gether:)

Regards - Charles

{QUOTE-> The point that is being missed that ActiveX objects are used by ALL programs that interface with Office.

Of course, if you disable use of ACtiveX on your system, then lots of software will be unusable.

Enabling ActiveX in IE has got nothing to do with internal use by
applications. <-QUOTE}

Huh?....enabling activex in IE has everything to do with mcafee (including being able to install the 30 day trial....from thier antispyware 2006 PDF file
.........................
What are ActiveX controls?
ActiveX controls are software modules based on Microsoft's Component Object
Model (COM) architecture. They add functionality to software applications by
seamlessly incorporating pre-made modules with the basic software package.
Modules can be interchanged but still appear as parts of the original software.
On the Internet, ActiveX controls can be linked to Web pages and downloaded by
an ActiveX-compliant browser. ActiveX controls turn Web pages into software
pages that perform like any other program launched from a server.
McAfee uses ActiveX controls in its applications, and you must download the
specific ActiveX components required for each application. Once these
components are loaded, you do not need to download them again unless upgrades
or updates become available.
Unfortunately, Netscape and some CompuServe versions are not
ActiveX-compliant browsers. To use McAfee applications with Netscape or
CompuServe browsers, you must go to the McAfee Web site to automatically
download the McAfee Activator Plug-in and have Internet Explorer version 5.5 or
later installed on your computer.
NOTE
Netscape 4.0 and later versions, as well as CompuServe 5.0
and later versions, are compatible with the McAfee Activator
Plug-in.
............................................
ellison

ellison

I would be intrested to know whether mcafee 2005 viruscan (or other editions) when used with a non activex compliant browser or activex disabled,says its been updated when in fact it hasnt ,which is implied by a user here (post eight)....

http://www.amazon.com/gp/product/customer-reviews/B0002T889Y/103-3232771-8503801?_encoding=UTF8

If that is true then it seems to be a serious problem.Is this true and if so has it been fixed?
ellison

{QUOTE-> I (imo).The first thing that popped up was how i could save 20 pounds on thier suite...mmmm.As security centre and the firewall was listed in add/remove programs i thought id uninstall the security centre ,because i didnt want any antispam functions ,or antivirus functions ,or ads from mcafee telling me how to save money if i did want them. <-QUOTE}

I dont know why you seem to get Ads with McAfee, but I thought you only got that kinda stuff if you signed up for the security center notification display's such as Virus alerts or special promotions! Other than that it seems strange to me, but I do understand some of the problems with the privacy + Spamkiller services installed, just look on the forums to see how much of the pain in the Ass, they can be if they are not working.

{QUOTE-> I dont know why you seem to get Ads with McAfee, but I thought you only got that kinda stuff if you signed up for the security center notification display's such as Virus alerts or special promotions! Other than that it seems strange to me, but I do understand some of the problems with the privacy + Spamkiller services installed, just look on the forums to see how much of the pain in the Ass, they can be if they are not working. <-QUOTE}

I guess i didnt know i had a choice , or that the last bulletin point actually meant a promotional popup.

"Access To Fully-Enabled Trial Subscriptions
Offers trial subscriptions to McAfee Security's managed world-class security products".

http://us.mcafee.com/root/product.asp?productid=msc

Also the statement ...
"Please note that Microsoft Internet Explorer 5.5 or higher is required to download and install McAfee products." is a rather ambiguous statement and suggests to me that IE is only required for installation and not continued operation.
ellison

{QUOTE-> Hi Howard,

Unfortunately, ActiveX in IE has to be enabled to run McAfee. So if using IE to browse, that's a potential problem. If using Firefox et al, than there may be other problems, but not that one.

I can tell from your responses that you don't run McAfee and IE to gether:)

Regards - Charles <-QUOTE}

I use IE, Firefox and Opera, not to mention do lots of OLE programming, so I do not disable ActiveX.

This thread is confusing two points.

1. Whether a particular program uses ActiveX internally. That is NOT a problem unless the program does something ITSELF to cause harm.

2. Whether a program allows other programs, not under its control, to use ActtiveX. THis is where problems can arise.

{QUOTE->
"Please note that Microsoft Internet Explorer 5.5 or higher is required to download and install McAfee products." is a rather ambiguous statement and suggests to me that IE is only required for installation and not continued operation.
ellison <-QUOTE}
I agree, otherwise people who use alternative browsers would not be able to run McAfee.

Downloading it with IE only of course ensures that activex is enabled.

So one more time:

Can't download McAfee w/o IE and activex enabled.

Can't browse with IE w/o activex enabled if running McAfee.

With alternative browsers - doesn't matter if activex enabled or not since they don't use activex.

Regards - Charles

{QUOTE->
Downloading it with IE only of course ensures that activex is enabled.
<-QUOTE}

Only when you are using IE, it's got nothing to do with other browsers.

{QUOTE->
Can't download McAfee w/o IE and activex enabled.
<-QUOTE}

It's just a result of a foolish choice that McAfee makes.
Other software also cannot be downloaded without using IE.
If you are saying that McAfee won't download AV updates unless ActiveX is enabled in IE. THen disable ActiveX when not doing such downloads.

{QUOTE->
Can't browse with IE w/o activex enabled if running McAfee.
<-QUOTE}

I find it hard to believe that McAfee would be so stupidly implemented.
Browsing is entirely separate from ActiveX. ActiveX would only matter if you wish to allow web sites to use ActiveX. Most sites do not require ActiveX.

Or put another way.
1. You cant download and install mcafee without activex enabled in an activex compliant browser
2. You cant update mcafee without activex enabled in an active x compliant browser.
3.The security centre seems to be mandatory for all home user products and also needs activex enabled in an activex compliant browser.
4.Mcafees use of activex in its security products has already caused a possible major security breach (see link in my earlier post) in Dec 2005.While all avs are suceptible to security breaches ,it still seems ironic (IMO), that mcafee would use a known medium (that much malware uses) and one that has been plauged by security problems in microsoft,hence IE7 with its new default security.
Apart from that and its promotional /ad centre , i do believe mcafee is one of the better avs for detection.
ellison

{QUOTE-> I used Mcafee with it's activeX for many many years and it never caused any kind of problem. I really believe that a lot of the malware or exploits are blown clear out of reality by word of mouth information. That is not to say that there isn't some very real and dangerous malware out there. but mcafee's use of activeX is not one of them. <-QUOTE}

Kerect!

IE7 causing McAfee update problems
{QUOTE-> New browser version blocking install and updates.

Security settings in the new version of Microsoft's web browser, Internet Explorer 7, are causing problems for users of McAfee software. Controls on ActiveX and software installation require users to accept eight warnings when installing, and nine when updating their software.

McAfee have released a workaround solution to the problem, with detailed instructions on their support site including 18 different steps needed to get a product installed, and a lengthy 25 steps required to allow updates.

03 November 2006 <-QUOTE}
http://www.virusbtn.com/news/virus_news/2006/11_03a.xml

LOL.

For a security Company, ActiveX and Security should be an oxymoron.

Actually I agree with those who mentioned the use of ActiveX and its security risks are blown out of proportion. I do not think anyone here would deny ActiveX or Java could foster a bad maleware under the right conditions, but I feel with proper security software and habits, the risk is small. To me there is no difference in reference to security risks of running ActiveX, Java or any other API. All of them are designed to run code for the benefit of the user, it is only when people learn to exploit it does it become a risk. Now this means that to be safe some say you need to disable Java or ActiveX from your system. Well why not take it a step further and simply be safer and unplug the machine from the Internet? To me everything we do in life imposes some risk, but it doesn't mean we should stop living. It is just reason to be careful in what we do and how we do it. To me running ActiveX for the years I have done so and using IE as my browser have never personally had anything negative come of it. I am running the latet Mcafee right now thanks to the advice of Bigc and I have to say he was correct in that it is a good product and I am very happy with it ActiveX or not.

I'm having a schadenfreude moment ;D

I'm glad that your experience with ActiveX is a happy one Ed.
{QUOTE-> To me there is no difference in reference to security risks of running ActiveX, Java or any other API. All of them are designed to run code for the benefit of the user, it is only when people learn to exploit it does it become a risk. Now this means that to be safe some say you need to disable Java or ActiveX from your system. Well why not take it a step further and simply be safer and unplug the machine from the Internet? To me everything we do in life imposes some risk, but it doesn't mean we should stop living. <-QUOTE}
The issue is the probability of a particular code's mis use. So I find it atonishing that someone would write that ActiveX and java script are no more pontentially harmfull than Notepad.

The hole in your logic is that personal experience must be universal.

{QUOTE-> I'm having a schadenfreude moment ;D

I'm glad that your experience with ActiveX is a happy one Ed.

The issue is the probability of a particular code's mis use. So I find it atonishing that someone would write that ActiveX and java script are no more pontentially harmfull than Notepad.

The hole in your logic is that personal experience must be universal. <-QUOTE}
I'm sorry, but I think you took what I was saying beyond the point I was trying to make. I never said it was just as safe as running notepad, thats just plain silly. I meant any API that is intended to run code within a browser.

What I was trying to say was no matter what technologies are used, there is always a risk. A person has to weigh the risks to their perceived benefits. I listed my personal experience with ActiveX as just that, my personal experience and did not say or intend the statement as a proof that running ActiveX is totally safe, just that in MY EXPERIENCE, I have not had any problems. This can be taken for what it is worth by the intelligent members of this board. If you hate ActiveX or Java, thats your right not to use it. I am not a huge fan of either technologies but they do work and whether we like it or not are pretty widely used in alot of software and web sites. Security software does seem to get large critics by the very nature of the potential security exploits which can occur running these. However, most people who are not biased against Mcafee, will tell you it might not be the best out there but it really is no slouch either. I am not sure how many Mcafee users have had their systems compromised because of the the need to be running ActiveX with Mcafee. All I know is I have never had it happen nor seen it on any systems I have supported that ran it.

All in all as I said each person needs to make their own choices as to what is safe enough for them to run. Heck I have known some people who will not even ride in cars or fly in planes because they feel the risks are too great for them.