McAfee releases VirusScan with intrusion prevention

Discussion in 'other anti-virus software' started by the mul, Aug 30, 2004.

Thread Status:
Not open for further replies.
  1. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    McAfee releases VirusScan with intrusion prevention
    VirusScan Enterprise 8.0i integrates IPS and firewall with antivirus software

    IDG News Service August 30, 2004

    Antivirus software company McAfee Inc. said on Monday that a new version of its VirusScan Enterprise software contains so-called "intrusion prevention" features that can protect computers from attacks such as buffer overflows, which are often used by viruses, worms and malicious hackers to compromise vulnerable Microsoft Corp. Windows machines.

    VirusScan Enterprise 8.0i integrates IPS (intrusion prevention services) and firewall technology with antivirus software to protect personal computers and file servers from new malicious code outbreaks automatically. The new version of VirusScan also has features to manage new malicious code outbreaks, limiting the damage they cause, McAfee said.

    The announcement comes as antivirus software makers and networking equipment vendors look for ways to harden machines against possible compromise and crack down on a host of threats, from spam and spyware to bogus Web pages used in phishing scams.

    The new version of VirusScan incorporates host IPS technology from McAfee's acquisition of Entercept Security Technologies Inc. in April 2003. The Entercept technology allows VirusScan to spot malicious code used to exploit vulnerabilities in the Windows operating system and Microsoft Corp. applications like Internet Explorer, Outlook and Microsoft Office, said John Bedrick, group marketing manager for systems security at McAfee.

    The product requires periodic updates from McAfee, but Bedrick was reluctant to call the IPS updates "signatures," for fear of lumping them in with the frequent antivirus updates that are required when new worms and viruses appear.

    For example, VirusScan 8.0i spots malicious code that tries to exploit a known vulnerability in older versions of a Windows component called the Local Security Authority Subsystem Service (or LSASS). The recent Sasser and Gaobot worms spread by compromising machines using vulnerable versions of LSASS. VirusScan 8.0i protects Windows machines from any of those threats. However, unlike antivirus software, it does not require a new "signature" for each worm that targeted LSASS, Bedrick said.

    The new features are part of Protection-in-Depth, a McAfee program intended to provide many layers of defense against malicious computer activity, McAfee said.

    While IPS features in VirusScan improves that product's ability to spot malicious computer code, the new features do not turn VirusScan into a full-fledged IPS product. Instead, McAfee added a small set of IPS features that will provide the maximum protection to users while creating the minimum of "noise" such as blocking valid traffic, Bedrick said.

    Whereas a comprehensive IPS product like Entercept's prevent buffer overflows of any kind, VirusScan 8.0i limits buffer overflow protection to the 30 or so Windows applications and services that most McAfee customers use, he said.

    "The idea was to pick the applications and services that were the most commonly exploited," he said.

    In doing so, McAfee had to strike a careful balance between making VirusScan more proactive and turning it into a nuisance for users, he said.

    The release of VirusScan 8.0i is part of a larger push into the IPS arena at McAfee. In June the company, formerly Network Associates Inc., announced new versions of two intrusion prevention (IPS) products, IntruShield and Entercept, that it said will make it easier to protect corporate networks from so-called "zero day" attacks, attempts to break in to networks using previously unknown vulnerabilities.

    The company has more announcements planned for future releases that will enhance the ability of its products to spot malicious code before it can infect a customer network. Future features may include wizards and rules for configuring proactive security, he said.

    McAfee VirusScan 8.0i is not sold as a stand-alone product, but is sold in suites, such as McAfee Total Virus Defense, with other McAfee products. The product is available for free to existing customers with valid support agreements, and to new customers through McAfee and its partners, McAfee said.

    THE MUL
     
  2. shoe

    shoe Registered Member

    Joined:
    Oct 31, 2002
    Posts:
    201
    I am running It on XP Pro It ia a out standing program
     
  3. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Another happy user here :D
     
  4. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    I am glad u like this great programme.


    THE MUL
     
  5. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Mul, you will have to try and switch to a company which uses this AV :D

    But you seem to have more than adequate cover for malware threats with your software choice.
     
  6. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Here are some screenshots of this program.

    I am using this version without the ‘firewall’ or email scanner installed and it runs with 7 processes in memory for a total of 30 MB. The on-access Monitor, Mcshield.exe is taking up the majority of this with 19MB ( 16036 KB VM ). This produces no slowdown on my laptop, but as it has a 3.6GHz processor, this is not surprising. However, I have seen it running quite happily on much older computers in my Department at work. It takes up about 35MB of disc space.

    I have not used the Home version of VirusScan since version 4, but this Enterprise edition is supposedly a lot leaner than the recent versions of the retail product.

    Although not a retail product and therefore not as widely available as the Home version, it is worth checking if your Company/University runs this software.

    My University has been running both the Norton and McAfee Corporate products, particularly on the gateway, for many years but I was reluctant to use these on my Home computers.

    But do not be put off by the 'horror' stories reported by some people about the 2 big retail products and apply this to the Corporate editions. Both Norton and McAfee have excellent Business AV's, and according to my IT people, support is excellent.

    McAfee has always had a good reputation for its malware engine and this AV is well worth trying out if you have the choice.
     

    Attached Files:

    Last edited: Oct 23, 2004
  7. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Port Blocking, which is a 'firewall' feature.
     

    Attached Files:

  8. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    File, Share and Folder Protection.
     

    Attached Files:

  9. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    A number ( 200 ) of 'unwanted programs are now detected.
     

    Attached Files:

  10. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    The Monitor Settings; easy to use GUI.
     

    Attached Files:

  11. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Infection window. Quarantine is an option here.
     

    Attached Files:

  12. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Updates are incremental and very small which is very useful as I am restricted to dial-up. You can also schedule updates to include on dial-up.

    Extensive options are available and these include; Daily, Weekly, Monthly, Once, at System Startup, At Logon, and Run Immediately.
     

    Attached Files:

    Last edited: Oct 23, 2004
  13. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    Wow, looks like a real pro to me.
     
  14. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Indeed. It looks much much better than edition for home users.
    The thing i hated most was terrible configuration level (actually non existing) and popup that showed for each detected file seperately (imagine when you detect 30 malware files and you have to click 30 times in order to clean the mess). Its funny that they don't offer such package to home users.
    If not because of other things,at least because of that damn &%!*+### Security Center which is useless.
     
  15. chew

    chew Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    515
    Location:
    GeordieLand.
    The Mul & Blackcat.

    I help a friend installed it yesterday but I could not find the function to Scan the diskette?

    I think I saw few options somewhere that I could set it to scan My Computer, All Local drive etc., what is the different between them by the way?

    Cheers

    :D

    P/s: any conflict with Prevx or any other software so far?

    PP/s: How to uninstall older version of McAfee?
     
  16. wangk0998

    wangk0998 Registered Member

    Joined:
    Oct 23, 2004
    Posts:
    20

    me too
     
  17. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Simply right-click on your Floppy disc icon in the My Computer Folder and then click on the McAfee AV icon for scan for viruses. Or more long-winded, right-click on the system tray icon>On-Demand Scan>Where>edit>Item to scan>Drive or Folder>Browse>Select Floppy. See attachment.
    Chew, check in the help-file, it' s very good and does outline the differences between these.
    I do not use Prevx, but I have had no conflicts so far with my combination of software but I believe there is (was!) some conflicts between the program and some software firewalls, particularly Zone Alarm Pro, if Buffer Overflow Protection is enabled.
    If retail versions try here; http://ts.mcafeehelp.com/default.asp?siteID=1&resolution=1024x768&rurl=&rqs=
    http://forums.mcafeehelp.com/viewtopic.php?t=554
    If previous version was an Enterprise AV; http://forums.mcafeehelp.com/viewtopic.php?t=33187
     

    Attached Files:

    Last edited: Oct 23, 2004
  18. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    Hai Mul!

    What is the reason there are (right now) only 4400 virus definitions?

    I know the McAfee heuristics are very strong, but only 4400 definitions?

    Ciao,

    Smokey
     
  19. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Standing in for the mul,

    I may be wrong, but I think that the number of definitions does not mean viruses detected, but in fact only records. One record can stand for many viruses. Dr Web is similar to this.

    The length of time the McAfee engine has been about, I would think that the numbers of malware detected is on par with KAV and F-Prot.
     
  20. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    Thanks for the explanation!

    Ciao,

    Smokey
     
  21. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    It also depends on how company counts malware. Some count only entire families (for example Win32:Beagle A-Z is counted as 1 virus in the definitions count),other count every and each variant (so you get high number just for one family of viruses). Generic and heuristic detections cannot be counted (you cannot measure this), so these numbers don't mean much at all.

    Low total number of viruses detected by AV doesn't mean anything if the company counts each family as 1 virus type and uses strong heuristic/generic engine. In this case, it can easily outperform any other AV that says it can detect 100.000 viruses.

    Kaspersky for example has around 80.000 unique signatures(now go figure how they count them :p ). But it still has the best detection level you can get in these days.
     
  22. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Thanks for the clarification, RejZoR ;)
     
  23. chew

    chew Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    515
    Location:
    GeordieLand.
    Blackcat

    Thanks for the Uninstall links and the explanation.

    Cheers

    :D
     
  24. VikingStorm

    VikingStorm Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    387
    Is there a page somewhere that shows "unique signatures" # for Kaspersky? Or are you just a bit outdated :D

    McAfee numbers their definition releases (not sure when they started this), so the DAT# will generally go up 1 iteration every week or more depending on any outbreaks.

    (Kaspersky lists 102112 records, looks like McAfee has also reached over 100k at 104507.)
     
  25. Grumble

    Grumble Registered Member

    Joined:
    Apr 25, 2004
    Posts:
    185
    Location:
    the sunshine state
    The 4400 is the DAT Version number.

    You can go here to see the number of threats detected (104,507)

    http://vil.nai.com/vil/DATReadme.asp
     
Loading...
Thread Status:
Not open for further replies.