McAfee patches flaw that turned protected systems into spam relays

McAfee SaaS Total Protection

Security software is an everyday necessity for most people, especially Windows users, businesses, and enterprises. But one of the ironies of security software is that, once in a while, it turns out to be the source of security problems all by itself. The latest instance involves McAfee’s SaaS Total Protection suite, a cloud-based solution designed to provide comprehensive email and and Web filtering along with centralized security management for businesses and organizations. However, McAfee has just had to issue an update to the service to block a flaw that could let attackers execute code on protected machines, and to fix another problem that could potentially enable attackers to turn protected systems into spam relays.

“Two issues in SaaS for Total Protection have arisen in the past few days,” wrote McAfee’s David Marcus in the company’s blog. “In the first, an attacker might misuse an ActiveX control to execute code. The second involves a misuse of our ‘rumor’ technology to allow an attacker to use an affected machine as an ‘open relay,’ which could be used to send spam.”

McAfee says the ActiveX control issue, while new, is similar to a problem the company patched back in August 2011: As long as customers have applied that update, they aren’t vulnerable to the new problem. McAfee has begun rolling out an update for the spam relaying issue, and customers should receive the update soon if they haven’t already.

The Saas Total Protection suite’s “rumor” technology enables protected computers to communicate updates with each other in a fashion like peer-to-peer networking. The idea is to distribute updates automatically in-house on local networks rather than forcing every protected system to grab new updates from McAfee, potentially straining an organization’s Internet connectivity. According to reports, the service installs itself even if users don’t specifically ask for it, and while it can be shut down using Windows’ built-in administrative tools it gets restarted whenever McAfee delivers a software update.

Although the spamming vulnerability never put data on protected machines at any risk, attackers were able to use the rumor service to essentially bounce email messages off the protected systems, making it appear to the rest of the Internet that the McAfee-protected computers were the origin of the spam, rather than the attackers themselves. As a result, some McAfee users were mysteriously finding their machines and networks blocked by spam filters — in one case, apparently by McAfee’s own antispam technology within the organization.

McAfee was acquired by Intel in 2010.

Smart Home

Ring Alarm vs. Nest Secure: Which one is right for you?

Thanks to the advance of technology, it's become really easy nowadays to secure your home and protect it from thieves, intruders, and unwanted guests. Which one of these two top contenders is right for you?
Smart Home

Porch pirate problems? Keep them away with these tips and tricks

The holiday season is fast approaching and the packages are arriving on our doorsteps. Are you worried about porch pirates stealing your gifts this holiday season? Here are some tips to help protect your purchases.
Computing

These are the 5 best free antivirus apps to protect your MacBook

Malware protection is more important than ever, even if you eschew Windows in favor of Apple's desktop platform. Thankfully, protecting your machine is as easy as choosing from the best free antivirus apps for Mac suites.
Computing

Best free parental control software for PC, Mac, iOS, and Android

The internet can be a dangerous place, especially for your loved ones. Check out our selection of the best free parental control software for Windows and Mac OS X, so you can monitor your child and block unsavory sites.
Computing

Is your PC slow? Here's how to restore Windows 10 to factory settings

Computers rarely work as well after they accumulate files and misconfigure settings. Thankfully, with this guide, you'll be able to restore your PC to its original state by learning how to factory reset Windows.
Computing

The Titan RTX graphics card is nearly here. Here's what you need to know

The Nvidia Titan RTX is arguably the most powerful consumer graphics card ever made, even if it's not really aimed at consumers. It bridges the 2080 Ti and RTX Quadro cards with boat loads of power.
Computing

Leak reveals that Nvidia’s RTX 2060 gaming chipsets will be headed to laptops

The latest leaks of Nvidia's upcoming RTX 2060 have given performance benchmarks and further detail about the future chipset and its capabilities, while a RTX 2060 Max-Q variant has also been discovered for thin and light gaming machines.
Computing

Looking for an Apple MacBook below $900? Woot has you covered

If you're looking for a great deal on an Apple MacBook, then Amazon's Woot may just have what you have been seeking. It has Macbooks available for only $810 with Intel M3 CPUs, 8GB of RAM, and 256GB SSDs.
Computing

Want to save a webpage as a PDF? Just follow these steps

Need to quickly save and share a webpage? The best way is to learn how to save a webpage as a PDF file, as they're fully featured and can handle images and text with ease. Here's how.
Computing

New rumors say the Pixelbook 2 could show up at CES 2019

What will the Pixelbook 2 be like? Google hasn't announced it, but thanks to rumors and leaks, we think we have a pretty good idea of what the potential new flagship Chromebook will be like.
Computing

A dead pixel doesn't mean a dead display. Here's how to repair it

Dead pixel got you down? We don't blame you. Check out our guide on how to fix a dead pixel and save yourself that costly screen replacement or an unwanted trip to your local repair shop.
Computing

You could spend $1,000 on an iPhone, or buy one of these awesome laptops instead

Finding a decent laptop is easy, but finding one under $1,000 is a bit tricky. Luckily, we've taken some of the guesswork out of picking out a budget laptop. Here are some of our favorites, the best laptops under $1,000.
Computing

Don't know what to do with all your old DVDs? Here's how to convert them to MP4

Given today's rapid technological advancements, physical discs are quickly becoming a thing of the past. Check out our guide on how to convert a DVD to MP4, so you can ditch discs for digital files.
Computing

Here’s how to install Windows on a Chromebook

If you want to push the functionality of your new Chromebook to another level, and Linux isn't really your deal, you can try installing Windows on a Chromebook. Here's how to do so, just in case you're looking to nab some Windows-only…