McAfee VirusScan failed Vista security test due to update problems

'A false sense of security is a dangerous thing', says VB technical consultant.

In the wake of the recent VB100 test on the new Windows Vista platform, VB has been in communication with the makers of many of the products tested. The developers of one of those adjudged to have failed the test, McAfee, have insisted that when their VirusScan product is fully updated with the data provided for testing it is capable of detecting the samples missed during our tests.

After intensive investigation, VB has found that detection routines for the two malware samples missed were indeed included in the update package provided by McAfee. However, when McAfee's manual update procedure was run it failed to apply the update to the product, despite both on-screen messages and logs stating that the product had been updated successfully. This behaviour was reproducible throughout the review period and has continued to be the case in several subsequent retests.

The problem was found to be a result of the way in which McAfee VirusScan interacts with User Access Controls (UAC) included in Windows Vista. Despite being run by a user logged on with administrator rights, the update program designed for use in sealed environments like the VB test lab was also required to be executed with the 'Run as administrator' option to succeed, but did not report this to the user or display an error messages when the update failed.

'We feel fully justified in denying the product the VB100 in this case,' said John Hawes, Technical Consultant at Virus Bulletin. 'The product reported it had updated itself. A user who is fooled into thinking they are running up-to-date protection is in as bad a position as one who is running up-to-date but inadequate protection; a false sense of security is a dangerous thing.'

'Users with more standard update methods would apparently not have had the same issue we did,' continued Hawes. 'The problem we had can be put down not to an inability by McAfee to keep up with the latest malware, but rather to a failure to properly integrate all aspects of the product into the new Vista operating system, and most importantly the new security controls. Vista caused trouble for a lot of products and this, though seemingly a minor issue, had a major effect on the protection provided by McAfee's product.'

Posted on 06 February 2007 by Virus Bulletin.