The McAfee Fallacy
The Dangers of Centralized Security & Virus Protection

This webpage is part of an on-going case study involving the McAfee Virus Protection company. Following is a typical inquiry to our security help desk.
I am really sorry. I was unaware that there was a virus on my computer. I have McAfee Virus Scan on my computer and it did not show a virus. How can I get this off my computer?
--- Tom

Tom had responded to our email (where we asked him to stop sending us the SirCam virus.)

It should be noted that Tom is not alone in his experience. Others have conveyed similar concerns. We have attempted to communicate with McAfee (and, TRUSTe Watchdog) in good faith. McAfee has not responded to our concerns in a prompt manner. After numerous attempts (and several months), McAfee did reply. However, they did not offer any assistance. Our most recent letter is included below. It is part of our reply to another "help desk" inquiry.

To: Help Desk

I thought you might be interested - about 2 weeks ago the hospital was infiltrated with the Internet worm. The entire hospital system was shut down for an entire day - the IS staff worked around the clock to fix the stations that were affected and then has spent the rest of the time updating all 500+ computer stations with new virus scans and making sure nothing else was involved. Hmmm sound familiar?

Concerned Citizen

Dear Concerned Citizen,

Ouch! Yes we've been seeing a drastic increase in violations. Unfortunately, most of the companies getting hit are not taking severe enough actions.

Virus protection and auto-scans are a good example:

"No one is sure that these viruses aren't leaving remnants behind. The only way you can know for sure is to THROW AWAY the machines. The next best alternative would be to reformat the harddrive and re-install the operating system."

That is to say, a virus protection program is no good after a virus has been activated. (Many viri leave a "backdoor" behind... allowing the bad guys future access to your computer.) And, in fact, virus scans can be a security breach in, and of, themselves -- any network that automatically connects to the Internet is at risk.

Here is a copy of our latest letter to McAfee (the virus protection company):

RESPONSE TO -- TRUSTe Watchdog #5650 [#18705736]

Dear Angela,

To the best of my knowledge, we have not yet received your answers to our privacy and security violation concerns. Since we plan on publishing today, we would appreciate your prompt attention to this matter.

In the event that you have misplaced our questions, we are happy to supply them again. And, while we were waiting for you to respond, a new FTC violation has come to our attention. So, please add these additional questions:

Is it misleading to consumers when you suggest that an automated virus scanning product is a good thing? How can a network automatically connect to a centralized server while ensuring a 100% secure connection? Isn't the nimda worm a perfect example of what can go wrong?

"Nimda is the first worm to modify existing web sites to start offering infected files for download."
-- F-Secure Virus Descriptions

That is to say, isn't "automatic Internet based software updating" a security threat in, and of, itself?

-------------original questions--------------------

a) did you place mobile code on my PC without my permission?

b) are you setting cookies on my machine without my permission?

c) what is done with the information collected from

d) is it possible to view your privacy statement without my privacy being violated?

e) as a shareholder, I tried to express my concerns to McAfee shareholder relations. When I clicked on the link for "shareholder relations" did you, again, place mobile code on my PC without my permission? Did you set cookies on my machine without my permission? Is it even possible to view the shareholder relation website without my privacy and security being violated?

f) as a consumer, are your advertising claims misleading?

"When you think your PC may have been infected, use Scan to find and remove viruses instantly."
-- McAfee website

Do you know of any product that can effectively eliminate all viri? Or, is there the possibility of remnants/backdoors, etc.?

g) is there anyway to effectively view your website with a browser's security settings set to "high" or "most secure?"

h) did you respond in a timely manner to my original complaint?

i) does your association with the TRUSTe Watchdog organization further mislead consumers and viewers? did their involvement delay action from being taken?

j) are you going to immediately cease and desist from these privacy and security violations, as well as, all other related activities including false and misleading advertising?

Thank you. I shall await your advice.

Help Desk

Have you had an experience with McAfee or other virus protection software?

Your Name

E-mail Address

Phone Number

Street Address

State & Zip Code

Please enter your questions and/or comments.

Click the submit button to send your request.
Before you submit any information, please remember: you need not give us any information. If you do give us information, you do not need to fill in all the fields. Any information that you do give, The Think-tank will never knowingly release until authorized to do so by you.

Thank you.

McAfee's Privacy Policy
Back To Business