SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    SitePoint Member
    Join Date
    Jan 2010
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question McAfee Secure (HackerSafe) skipping scans?

    Maybe I'm a paranoid log-watcher (over a decade of being a sysadmin does that to you) but I have found that McAfee Secure isn't actually scanning my web site daily, even at the port-scan level, and has skipped web application scans with increasing frequency over the last couple of months.

    There are also several parts of my site which are configured to flag up invalid input, to help me provide proactive customer support. These used to generate a couple of dozen alerts a day due to McAfee scans. Then it started tailing off a couple of months ago and now it has stopped completely.

    I'm very annoyed by this, because their service isn't cheap and the McAfee Secure site seal is supposed to assure customers that sites are scanned daily...

    It would be unethical at best to display their "scanned daily" seal if it is simply a lie to give people a false sense of security, so I'm not showing the seal at present, and wondering what to do next.

    Has anyone else who uses McAfee Secure (formerly HackerSafe) noticed any skipped scans, especially over weekends?

    If you use this service, please would you check your logs to see whether they're actually doing a full scan each day?

  2. #2
    SitePoint Member
    Join Date
    Jan 2010
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi... Can you send me more details ?
    I'm on the MFe Secure team and can
    take a look.

    Thanks
    will

  3. #3
    SitePoint Wizard silver trophy
    beley's Avatar
    Join Date
    May 2001
    Location
    LaGrange, Georgia
    Posts
    6,117
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by WilliamMorris View Post
    Hi... Can you send me more details ?
    I'm on the MFe Secure team and can
    take a look.

    Thanks
    will
    Just a friendly note, be cautious sending any sensitive information (like login details) to someone who "says" they work for a company. Be sure to get their official McAfee email address.

    Not that he's not telling the truth, just better to be safe

  4. #4
    SitePoint Member
    Join Date
    Jan 2010
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Of course... I am trying to get
    to the bottom of the issue.

    Thanks
    Will

  5. #5
    SitePoint Member
    Join Date
    Jan 2010
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thank you for taking an interest in this issue WilliamMorris.

    We're currently subjecting our systems to additional scans from other vendors to compare accuracy and I will report the results here as soon as we have them - anonymously of course.

  6. #6
    SitePoint Member
    Join Date
    Jan 2010
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    We have reviewed our first set of competing vendor results.

    To save some blushes I won't name them, because they haven't taken any money for this:

    Claimed vulnerabilities: 2 at level 5, 26 at level 4, 17 at level 3.

    The good news? Almost every single one was a false positive, and all of the highest ones were, and the remaining ones might also turn out to be so on further investigation.

  7. #7
    SitePoint Member
    Join Date
    Jan 2010
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Red face

    Our second set of results are in, and have alerted me to 4 issues rated level 3 with zero false positives. These were not flagged by McAfee Secure and should have been.

    It is going to be a busy night...


    Again, I'm going to keep the vendor name quiet because it wouldn't be fair to name one without the other, and obviously I can't reveal what site I represent or give full details of scan results, in the interest of protecting my users.

    There's clearly a need for publishable comparative testing of scan vendors to increase accountability in this marketplace.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •