nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
Cisco and McAfee decide users just can't be trusted not to click on dodgy attachments

Anonymous Coward

Will that be the same McAfee that lets most new malware infect your PC...

...whilst eating most of your CPU time for zero benefit.

11
0
Anonymous Coward

Re: Will that be the same McAfee that lets most new malware infect your PC...

Yes.

1
0
Silver badge

Re: Will that be the same McAfee that lets most new malware infect your PC...

It's OK, because Cisco make rock solid equipment that never leave bloody great holes in your network.

2
0
Silver badge
Joke

Re: Will that be the same McAfee that lets most new malware infect your PC...

And this is exactly why this approach will be a success.

By the time Cisco and McAfee have both had a go at your computer, there's no way it'll be able to open any emails, let alone the attachments, and thus the attack will be stopped in it's tracks!

3
0

Re: Will that be the same McAfee that lets most new malware infect your PC...

What is the proof?

0
0
Silver badge

Won't work

Lots of malware these days can detect if it's running in a sandbox and decide not to execute. Malware code develops a lot faster than the programs designed to detect it.

2
0
Silver badge

Re: Won't work

That's why this is part of a layered defence, although I doubt Cisco and McAfee will call it that.

Can't rely on any one vendor to save you, especially McAfee IMHO it's an odd teaming up.

0
0

Re: Won't work

Seems odd, but makes sense if you're a customer. Often companies will have 20+ separate security products that don't integrate -- and they need them to. Collaboration and integration is a growing trend (Cisco and long-time foe Check Point are integration partners to share and enforce group policies).

0
0
Silver badge

Maybe im over simplifying this , in fact i know i am, but why not block all executables , including scripts , ( arriving via DL request or email ) at the front door?

problem solved.

0
1
Bronze badge

Because not all files coming in are easilly recognised as executables?

Word or Excel documents with macros for example.

3
0
Silver badge

"Word or Excel documents with macros for example."

tru dat. I guess you wouldnt get away denying users access to macros , but they would of course get scanned when they hit the email server (you'd like to think) , and on the pc as (before) the user opens them. Thats not a new thing . In fact how come mcafee has just decided users cant be trusted not to click on stuff? where have they been?

In fact if I was in charge I'd be holding word docs with macros in so the user has to justify why they are being recieved from outside , cos 9 times out of 10 the macro will be in there by accident and not required.

0
0
Bronze badge
FAIL

<snip> "In fact how come users have just decided mcafee cant be trusted" <snip> "where have they been?"

er, fixed.

1
0
Silver badge

users just can't be trusted not to click on dodgy attachments

I agree but its more of a training issue.

0
0
Bronze badge

Re: users just can't be trusted not to click on dodgy attachments

In a large enough company training gets expensive, especially if you have high turnover. Say, in a call center.

0
0
Silver badge

Re: users just can't be trusted not to click on dodgy attachments

users just can't be trusted not to click on dodgy attachments....I agree but its more of a training issue.

Training helps. But if you work in HR, Procurement, Accounts Payable etc you'll get shedloads of external emails with attachments that you need to open as part of your job. The bad guys are slowly getting better at hiding the executable element, and in a large business all the training in the world, all the IT Sec policies, all the threats of retribution against employees won't stop somebody somewhere eventually clicking to open a malware file, or following a link to a malware slinging website or file host.

0
0
Silver badge

Re: users just can't be trusted not to click on dodgy attachments

IT Sec policies aren't and should not be considered training.

The bad guys are also getting better at exploiting weaknesses in setup and harnessing the power of social engineering.

0
0
Anonymous Coward

Why not ?

Why not at least put an option in the email client to not have embedded links be live? (I'm looking at you, Thunderbird. ) I'll also point out that as far as attachments go, if the email client is configured for pop/smtp rather than imap, then the AV on the client machine gets a look at all attachements automatically.

0
0

Re: Why not ?

Isn't that called plain text emails? Just ban HTML and/or rich text emails..

0
0
Bronze badge

Well, they are right, some users can't be trusted to not click on malware laden attachments. Otherwise no one would be sending them because the ROI would be 0.

McAfee? I trust them about as much as I trust John McAfee and that ain't much.

0
1

Cisco as a security vendor isn't exactly front-line defense either.

0
0
Anonymous Coward

Stop at the door

I'm all for taking the decision to protect users from dodgy attachments away from the user, as they often click on things without considering if it's malware or a virus. I like locked down Windows User Profiles that don't allow independent installation of any unapproved software, for the same reason. The company owns the equipment (not the user), so the user gets what the company provides, regardless of whether they like it or not or want something else, or not. But McAfee? The only time any of my computers ever suffered a virus infection, is when using McAfee. I'd recommend Norton for this, as that has always protected every PC and Mac I've ever used.

0
0
Anonymous Coward

Re: Stop at the door

I've not seen Norton used in a business , but it used to be legendarily bloated on 90s home PCs .

0
0

Re: Stop at the door

It's Symantec Endpoint Protection in business guise.

0
0
Anonymous Coward

Not clear on the process here..

.. where exactly does the system take a copy for the NSA? Post cleanse, I presume?

0
0
Anonymous Coward

Re: Not clear on the process here..

Use Kaspersky if you'd rather the copy go to the FSB instead.

0
1
Bronze badge
Unhappy

Only Mr and Mrs Egg?

Where are the 'other' genders El Reg? How UnPC of you. There! I 'decided' that for you too........

0
0
EJ

Hmm... so where does this leave Cisco's AMP? It's a licensed product available on their ESA appliance which seems to be in direct competition with this McAfee ATD.

0
0

This is about the customer being able to make disparate vendor technologies work together. There's a lot of McAfee ATD customers in the world who can now use it with Cisco email security. They can also use AMP and ATD together with ESA for an additional layer of defense.

0
0
Bronze badge

This is new?

I'm not sure I'm following. Is tha article saying that McAfee has just added a feature other systems have had for years, or is there anything actually new in this press release?

0
0

Re: This is new?

Its new for McAfee ATD. What's new is former competitors are now collaborating and supporting interoperability.

0
0
Bronze badge

McAfee by Cisco

Is it just me, or is it a distinct posibility the intel orphan McAfee gets swallowed in Switchzilla's attempt to pivot to a Software company

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing