The only reason that the average Joe is proof against rejecting McAfee is that the average Joe can't grasp just how mindbogglingly stupid this exploit is.
You know the piping that brings the stove gas into your house? We put a switch at the curb so that your neighbor's kid could pick natural gas, hydrogen sulfide, or hydrogen cyanide. The first is so you can have tea, the second two so you won't have bugs. Convenient, eh?
Job application: proof reader
"The image below outlines in red the screen element SecuriTeam’s informant attacked"
The only images below are links to other articles (or adverts)
(I can see the intended image on the securiteam article: https://blogs.securiteam.com/index.php/archives/3350 )
Is this model trusting 3rd parties not to be evil ??
Wow, but I'm not convinced this article has more than scratched the surface of the real security issue, likewise "fixing" it using HTTPS only fixes the 4th party exploit described.
It's not difficult to understand why a security scanner needs admin access to a system. This context presumably prevents normal sandboxing, as you would get for 3rd party scripts linked through a webpage - though I block such scripts generally. But even if the 3rd party content were provided using HTTPS is it really considered sane for such content to have the same admin access to the PC as the scanner it funds ? It sounds to me like the 3rd parties are probably not just getting access to _show_ you their content. An investigation into whether they are in fact or are capable of _accessing_ likely to be more valuable content on the machine being scanned seems called for.
Personal data seems likely to be more valuable than the right to display content during a scan or web page view, and it's why I'm refusing so many mobile apps inappropriate rights to access this on my mobile platforms which they don't need in order to deliver the functionality offered.
Adverts served may contain malware!
Antivirus programs may serve malware!
now i know.... why ATT, my current ISP gave this suite away to all its users