back to article Cisco and McAfee decide users just can't be trusted not to click on dodgy attachments

Cisco's adding McAfee's Advanced Threat Defense to platforms supported by its Email Security Appliance platform. The alliance is designed to make integration between the two systems easy – the Advanced Threat Defence (ATD) e-mail connector is a single checkbox in the McAfee UI, plus selecting permitted hosts and the file …

  1. Anonymous Coward
    Anonymous Coward

    Will that be the same McAfee that lets most new malware infect your PC...

    ...whilst eating most of your CPU time for zero benefit.

    1. Anonymous Coward
      Anonymous Coward

      Re: Will that be the same McAfee that lets most new malware infect your PC...

      Yes.

    2. Anonymous Coward
      Anonymous Coward

      Re: Will that be the same McAfee that lets most new malware infect your PC...

      It's OK, because Cisco make rock solid equipment that never leave bloody great holes in your network.

    3. phuzz Silver badge
      Joke

      Re: Will that be the same McAfee that lets most new malware infect your PC...

      And this is exactly why this approach will be a success.

      By the time Cisco and McAfee have both had a go at your computer, there's no way it'll be able to open any emails, let alone the attachments, and thus the attack will be stopped in it's tracks!

    4. Milhouse

      Re: Will that be the same McAfee that lets most new malware infect your PC...

      What is the proof?

  2. Sir Runcible Spoon

    Won't work

    Lots of malware these days can detect if it's running in a sandbox and decide not to execute. Malware code develops a lot faster than the programs designed to detect it.

    1. Halfmad

      Re: Won't work

      That's why this is part of a layered defence, although I doubt Cisco and McAfee will call it that.

      Can't rely on any one vendor to save you, especially McAfee IMHO it's an odd teaming up.

      1. Milhouse

        Re: Won't work

        Seems odd, but makes sense if you're a customer. Often companies will have 20+ separate security products that don't integrate -- and they need them to. Collaboration and integration is a growing trend (Cisco and long-time foe Check Point are integration partners to share and enforce group policies).

  3. Prst. V.Jeltz Silver badge

    Maybe im over simplifying this , in fact i know i am, but why not block all executables , including scripts , ( arriving via DL request or email ) at the front door?

    problem solved.

    1. Baldrickk

      Because not all files coming in are easilly recognised as executables?

      Word or Excel documents with macros for example.

      1. Prst. V.Jeltz Silver badge

        "Word or Excel documents with macros for example."

        tru dat. I guess you wouldnt get away denying users access to macros , but they would of course get scanned when they hit the email server (you'd like to think) , and on the pc as (before) the user opens them. Thats not a new thing . In fact how come mcafee has just decided users cant be trusted not to click on stuff? where have they been?

        In fact if I was in charge I'd be holding word docs with macros in so the user has to justify why they are being recieved from outside , cos 9 times out of 10 the macro will be in there by accident and not required.

        1. Captain Badmouth
          FAIL

          <snip> "In fact how come users have just decided mcafee cant be trusted" <snip> "where have they been?"

          er, fixed.

  4. Captain Scarlet Silver badge

    users just can't be trusted not to click on dodgy attachments

    I agree but its more of a training issue.

    1. Jonathan 27

      Re: users just can't be trusted not to click on dodgy attachments

      In a large enough company training gets expensive, especially if you have high turnover. Say, in a call center.

    2. Anonymous Coward
      Anonymous Coward

      Re: users just can't be trusted not to click on dodgy attachments

      users just can't be trusted not to click on dodgy attachments....I agree but its more of a training issue.

      Training helps. But if you work in HR, Procurement, Accounts Payable etc you'll get shedloads of external emails with attachments that you need to open as part of your job. The bad guys are slowly getting better at hiding the executable element, and in a large business all the training in the world, all the IT Sec policies, all the threats of retribution against employees won't stop somebody somewhere eventually clicking to open a malware file, or following a link to a malware slinging website or file host.

      1. Captain Scarlet Silver badge

        Re: users just can't be trusted not to click on dodgy attachments

        IT Sec policies aren't and should not be considered training.

        The bad guys are also getting better at exploiting weaknesses in setup and harnessing the power of social engineering.

  5. Anonymous Coward
    Anonymous Coward

    Why not ?

    Why not at least put an option in the email client to not have embedded links be live? (I'm looking at you, Thunderbird. ) I'll also point out that as far as attachments go, if the email client is configured for pop/smtp rather than imap, then the AV on the client machine gets a look at all attachements automatically.

    1. wikedstik

      Re: Why not ?

      Isn't that called plain text emails? Just ban HTML and/or rich text emails..

  6. Jonathan 27

    Well, they are right, some users can't be trusted to not click on malware laden attachments. Otherwise no one would be sending them because the ROI would be 0.

    McAfee? I trust them about as much as I trust John McAfee and that ain't much.

    1. wikedstik

      Cisco as a security vendor isn't exactly front-line defense either.

  7. Anonymous Coward
    Anonymous Coward

    Stop at the door

    I'm all for taking the decision to protect users from dodgy attachments away from the user, as they often click on things without considering if it's malware or a virus. I like locked down Windows User Profiles that don't allow independent installation of any unapproved software, for the same reason. The company owns the equipment (not the user), so the user gets what the company provides, regardless of whether they like it or not or want something else, or not. But McAfee? The only time any of my computers ever suffered a virus infection, is when using McAfee. I'd recommend Norton for this, as that has always protected every PC and Mac I've ever used.

    1. Anonymous Coward
      Anonymous Coward

      Re: Stop at the door

      I've not seen Norton used in a business , but it used to be legendarily bloated on 90s home PCs .

      1. Piro Silver badge

        Re: Stop at the door

        It's Symantec Endpoint Protection in business guise.

  8. Anonymous Coward
    Anonymous Coward

    Not clear on the process here..

    .. where exactly does the system take a copy for the NSA? Post cleanse, I presume?

    1. Anonymous Coward
      Anonymous Coward

      Re: Not clear on the process here..

      Use Kaspersky if you'd rather the copy go to the FSB instead.

  9. Howard Hanek
    Unhappy

    Only Mr and Mrs Egg?

    Where are the 'other' genders El Reg? How UnPC of you. There! I 'decided' that for you too........

  10. EJ

    Hmm... so where does this leave Cisco's AMP? It's a licensed product available on their ESA appliance which seems to be in direct competition with this McAfee ATD.

    1. Milhouse

      This is about the customer being able to make disparate vendor technologies work together. There's a lot of McAfee ATD customers in the world who can now use it with Cisco email security. They can also use AMP and ATD together with ESA for an additional layer of defense.

  11. david 12 Silver badge

    This is new?

    I'm not sure I'm following. Is tha article saying that McAfee has just added a feature other systems have had for years, or is there anything actually new in this press release?

    1. Milhouse

      Re: This is new?

      Its new for McAfee ATD. What's new is former competitors are now collaborating and supporting interoperability.

  12. EnviableOne

    McAfee by Cisco

    Is it just me, or is it a distinct posibility the intel orphan McAfee gets swallowed in Switchzilla's attempt to pivot to a Software company

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like