McAfee Security Scan Plus: a question

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
according to McAfee:

McAfee Security Scan Plus is a free diagnostic tool that ensures you are  
protected from threats by actively checking your computer for up-to-date  
anti-virus, firewall, and web security software. It also scans for threats  
in any open programs.  

Address : <http://www.mcafee.com/us/downloads/free-tools/freescan.aspx


?

question is:

does it just check for running-and-up-to-date programs or is a full  
antivirus system ("It also scans for threats in any open programs") ?
--  
/-\ /\/\ /\/\ /-\ /\/\ /\/\ /-\ T /-\
-=- -=- -=- -=- -=- -=- -=- -=- - -=-
Quoted text here. Click to load it
........... [ al lavoro ] ...........

Re: McAfee Security Scan Plus: a question

Ammammata wrote:

Quoted text here. Click to load it

It's a freebie.  It's just a scanner.  Just like Trend's Housecall, it
may find pests but it won't swat them for you.  After it finds a pest,
you either buy the scan-only tool or you use a different anti-malware
program (free or paid) that will do the swatting.

You download a client whether it be an executable that runs outside your
web browser or is an add-on or ActiveX control that loads with your web
browser to act as the client.  Look at the size of the deliverable.
Doesn't come close to a full-blown local security product.  That's
because all it has to do is scan.

Scanning is good if the engine is known to detect lots of pest.
However, if it detects a pest, what are you then going to do?  The
scan-only client isn't going to do anything about the pest.  It just
tells you it is there.  Once a detector says you have an infestation of
carpenter ants in house, then what?  You have to do something MORE than
just detect to get rid of the ants.

I say swat instead of disinfect or eradicate because almost always the
anti-malware programs leave behind some bug juice after removing the
pest.  There may still be settings in the OS or apps, orphaned registry
entries or files, or other remnants (bug juice) left behind when trying
eliminate the pest.  The pest is mostly removed and dead but usually
there's something left behind.

There are scan-only clients that will check for updated signature
databases.  When you run them later, they update (or use a newly cached
copy of a sig download) and then scan.  Some require you to re-download
a later version of the client because the sig database is embedded in
the client.  Trend's Housecall is like the latter scheme, so you have to
revisit their web site to download their latest scan-only client.
McAfee gives no clue if their scan-only client will check for sig
updates or if you have to re-download their client so it has embedded
their latest sigs.

These scan-only clients only use sigs to determine if there is a pest.
They may also look for static fingerprints, like certain keys in the
registry or a certain set of settings that got changed there, to detect
a pest.  They can't do any heuristics or HIPS detection of pests because
they don't stay resident to monitor what is happening on your computer.
As such, they will find pests only by sigs which means they are not as
effective a full security program.  Also, the ones that I've tested (and
long ago abandoned) did not scan memory images (for loaded or "open"
programs) to see if processes already loaded were pests.  They just scan
files (which also then includes the registry since it is in files).

Since these are scan-only clients, they only tell you about pest if they
find one.  They don't do anything about the pest.  That'll be up to you
to figure out which process to kill, which files to delete, which
registry entries to alter or delete, how to determine if it is a rootkit
and how to eradicate it, and so on.  With a scan-only client, it's up to
you to do all the work to remove the pest.

Look at it this way: a scan-only client is like how your house gets
assayed for its value for the gov't to know how much is the value of
your house to determine how much they are going to tax you.  The assayer
drives by and pauses in front of house, gives it a once-over, and leaves
with his estimate.  He didn't walk around the house.  He didn't go into
the house.  He took a quick lookie.  That's what a scan-only client is
like that relies on sigs to match against files seeing if any of those
files are infected.  They take a once-over at your files.  That's how
you should consider the effectiveness of these scan-only clients: they
take a quick look trying to match files against sigs but they don't
watch operation or probe elsewhere.

You'd be better off getting a free anti-virus/malware product than rely
on scan-only clients.  As with scan-only clients providing minimal
detection of pests, security products that rely on the "cloud" to submit
hashes of files against a server-side database or do some vague
"analysis" of submitted files are also weak compared to other solutions
when there is no Internet access.  Your ISP's Internet service can go
down (I just had an outage for 4 hours during the early morning today),
a node (host) in the route (which is static, not dynamic, in the routing
tables until they get updated) between you and their server could
prevent you reaching that server (the node could be unresponsive, dead,
or super slow), you might be travelling so not connected to the
Internet, and other reasons why you cannot connect to their server.
Even the malware might prevent network access.  Panda is okay but
becomes weak compared to other solutions when it has no Internet access
from you to their server.

You really think a scan-only client would afford you the same protection
against malware compared to a full security product?  I think your post
was wishful thinking (well, hoping) that a free scan-only client would
be all you need.  Even then, unless the author says their scan-only
client will itself retrieve updates, you have to plan on periodically
re-downloading their scan-only client to make sure you have the latest
sigs.  Considering the user must manually instigate an execute of the
scan-only client, it's a guarantee the user won't run it often enough.
You run a scan only today and tomorrow comes along a pest trying to chew
through your door.  

If manually running a scan-only client is the granularity you want for
protection then that's all you need - until it finds a pest and then
you'll have to do the work or removal.  Most users want a security
program that is active and constantly monitoring their computer while
getting updated as short intervals and has some level of eradication.
Best is to never let in the pest but no security product can guarantee
that so removal is also needed.  Scan-only won't tell you about pests
trying to get into your computer, it won't tell you about bad behavior
occurring on your computer, and it only happens when you decide to
manually run the scan-only client.  Not really good protection.

Re: McAfee Security Scan Plus: a question

Ammammata wrote:

Quoted text here. Click to load it

You aren't concurrently running (active) both Symantec and McAfee
security software, are you?  One has its real-time (on-access) scanner
deleted, right, and it's used as a 2nd opinion manually instigated
(on-demand) scanner, right?

Site Timeline