Maybe I’m a paranoid log-watcher (over a decade of being a sysadmin does that to you) but I have found that McAfee Secure isn’t actually scanning my web site daily, even at the port-scan level, and has skipped web application scans with increasing frequency over the last couple of months.
There are also several parts of my site which are configured to flag up invalid input, to help me provide proactive customer support. These used to generate a couple of dozen alerts a day due to McAfee scans. Then it started tailing off a couple of months ago and now it has stopped completely.
I’m very annoyed by this, because their service isn’t cheap and the McAfee Secure site seal is supposed to assure customers that sites are scanned daily…
It would be unethical at best to display their “scanned daily” seal if it is simply a lie to give people a false sense of security, so I’m not showing the seal at present, and wondering what to do next.
Has anyone else who uses McAfee Secure (formerly HackerSafe) noticed any skipped scans, especially over weekends?
If you use this service, please would you check your logs to see whether they’re actually doing a full scan each day?
Just a friendly note, be cautious sending any sensitive information (like login details) to someone who “says” they work for a company. Be sure to get their official McAfee email address.
Not that he’s not telling the truth, just better to be safe
Thank you for taking an interest in this issue WilliamMorris.
We’re currently subjecting our systems to additional scans from other vendors to compare accuracy and I will report the results here as soon as we have them - anonymously of course.
We have reviewed our first set of competing vendor results.
To save some blushes I won’t name them, because they haven’t taken any money for this:
Claimed vulnerabilities: 2 at level 5, 26 at level 4, 17 at level 3.
The good news? Almost every single one was a false positive, and all of the highest ones were, and the remaining ones might also turn out to be so on further investigation.
Our second set of results are in, and have alerted me to 4 issues rated level 3 with zero false positives. These were not flagged by McAfee Secure and should have been.
It is going to be a busy night…
Again, I’m going to keep the vendor name quiet because it wouldn’t be fair to name one without the other, and obviously I can’t reveal what site I represent or give full details of scan results, in the interest of protecting my users.
There’s clearly a need for publishable comparative testing of scan vendors to increase accountability in this marketplace.
