2 Replies Latest reply on May 14, 2009 2:16 PM by secured2k

    Are McAfee updates digitally signed?

      Are McAfee updates digitally signed?

      If I connect to a hotspot that may have been compromised, do I have to worry about McAfee downloading a virus instead of an update? I'm thinking that a DNS exploit could be used to trick McAfee into downloading a virus from a hacker's server instead of the update it thinks it is downloading.

      Do I need to disable updates while traveling?
        • 1. RE: Are McAfee updates digitally signed?
          The connection is secure, that's all we know. I'll ask internally regarding the digitally signed question.
          • 2. RE: Are McAfee updates digitally signed?
            Short Answer: Yes

            Your initial install and download come from a direct SSL/TLS connection to McAfee. These connections are not something that can be HiJacked or impersonated (without modification to your own machine's certs).

            When you install or update, the updater will connect using to an SSL/TLS connection to get data about where the update is located. The updater/installer will then download via normal http a CAB file for the component needed. This CAB file is digitally signed by McAfee (Verisign Class 3 Code Signing CA) to make verify its integrity.

            Many McAfee files that can be signed (especially drivers and executables) are also digitally signed. Future versions of the engine will also be digitally signed (as it is not at this time). The engine will do it's own integrity check of the DAT files to make sure they have not been compromised.

            If you suspect a DNS hijack, I suggest you manually configure your DNS to use your own DNS server or an OpenDNS server. You can Google OpenDNS for more information about it. However, an advanced hacker could route any DNS queries to anywhere, so for the highest level of security, I recommend you invest in some sort of VPN using a known trusted protocol (PPTP/MPPE, L2TP, IPSEC, SSL, SSH).