Sunday, November 4, 2012
I just had an interesting/bad thing happen.
The same day that McAfee identified and blocked a buffer
overflow exploit in Microsoft Word, McAfee had previously
performed a lengthy software update that required a re-boot.
I didn't realize until a half hour ago (three days later!) that
there was a new feature in the program's firewall called
Intrusion Detection, which says "Protect yourself from hackers
who exploit weaknesses in your operating system or programs to
take control of your PC. Learn more," with a checkbox for Use
Intrusion Protection, with the options being "Basic -- Detect
activities that are very likely to be attacks. (Recommended)"
and "High -- Detect suspicious activities, even though some
might not be attacks."
What blows my mind is that the Use Intrusion Protection box
was not checked. What the Hell, McAfee?!?!?!
I checked the box and chose High, then clicked Apply. Then
I clicked on Learn more, which opened Internet Explorer.
Right then and there, a McAfee box popped up saying...
McAfee blocked suspicious program activity. Please check for
updates for this program and for your Windows operating system.
About This Detection
Program: Internet Explorer
If your attempt to fix the issue doesn't work, and you think it's
a false alarm, change your intrusion protection settings in
So, I unplugged my ethernet cable, clicked on Home inside
McAfee, then clicked on Security History. At the top is
PC intrusion blocked
Program name: IEXPLORE.EXE
I clicked on the + to expand the section, and saw this:
Firewall blocked a hacker from exploiting the Buffer_Overflow
weakness in C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE on
What I'd like to know is why is it that the popup only said,
"McAfee blocked suspicious program activity. ... If your attempt
to fix the issue doesn't work, and you think it's a false alarm,
change your intrusion protection settings in Firewall." instead
of telling me outright, "Firewall blocked a hacker"?
So, it looks like the reason I got malware on my computer
and hacker attacks is that McAfee's new software is sent with a
new feature called Intrusion Protection which is turned off by
default!?!?!? That makes it McAfee's fault!!!
This is the first time I have ever had an anti-virus program
detect a PC intrusion attempt, in my 12 years as an owner of a PC.
I have gotten trojans and viruses, but never a detected intrusion
attempt until now.
Message was edited b: stephe to change "Security Center" to "SecurityCenter." on 11/4/12 5:31:13 PM CST