McAfee Security Suite

As most of you know, the Information Security Office has issued a comprehensive security standard which dictates that certain preventive measures be installed on all Institute-owned desktop and laptop computers. To help individual departments meet these requirements, ITS has licensed, deployed and managed products such as McAfee VirusScan at no cost to those departments or their divisions.

Over time, the nature of malware and attacks on desktop and laptop machines has changed. In addition to well-known types of attacks such as worms, trojans and viruses, attacks now include attempts to quietly install rootkit software that allows an outsider to take control of the machine, spyware that monitors your activity and reports it to a third party without your knowledge, and phishing attempts to trick you into revealing personal information to a hostile third party.

To address these new threats, the Information Security Standard has been revised, and additional measures are now required to protect desktop and laptop computers. To help meet these requirements, ITS has made several new McAfee security tools available:

  • Host Intrusion Prevention: HIP combines the protection of a firewall - one that is more granular and intelligent than the one supplied with Microsoft Windows - with the ability to spot Malware based on where is coming from and what it is trying to do to your machine. Virus Scanners detect Malware based only on its contents, but Host Intrusion Prevention examines a program's behavior as well. HIP has been available for some time, but has not been deployed in all departments. As of July 2009 it will be deployed to all managed machines unless a local system administrator blocks that deployment.
  • Anti-Spyware Enterprise: in the recent past, ITS has recommended a free product called "Spybot" to address this threat, but it involves additional system overhead and is difficult to properly maintain. McAfee Anti-Spyware Enterprise (ASE) functions as a simple enhancement to VirusScan Enterprise, enabling it to recognize spyware as well as traditional Virus-type malware. Your machine will not look or perform any differently than it does now when anti-spyware is deployed; the virus scanner will simply become more capable, and you will not need to run a third-party tool to deal with spyware.
  • Site Advisor Plus: McAfee Site Advisor is a browser plug-in that monitors your browsing activity and gives safety information and warnings before you visit a potentially harmful web site. It works with all versions of Internet Explorer and Firefox, and adds small site rating icons to your search results, as well as a browser button and an optional search box. These can display site ratings that are based on tests conducted thousands of times a day by McAfee, and can alert you to questionable email practices, browser exploits, Phishing attempts, e-commerce vulnerabilities, general annoying website behavior, and links to other potentially harmful sites.
If your machine is ePO managed, these tools will be deployed to your workstation automatically beginning June 23, 2009 unless your system administrator blocks their deployment in your area.

NOTE: if you are running spybot's "T-timer", or the real-time protection feature of Windows Defender, it will interfere with the deployment of Site Advisor. Please disable these if you are running either of them--they are not necessary if you have deployed McAfee Anti-Spyware Enterprise.