Firefox Advises Users To Disable McAfee Plugin

itwbennett writes "Mozilla is advising Firefox users to disable McAfee's ScriptScan software, saying that it could cause 'stability or security problems.' ScriptScan, which ships with McAfee's VirusScan antivirus program, is designed to keep Web surfers safe by scanning for any malicious scripting code that might be running in the browser. But according to Mozilla, it has an unintended side-effect: It can cause Firefox to crash ... a lot."

just go all the way and uninstall Mcafee

[Joe_Dragon]

It's just as bad as norton.

Re:just go all the way and uninstall Mcafee

[Anonymous Coward]

If it is as bad as Norton then uninstalling it might not be the easiest task.

Re:

[Tsingi]

If it is as bad as Norton then uninstalling it might not be the easiest task.

Hmm, time to shell out for the anti-anti-virus software.

Re:just go all the way and uninstall Mcafee

[Moheeheeko]

Or just dip your harddrive in battery acid. Best way of getting rid of Mcafee ive found.

Re:

[Runaway1956]

Just upgrade your computer. Introduce your hardware to Linux - it's a match made in heaven.

dd if=urandom of=sda1

reboot

install

Re:

[orphiuchus]

There are no games in heaven.

Re:

[poofmeisterp]

If it is as bad as Norton then uninstalling it might not be the easiest task.

Hmm, time to shell out for the anti-anti-virus software.

There's a free version called 'dd'.

I'm sorry.. I had to. :>

Re:

[NeumannCons]

I think that in addition to the virus detection code there's a *larger* amount of "valid paid-up subscription" nag code. The memory footprint of these things is truly stunning and kills machine's performance. Microsoft's Security Essentials used to be pretty lightweight but it's hitting middle age weight gain. At least it's not intrusive and doesn't nag you to pay up since it's free.

Re:

[Lifyre]

I beg to differ.

In my experience it is significantly worse than Norton.

Re:

[sconeu]

Damn... that's saying a lot!

Re:

[Lifyre]

They only thing I enjoy more than removing both of them from a system preferably with a large magnet is installing both and watching the system melt.

Re:

[sconeu]

You, sir, are a sadist (or a masochist, depending upon whom the system belongs to).

Re:

[Lifyre]

I use other people's machines. I don't let Norton or McAfee near my own hardware.

Re:

[brusk]

Would it melt, freeze, or both?

Re:

[Lifyre]

Ever seen a system lock up, kick on the fans, and then start to smoke? Something like that.

Re:

[Lifyre]

Unfortunately new discoveries are made all the time. Norton sucks but generally pretends to protect the computer and allows for minimal use of the system. McAfee removes all pretense and just removes the ability to use the computer.

Re:

[djl4570]

Removal is an option for most users of a managed corporate system. My employer gives us a lot of latitude in software and I am a local administrator but there are some things that are required. An approved antivirus and HDD encryption are required. I noticed a disabled extension last night on a freshly reimaged system after installing noscript. Didn't look for plugins.

Re:

[Twinbee]

Sometimes I think the use for such software is so you can appreciate the difference after the uninstall. I think some people become complacent at how fast their PCs are, and it's only after Norton/McAfee removal that they realise what they were missing all those years. That makes them happy - it's like a RAM or SSD upgrade for free.

Re:

[TheRealGrogan]

Yes, I remove McCrappy products on sight. It's a perfect example of a cure being worse than the disease. Most trojans don't cause the nausea or problems that McCrappy does, ironically.

Norton, on the other hand, is still living down a horrible reputation from last decade, but a modern standalone Norton Antivirus isn't that horrible anymore (I still nuke their security suites on sight). In fact Norton does have one very good program. It's their most popular one, and one of the most searched for when you start

Re:

[Runaway1956]

Not a bad question. Personally, I haven't looked at Norton or McAfee seriously in about 5 years. I USED to know which ones used how much memory, and how much they slowed down a machine. But, I upgraded to Linux, and haven't looked back. Maybe I should look again? Maybe - if I get really bored, or I get nostalgic for some good bondage and masochism.

Re:

[Calydor]

Avast is no better, I'm afraid, so may as well be mentioned here.

On my old, clunky laptop I decided to uninstall Avast in the hopes of getting just a bit more power out of it. Oops. Avast won't uninstall, kills its own uninstaller as if it's malware trying to disable the antivirus. Won't let me disable it manually. Won't let me friggin' boot to safe mode.

End result: Turned off as much of the program as I could, but it's still sitting there with wide, paranoid eyes about being put to sleep.

Re:

[Calydor]

Instructions:

Download aswclear.exe on your desktop
Start Windows in Safe Mode

BEEP! No can do, the laptop just shuts itself off mid-boot.

Obligatory punctuation Nazi comment

[John Jorsett]

program, is designed to keep Web surfer's safe

Keep his safe where?

S'erious'ly, do people ju'st put in apo'strophe's around random s's the'se day's?

Re:

[lennier1]

Well, if you cause the browser to crash before it gets any chance to theoretically access a malware source that could be counted as a form of protection.

Re:

[sgt scrub]

That is true. It might also explain the lack of stability in some operating systems. I think your on to something.

Re:

[Tarlus]

I think your on to something.

This discussion thread which rooted in punctuation Nazism is about to go full circle...

Re:

[sgt scrub]

I usually get 4 comments when I do that. I'm starting to feel ignored. :(

Re:

[poofmeisterp]

I usually get 4 comments when I do that. I'm starting to feel ignored. :(

*pat pat*

Your cool, dude. These thing's always get better.
:>

Re:

[Tsingi]

Whorey Jesuz's Your not gunna start bein' all smart 'n stuff air ya?

Ize guine ta havta git out my 'postrophe stencil 'n paint yer fourhed.

Re:

[hedwards]

Just because assholes feel the compulsion to point it out, doesn't mean that it's obligatory. It just means that you need to start taking you're medication again.

Re:

[poofmeisterp]

program, is designed to keep Web surfer's safe

Keep his safe where?

S'erious'ly, do people ju'st put in apo'strophe's around random s's the'se day's?

Nah, you just put apostrophes before EVERY 's' at the end of a word, not other letters. :-}

Re:

[Canazza]

Im pretty sure Its because theyve stolen them all from me.

What???

[lennier1]

A McAfee product which causes more problems than it solves?

I think you just destroyed my faith in the universe. ;)

Re:

[Tharsman]

It's like having the TSA in your computer!!!

Re:

[interval1066]

Sure, if the TSA were constantly nagging you to update thier agents with bigger scanning machines, more cash, more agents, shaking you down for no good reason, and letting actual al qaeda mercanaries through your airports, it would be just like macafees. Say... doh!

Re:

[Runaway1956]

What, you think the TSA doesn't constantly nag congress for all of that stuff? Or - you don't think that we pay for it when congress authorizes it?

Re:

[AngryDeuce]

My God, it's full of bloat!

Re:

[poofmeisterp]

My God, it's full of bloat!

You should see AVG. On a Windows XP machine (won't mention whose), the kernel showed a 79MB virtual memory usage before AVG, and a 171MB usage after install and update. This is the "System" process, not all processes, mind ya. The rest took the machine well over the previously good 256MB of RAM limit. And it's DDR, not DDR2/3, so it's less expensive to get a new machine.
/ramble

Re:

[arth1]

I am pretty sure that both McAfee and Firefox is at fault here. McAfee intercepts and alters data, and Firefox lacks proper input validation, and/or make incorrect assumptions about sequencing order.

The combination is deadly, but I'd place more blame on Firefox than on McAfee - even though MA AV is a P.O.S. doesn't mean that FF isn't.

Re:

[omglolbah]

It is a horrible assumption....

NEVER trust input from external sources... Ever...

Re:

[arth1]

Or, FF assumes that the plugins written for it return valid data. Not too bad an assumption, hmm?

That is a very bad assumption. You validate the data and reject it if it doesn't match the published API. If you accept data unconditionally and your app crashes as a result, the majority of the blame is with you.

It works!

[Metabolife]

If you can't surf the web, you can't get infected. McAfee has done it again!

Let the truth finally come to light

[MetalliQaZ]

I say this so often it should be in my sig... There is absurdly little difference between so-called "anti-virus" and desktop "internet security" products and the malware from which they are supposed to protect you. When family members ask me how I manage to happily use a 5 year-old PC that seems to be faster than their 1-2 year-old PC, I simply say "I don't have anti-virus installed"

Re:

[Lifyre]

It also depends on what anti-virus you have installed. Some such as Norton and McAffee are worse than most viruses. Some aren't nearly as bloated and heavy and don't impart much impact on typical use.

Re:

[Lifyre]

I have seen the light! You, sir, have caused me to repent my wicked ways!

Re:

[Infiniti2000]

It's not just about speed, though. Your 5-year-old PC may not be affected by a virus, but assuming that an infected computer runs about the same speed as an unaffected computer with full AV protection, at least the unaffected computer isn't spamming a bazillion people and giving out the user's identity for theft crimes. What's more important to you, running your computer faster or making sure your identity isn't stolen? I'm not saying that all malware is a root cause of identity theft, but if people beli

Re:

[Runaway1956]

No way in hell are people - myself included - going to think that a slow computer is better than any alternative.

I've already dropped a couple remarks about Linux. Let's just suppose for a moment that Linux desktops are targeted in the next several months, and our virus environment gets to be as bad as Windows. Will I install a resource hog like McAfee or Symantec? No way. Instead, I'll shut down services, encrypt everything, only use HTTPS - you know, all those "best practices" things that the real sec

Re:

[sjames]

If Free Software ever actually needs anti-virus, it will bear little resemblance to the nightmare that is AV on Windows. The only reason for the heavyweight crap is marketing bullet points.

If your browser is isolated and your email is isolated, and you scan removable media, you won't get a virus. There's no need to hook the entire OS and scan every file as it's opened or any junk like that. There would probably be a libav.so that can do the scans for incoming attachments and downloads for any program that w

Re:

[Runaway1956]

It's generally more secure than the desktop releases, due to "default" settings. Even if it's not more secure, the wife and kids don't know how to navigate in it, so they won't even want to get on it. I ran Win2003 for a good while, converted to desktop use. It was actually pretty nice, with all the lockdowns in place.

I suppose this is where you'll tell me that I should look at Win7. I have. It's a definite improvement over XP and Vista, but it's not much of an improvement over 2003.

Re:

[AtomicJake]

How often did your AV actually block a virus that would have been executed otherwise (this questions excludes emails with attachments that you would have never opened? It never has happened to me within the last 10 years. So what's the value of an AV for a user, who knows what he does?

However, I have seen many people with AV that have been infected nevertheless (especially by downloading and installing games from dubious sources). So, what's the value of an AV, if some viruses come through?

Note: Software

Re:

[Anonymous Coward]

This doesn't tell the whole story. The reason you don't have issues is the same reason you don't feel you need AV software -- you don't do stupid stuff on your computer. If users would take the time to read what comes up in their screen instead of just clicking it as quickly as they can to get rid of it and use a little common sense, nobody would need AV.

Re:

[Canazza]

not entirely, there's the old buffer overflow injection attacks that let hackers run native code and other such vectors that, while rarer nowadays, don't rely on user stupidity.
If users weren't so stupid, we'd probably see more hackers attempting to find security holes in the software.

Re:

[Anonymous Coward]

True for you. True for me. Not true for most of my family who will happily click every link in sight.

Re:

[MetalliQaZ]

Either way, their system is shot. McAfee or the Malware, both trash their experience.

Here's a better option: Firefox + AdBlock Plus + NoScript + Ghostery.

Re:

[Zibodiz]

Or, in my case, I've installed Ubuntu on all my family's machines. I'd rather spend time explaining how to use Software Center and Gnome quirks than spend even more time removing viruses. For my dad, who is particularly uninterested in change, i set up a VM running Ubuntu that automatically starts a fullscreen Opera instance, and that's his 'browser'. It does everything that he would do in any other browser (except copy & paste to his windows desktop -- which he doesn't care about anyway), and the st

Re:

[Vegemeister]

Unfortunately it is very difficult to convince laypeople that the benefits of default-deny are worth the very small inconvenience.

WAhhhh! I don't want to right click and temporarily allow the cdn! I just wanna tend mah crawps!

Sorry. Luser interaction flashback.

Re:

[Just Some Guy]

Everyone here knows how it goes: I ended up being the unofficial tech support for all my friends and family. Even after swearing that I didn't know much about Windows, I accidentally helped someone clean up their PC and word got around. Anyway, I have a patented plan for fixing two-year-old computers that run like molasses: 1) uninstall Norton, McAfee, AVG, and ever other antivirus program I find; 2) install MS Security Essentials; and 3) make them buy more RAM.

MSE doesn't have a vested interest in visibly

Way to go

[Muramas95]

I suggest that people switch to MSE or Avast and stay away from AVG, Norton and McAfee... If you are worried about bad sites install adblock plus and WoT (web of trust).

Re:

[Cro Magnon]

Agreed. I've never used AVG, but I had few problems with Avast, and none with MSE. Norton, OTOH, is worse than a virus, and I've heard Mcafee isn't much better.

Re:

[Canazza]

AVG i've had no problems with, although for the last few months it pops up with a "AVG Security Update" that sends you to a "Look what we protected you against" page that attempts to validate it's worth. It presents it's global statistics (I think) as statistics relating to you alone. Making you think you've really, nearly, had 12,000 attacks in the last month.

McCrappy Anti-virus

[BulletMagnet]

Glad they do such great QA work, since like nobody uses FireFox.....

"...since nobody uses Firefox"

[DesScorp]

Fewer people are going to, with their boneheaded moves of late. I don't use anything McAfee makes, but after breaking so many plugins, perhaps the better advice would be "disable Firefox".

Re:

[sjames]

Genuine curiosity here, how many plugins do you use? I keep hearing about Firefox breaking a bazillion plugins every single time, yet I have never had it happen to me. I'm trying to figure out what I'm doing so different.

The best solution for Firefox stability problems..

[Insidious Oatmeal]

...is to uninstall the bloated piece of crap that is Firefox and install Chrome. :D

Re:

[Dyinobal]

actually Firefox seven is pretty nice I'm considering moving from chrome back to it.

Re:

[Insidious Oatmeal]

Yes, but Chrome has the "actually @^@#$ing works" feature, whereby the browser actually @^@#$ing works! Sometime around Firefox 3.6-ish, I couldn't keep more than one or two tabs open in Firefox without it crashing on me. I switched to Chrome and haven't regretted it for an instant.

Re:

[hedwards]

That surprises me, I haven't had much trouble at all with Firefox in years. It seems to have more trouble on Linux, but even there it doesn't crash that often.

Re:

[cbope]

I would go so far as to say 3.6-ish was a low point for Firefox. Firefox 7, if you have not tried it, is very good. I can't stand Chrome for more than 5 minutes.

Re:

[SleazyRidr]

A new account would suggest that he'd just signed up to shill for Mozilla. Although, you can look at his posting history and see that he was complimenting Chrome not too long ago, so he's probably genuine.

Re:

[MetalliQaZ]

That joke is sooooo six weeks ago.

Re:

[dgatwood]

Followed by "You are horribly out of date. Firefox -2147483648 is three days old. The current version is 2147483648. Would you like to download the update?"

And immediately after the relaunch, "You are horribly out of date. Firefox -2147483648 is three days old. The current version is 2147483648. Would you like to download the update?"

And immediately after the relaunch, "You are horribly out of date. Firefox -2147483648 is three days old. The current version is 2147483648. Would you like to download th

Re:

[Caerdwyn]

But FireFox is a 32-bit application...

Re:

[dgatwood]

Doesn't mean it can't do 64-bit math. Just use uint64_t or unsigned long long.

Re:

[Muramas95]

I have no idea why you think that, it has been proven time and time again chrome uses WAYYY more memory than firefox, over twice as much. http://www.tomshardware.com/reviews/firefox-7-web-browser,3037-14.html [tomshardware.com] Chrome is the bloated one.

Re:

[0123456]

Firefox leaks memory like a sieve and is extremely unstable. Chrome just works.

Firefox has been running here for over a week with seven windows and about twenty-five tabs open. It's using 190MB of RAM. Chrome hands your soul to Google. Hmm, which would I prefer?

Honestly, how do all these Google fanboys manage to get Firefox to crash regularly or eat RAM? I've rarely seen a crash and the RAM usage seems reasonable for the number of pages it has open.

Of course I do have noscript installed, but everyone should do that if they don't want their computer pwned by a remote exploit.

Re:

[JonySuede]

no need for noscript, adblock is sufficient to stop those leaks....

Re:

[Belial6]

It only takes one or two to watch the bug lists. Then when a memory leak gets reported, they repeat the behavior on the specific version over and over until they can actually see the result of the bug. They then loudly declare the software unusable, and tell all the other people with the same dysfunction how to "prove" that the software doesn't work.

This dysfunction is not limited to Firefox, and I don't think it really has anything to do with being a fan of Google. It appears to be more about wanting

Re:

[HiThere]

There was a version of FireFox recently that had a bad memory leak. I used to need to restart it nearly every other day. That seems to have been fixed, though.

Re:

[0123456]

Go open at least 200 tabs to random pages and then start your normal browsing.

Yes, because opening 200 tabs to random pages is normal web browser usage and Firefox shouldn't need more than 2MB of RAM to do so.

Re:

[mad_minstrel]

Actually, I was curious so I did it. 1.8 GB. Worked fine if slightly sluggish in the Tab Groups view. Now somebody try the same thing with Chrome.

Re:

[nabsltd]

No leaks like that exist in firefox 7,

Yeah, they do.

Sitting with only 3 tabs open (iGoogle, The Daily WTF, and Techdirt), Firefox 7 keeps increasing memory usage to about 900MB. At that point my system becomes so slow (due to having only 3GB of total RAM) that editing this post causes the system to pause for about 5 seconds after every 10 or so characters typed. So, I restart Firefox and it's OK again for a day. But, if I leave it running overnight right after a restart with just those 3 tabs open, by the next morning it's at 700MB.

This only

Re:

[mandelbr0t]

Yep, time for me to do that too. Disabling the Java console was the last straw. I need to write applets for school work.

If I was a conspiracy theorist...

[jenningsthecat]

...I might just suspect Microsoft's hand in this somewhere.

Chrome and IE?

[Twinbee]

Hopefully, it crashes Chrome or IE too. It'd be a shame for only Firefox users to uninstall needless software.

McAfee

[Oswald McWeany]

As one would expect of a security company whose name sounds like it belongs on the McDonald's dollar menu and served with cream.

* It is a greasy mess and will bloat your computer
* It will ruin your web-nuggets
* Not protect you from viruses. McAfee couldn't stop salmonella.

Metrics on McAffe Pain ???

[drerwk]

I have the McAfee slows me down argument with IT once or twice a year, but it has been easier to move to OS X and Linux than to get McAfee off my Windows machine. What I would like is an effective way to measure the pain. IT always points out that McAfee is only taking 5% or whatever of my CPU - but I know it is I/O bound as it scans every file opened and that is not reflected in CPU use ( can I argue 1-CPU use is the right metric ?). And I suspect it scans the whole file even if the whole file is not read.

Re:

[dgas]

http://www.zdnet.com/blog/ou/proof-that-antivirus-software-makes-your-pc-crawl/327 [zdnet.com] >>The desktop Antivirus suites all appear to make your PC run slower than a 5 year old computer when it comes to slowing hard drive I/O down which is the biggest factor in PC wait times. Norton Internet Security 2006 was the worst resource hog, McAfee VirusScan Enterprise 8 was the second worst, It's only the second worst! This is from 2006, but we both know they haven't improved since.

Re:

[omglolbah]

Where I work they 'fixed' that slowness by moving to solid state drives....

Amusingly there was a huge thing recently where an oil rig control system got infected with a 'facebook virus' even though a fully updated mcafee said it was clean... Trend caught it though.... Wonderful stuff :p

I'm mostly fine with the antivirus at work... The local firewall though is driving me up the fecking wall.... I usually end up booting to safe mode and disabling the fucker to do my work.... I do not need yet another layer of

They're catching up with me, almost

[grasshoppa]

I advise people to uninstall Norton and Mcafee as a general rule. I can't tell you how often I clean systems with those two products on it, happily grinding away the CPU cycles telling you that everything is fine despite the rampant infection of whatever AntiVirus 2011 variant is going crazy on the machine.

Remove McAfee Completely

[Joe Jordan]

McAfee offers a removal tool to cleanly uninstall their products. I use it any time I clean up a system: http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe [mcafee.com]

Could rapid release be the cause of this?

[linebackn]

It is conceivable that the real issue here is that Firefox's new rapid release is causing various compatibility problems to crop up at such a fast rate that the third parties can no longer fix issues in their software quickly enough.

In the past it was not uncommon that a major browser release would introduce compatibility problems, or the need for additional small features, with third party programs that interacted with them. There would be a month or so before those issues were resolved and it was back to

Some questions for Mozilla

[rossdee]

What (Commercial) anti-malware programs do FF developers recommend

What (free) anti-malware programs do FF developers recommend

Does this issue affect SeaMonkey?

Where can I get cheap 3 metre poles for not touching either norton or mcaffee with.

In other news:

[kheldan]

People are still using McAfee?

Re:

[poofmeisterp]

People are still using McAfee?

Yeah, it unfortunately comes installed on many OTS machines, just like a Norton teaser edition does. It's my first uninstall whenever I give a user's machine a "checkup."

ScriptScan is NOT a plugin

[_0xd0ad]

ScriptScan is an extension. Extensions and plugins are not the same thing.

Plugins only run when content in a page requires the plugin to be loaded. Extensions can run whenever they want.

A bad plugin can be killed by ending the process plugin-container.exe. A bad extension cannot, and can cause your entire browser interface to hang up, which should trigger Firefox's warning about a script that seems to be taking a long time.

Re:

[_0xd0ad]

Well, usually you start by ending the one that's using 50% of the CPU time on your dual-core machine.

Re:

[_0xd0ad]

Wouldn't know. I don't use the Adobe PDF plugin, it's nothing but a virus infection vector anyway. If I download a PDF - if I intended to download a PDF - I might open it in Adobe Reader proper.

Re:

[SleazyRidr]

In my experience Firefox doesn't need any outside help to crash.

Re:

[Caerdwyn]

On my Vista/64 box, I'm running F-Prot and SpyBot Search&Destroy. I just plain don't have problems with malware OR with security software bogging me down. I used to run AdAware also, but it started randomly jumping to 50% CPU usage and staying there, so that's off the list. Sorry, LavaSoft, your current quality sucks. In any event, it doesn't seem to have been necessary given the presence of the other two.

Mind you, I also patch.

IE9 is actually pretty good. Security-wise, it's currently doing better

Re:

[broken_chaos]

I think the summary confuses 'plugin' with 'extension'.