Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Firefox Security Software News

Firefox Advises Users To Disable McAfee Plugin 213

itwbennett writes "Mozilla is advising Firefox users to disable McAfee's ScriptScan software, saying that it could cause 'stability or security problems.' ScriptScan, which ships with McAfee's VirusScan antivirus program, is designed to keep Web surfers safe by scanning for any malicious scripting code that might be running in the browser. But according to Mozilla, it has an unintended side-effect: It can cause Firefox to crash ... a lot."
This discussion has been archived. No new comments can be posted.

Firefox Advises Users To Disable McAfee Plugin

Comments Filter:
  • by Joe_Dragon ( 2206452 ) on Wednesday October 05, 2011 @09:06AM (#37611824)

    It's just as bad as norton.

    • by Anonymous Coward on Wednesday October 05, 2011 @09:08AM (#37611848)

      If it is as bad as Norton then uninstalling it might not be the easiest task.

    • I think that in addition to the virus detection code there's a *larger* amount of "valid paid-up subscription" nag code. The memory footprint of these things is truly stunning and kills machine's performance. Microsoft's Security Essentials used to be pretty lightweight but it's hitting middle age weight gain. At least it's not intrusive and doesn't nag you to pay up since it's free.
    • by Lifyre ( 960576 )

      I beg to differ.

      In my experience it is significantly worse than Norton.

      • by sconeu ( 64226 )

        Damn... that's saying a lot!

        • by Lifyre ( 960576 )

          They only thing I enjoy more than removing both of them from a system preferably with a large magnet is installing both and watching the system melt.

    • by djl4570 ( 801529 )
      Removal is an option for most users of a managed corporate system. My employer gives us a lot of latitude in software and I am a local administrator but there are some things that are required. An approved antivirus and HDD encryption are required. I noticed a disabled extension last night on a freshly reimaged system after installing noscript. Didn't look for plugins.
    • by Twinbee ( 767046 )

      Sometimes I think the use for such software is so you can appreciate the difference after the uninstall. I think some people become complacent at how fast their PCs are, and it's only after Norton/McAfee removal that they realise what they were missing all those years. That makes them happy - it's like a RAM or SSD upgrade for free.

    • Yes, I remove McCrappy products on sight. It's a perfect example of a cure being worse than the disease. Most trojans don't cause the nausea or problems that McCrappy does, ironically.

      Norton, on the other hand, is still living down a horrible reputation from last decade, but a modern standalone Norton Antivirus isn't that horrible anymore (I still nuke their security suites on sight). In fact Norton does have one very good program. It's their most popular one, and one of the most searched for when you start

  • program, is designed to keep Web surfer's safe

    Keep his safe where?

    S'erious'ly, do people ju'st put in apo'strophe's around random s's the'se day's?

    • Re: (Score:2, Funny)

      by lennier1 ( 264730 )

      Well, if you cause the browser to crash before it gets any chance to theoretically access a malware source that could be counted as a form of protection.

      • That is true. It might also explain the lack of stability in some operating systems. I think your on to something.

        • by Tarlus ( 1000874 )

          I think your on to something.

          This discussion thread which rooted in punctuation Nazism is about to go full circle...

          • I usually get 4 comments when I do that. I'm starting to feel ignored. :(

            • I usually get 4 comments when I do that. I'm starting to feel ignored. :(

              *pat pat*

              Your cool, dude. These thing's always get better.
              :>

    • by Tsingi ( 870990 )

      Whorey Jesuz's Your not gunna start bein' all smart 'n stuff air ya?

      Ize guine ta havta git out my 'postrophe stencil 'n paint yer fourhed.

    • Just because assholes feel the compulsion to point it out, doesn't mean that it's obligatory. It just means that you need to start taking you're medication again.

    • program, is designed to keep Web surfer's safe

      Keep his safe where?

      S'erious'ly, do people ju'st put in apo'strophe's around random s's the'se day's?

      Nah, you just put apostrophes before EVERY 's' at the end of a word, not other letters. :-}

  • What??? (Score:4, Funny)

    by lennier1 ( 264730 ) on Wednesday October 05, 2011 @09:14AM (#37611912)

    A McAfee product which causes more problems than it solves?

    I think you just destroyed my faith in the universe. ;)

    • It's like having the TSA in your computer!!!

      • Sure, if the TSA were constantly nagging you to update thier agents with bigger scanning machines, more cash, more agents, shaking you down for no good reason, and letting actual al qaeda mercanaries through your airports, it would be just like macafees. Say... doh!
        • What, you think the TSA doesn't constantly nag congress for all of that stuff? Or - you don't think that we pay for it when congress authorizes it?

    • My God, it's full of bloat!
      • My God, it's full of bloat!

        You should see AVG. On a Windows XP machine (won't mention whose), the kernel showed a 79MB virtual memory usage before AVG, and a 171MB usage after install and update. This is the "System" process, not all processes, mind ya. The rest took the machine well over the previously good 256MB of RAM limit. And it's DDR, not DDR2/3, so it's less expensive to get a new machine.
        /ramble

    • by arth1 ( 260657 )

      I am pretty sure that both McAfee and Firefox is at fault here. McAfee intercepts and alters data, and Firefox lacks proper input validation, and/or make incorrect assumptions about sequencing order.

      The combination is deadly, but I'd place more blame on Firefox than on McAfee - even though MA AV is a P.O.S. doesn't mean that FF isn't.

  • by Metabolife ( 961249 ) on Wednesday October 05, 2011 @09:16AM (#37611932)

    If you can't surf the web, you can't get infected. McAfee has done it again!

  • by MetalliQaZ ( 539913 ) on Wednesday October 05, 2011 @09:16AM (#37611940)

    I say this so often it should be in my sig... There is absurdly little difference between so-called "anti-virus" and desktop "internet security" products and the malware from which they are supposed to protect you. When family members ask me how I manage to happily use a 5 year-old PC that seems to be faster than their 1-2 year-old PC, I simply say "I don't have anti-virus installed"

    • by Lifyre ( 960576 )

      It also depends on what anti-virus you have installed. Some such as Norton and McAffee are worse than most viruses. Some aren't nearly as bloated and heavy and don't impart much impact on typical use.

    • It's not just about speed, though. Your 5-year-old PC may not be affected by a virus, but assuming that an infected computer runs about the same speed as an unaffected computer with full AV protection, at least the unaffected computer isn't spamming a bazillion people and giving out the user's identity for theft crimes. What's more important to you, running your computer faster or making sure your identity isn't stolen? I'm not saying that all malware is a root cause of identity theft, but if people beli
      • No way in hell are people - myself included - going to think that a slow computer is better than any alternative.

        I've already dropped a couple remarks about Linux. Let's just suppose for a moment that Linux desktops are targeted in the next several months, and our virus environment gets to be as bad as Windows. Will I install a resource hog like McAfee or Symantec? No way. Instead, I'll shut down services, encrypt everything, only use HTTPS - you know, all those "best practices" things that the real sec

        • by sjames ( 1099 )

          If Free Software ever actually needs anti-virus, it will bear little resemblance to the nightmare that is AV on Windows. The only reason for the heavyweight crap is marketing bullet points.

          If your browser is isolated and your email is isolated, and you scan removable media, you won't get a virus. There's no need to hook the entire OS and scan every file as it's opened or any junk like that. There would probably be a libav.so that can do the scans for incoming attachments and downloads for any program that w

      • How often did your AV actually block a virus that would have been executed otherwise (this questions excludes emails with attachments that you would have never opened? It never has happened to me within the last 10 years. So what's the value of an AV for a user, who knows what he does?

        However, I have seen many people with AV that have been infected nevertheless (especially by downloading and installing games from dubious sources). So, what's the value of an AV, if some viruses come through?

        Note: Software

    • by Anonymous Coward

      This doesn't tell the whole story. The reason you don't have issues is the same reason you don't feel you need AV software -- you don't do stupid stuff on your computer. If users would take the time to read what comes up in their screen instead of just clicking it as quickly as they can to get rid of it and use a little common sense, nobody would need AV.

      • not entirely, there's the old buffer overflow injection attacks that let hackers run native code and other such vectors that, while rarer nowadays, don't rely on user stupidity.
        If users weren't so stupid, we'd probably see more hackers attempting to find security holes in the software.

    • by Anonymous Coward

      True for you. True for me. Not true for most of my family who will happily click every link in sight.

      • Either way, their system is shot. McAfee or the Malware, both trash their experience.

        Here's a better option: Firefox + AdBlock Plus + NoScript + Ghostery.

        • Or, in my case, I've installed Ubuntu on all my family's machines. I'd rather spend time explaining how to use Software Center and Gnome quirks than spend even more time removing viruses. For my dad, who is particularly uninterested in change, i set up a VM running Ubuntu that automatically starts a fullscreen Opera instance, and that's his 'browser'. It does everything that he would do in any other browser (except copy & paste to his windows desktop -- which he doesn't care about anyway), and the st
        • Unfortunately it is very difficult to convince laypeople that the benefits of default-deny are worth the very small inconvenience.

          WAhhhh! I don't want to right click and temporarily allow the cdn! I just wanna tend mah crawps!

          Sorry. Luser interaction flashback.

    • Everyone here knows how it goes: I ended up being the unofficial tech support for all my friends and family. Even after swearing that I didn't know much about Windows, I accidentally helped someone clean up their PC and word got around. Anyway, I have a patented plan for fixing two-year-old computers that run like molasses: 1) uninstall Norton, McAfee, AVG, and ever other antivirus program I find; 2) install MS Security Essentials; and 3) make them buy more RAM.

      MSE doesn't have a vested interest in visibly

  • I suggest that people switch to MSE or Avast and stay away from AVG, Norton and McAfee... If you are worried about bad sites install adblock plus and WoT (web of trust).
    • Agreed. I've never used AVG, but I had few problems with Avast, and none with MSE. Norton, OTOH, is worse than a virus, and I've heard Mcafee isn't much better.

      • AVG i've had no problems with, although for the last few months it pops up with a "AVG Security Update" that sends you to a "Look what we protected you against" page that attempts to validate it's worth. It presents it's global statistics (I think) as statistics relating to you alone. Making you think you've really, nearly, had 12,000 attacks in the last month.

  • Glad they do such great QA work, since like nobody uses FireFox.....

    • Fewer people are going to, with their boneheaded moves of late. I don't use anything McAfee makes, but after breaking so many plugins, perhaps the better advice would be "disable Firefox".

      • by sjames ( 1099 )

        Genuine curiosity here, how many plugins do you use? I keep hearing about Firefox breaking a bazillion plugins every single time, yet I have never had it happen to me. I'm trying to figure out what I'm doing so different.

  • ...is to uninstall the bloated piece of crap that is Firefox and install Chrome. :D
    • actually Firefox seven is pretty nice I'm considering moving from chrome back to it.
      • Yes, but Chrome has the "actually @^@#$ing works" feature, whereby the browser actually @^@#$ing works! Sometime around Firefox 3.6-ish, I couldn't keep more than one or two tabs open in Firefox without it crashing on me. I switched to Chrome and haven't regretted it for an instant.
        • That surprises me, I haven't had much trouble at all with Firefox in years. It seems to have more trouble on Linux, but even there it doesn't crash that often.

        • by cbope ( 130292 )

          I would go so far as to say 3.6-ish was a low point for Firefox. Firefox 7, if you have not tried it, is very good. I can't stand Chrome for more than 5 minutes.

    • I have no idea why you think that, it has been proven time and time again chrome uses WAYYY more memory than firefox, over twice as much. http://www.tomshardware.com/reviews/firefox-7-web-browser,3037-14.html [tomshardware.com] Chrome is the bloated one.
    • Yep, time for me to do that too. Disabling the Java console was the last straw. I need to write applets for school work.
  • ...I might just suspect Microsoft's hand in this somewhere.

  • Hopefully, it crashes Chrome or IE too. It'd be a shame for only Firefox users to uninstall needless software.

  • As one would expect of a security company whose name sounds like it belongs on the McDonald's dollar menu and served with cream.

    * It is a greasy mess and will bloat your computer
    * It will ruin your web-nuggets
    * Not protect you from viruses. McAfee couldn't stop salmonella.

  • I have the McAfee slows me down argument with IT once or twice a year, but it has been easier to move to OS X and Linux than to get McAfee off my Windows machine. What I would like is an effective way to measure the pain. IT always points out that McAfee is only taking 5% or whatever of my CPU - but I know it is I/O bound as it scans every file opened and that is not reflected in CPU use ( can I argue 1-CPU use is the right metric ?). And I suspect it scans the whole file even if the whole file is not read.
    • by dgas ( 1594547 )
      http://www.zdnet.com/blog/ou/proof-that-antivirus-software-makes-your-pc-crawl/327 [zdnet.com] >>The desktop Antivirus suites all appear to make your PC run slower than a 5 year old computer when it comes to slowing hard drive I/O down which is the biggest factor in PC wait times. Norton Internet Security 2006 was the worst resource hog, McAfee VirusScan Enterprise 8 was the second worst, It's only the second worst! This is from 2006, but we both know they haven't improved since.
    • Where I work they 'fixed' that slowness by moving to solid state drives....

      Amusingly there was a huge thing recently where an oil rig control system got infected with a 'facebook virus' even though a fully updated mcafee said it was clean... Trend caught it though.... Wonderful stuff :p

      I'm mostly fine with the antivirus at work... The local firewall though is driving me up the fecking wall.... I usually end up booting to safe mode and disabling the fucker to do my work.... I do not need yet another layer of

  • I advise people to uninstall Norton and Mcafee as a general rule. I can't tell you how often I clean systems with those two products on it, happily grinding away the CPU cycles telling you that everything is fine despite the rampant infection of whatever AntiVirus 2011 variant is going crazy on the machine.

  • McAfee offers a removal tool to cleanly uninstall their products. I use it any time I clean up a system: http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe [mcafee.com]
  • It is conceivable that the real issue here is that Firefox's new rapid release is causing various compatibility problems to crop up at such a fast rate that the third parties can no longer fix issues in their software quickly enough.

    In the past it was not uncommon that a major browser release would introduce compatibility problems, or the need for additional small features, with third party programs that interacted with them. There would be a month or so before those issues were resolved and it was back to

  • What (Commercial) anti-malware programs do FF developers recommend

    What (free) anti-malware programs do FF developers recommend

    Does this issue affect SeaMonkey?

    Where can I get cheap 3 metre poles for not touching either norton or mcaffee with.

  • People are still using McAfee?
    • People are still using McAfee?

      Yeah, it unfortunately comes installed on many OTS machines, just like a Norton teaser edition does. It's my first uninstall whenever I give a user's machine a "checkup."

  • ScriptScan is an extension. Extensions and plugins are not the same thing.

    Plugins only run when content in a page requires the plugin to be loaded. Extensions can run whenever they want.

    A bad plugin can be killed by ending the process plugin-container.exe. A bad extension cannot, and can cause your entire browser interface to hang up, which should trigger Firefox's warning about a script that seems to be taking a long time.

To stay youthful, stay useful.

Working...