CDOT held ransom

[Eric P]

This does tell an interesting story about a agency whose job is to maintain roads (not something like administer benefits). Unless the roads are maintained by computer, then it makes sense. But I think we're a few years off from that.

What AV was CDOT using?

CDOT is one of the largest engineering companies in the state. They are not just plow drivers and pot hole fillers.

The in house engineering saves the state a lot of cash. Hiring consultant companies to design and administer projects cost at least 3x as much as a state employee. Consultant designed projects have more errors than in house designs, as those designers are not familiar with state and federal requirements. Yes, there are some inefficiencies, mostly do to meaning federal tracking and reporting regs, but the agency is fairly lean. Hasn't grown since the 1970s Evan as budgets grew.

[Skip]

It's in the link above. They are running McAfee. CDOT provided a sample to McAfee and the crypto malware was found to be a new variant which McAfee provided a new DAT to catch.

You can get hit no matter the AV solution. I've managed McAfee in an environment of over 16k systems and it's a good product, but it's only as good as the person managing all of the variables to best suit the environment.

If you're allowing autorun on drives, which includes mapped network drives, it only takes one system to drop an autorun file on the network share to infect all systems using that network share. Ran into that when McAfee kept cleaning an autorun file accessed over the network when Trend AV wasn't catching the infected file on the file server.

Sent from my SM-T700 using Tapatalk

That really sucks!

I just checked my machines and all are set to Default Auto Run which is the "Vista" behavior (prompt before run).

[gnihcraes]

I'll admit, I've been out of that game for awhile, but Mcafee used to be to AV what AOL was to the internet. Something your grandma (or the gov) was suckered into using that had the same actual value of shit. It used to be a virus in of itself.

Now, maybe it's competitive now, but knowing where it came from I'd never touch it. I have a hard time believing it's improved much. Normally, if you want great security, find what software the government is using, and avoid that. The gov't traditionally uses some of the shittiest and least secure programs out there, and it's hard to break tradition. The whole government contracts thing and all....

(Not meant to be offensive to anyone in IT at these agencies, blah blah blah, but for instance, what operating system is every agency still running on? Ah.. yeah... What are the servers? Oh... yeah...)

Also ETA: Not saying an AV would have prevented this either. Just saying I wouldn't recommend McCrappy as good software for home use, knowing the history of it.

No offense taken. Budgets, money, people and time. My agency is working pretty hard to keep with the latest and greatest stuff. We're still behind on many things though. McAfee stinks. We're changing. Thankfully we stay off the state's network and have our own. This proves a good reason to keep it that way.

[Gman]

McAfee for home use does suck (different software stack from enterprise software). The enterprise solutions, including ePolicy Orchestrator for management, works quite well. Nothing is prefect.

We block autorun behavior on all Windows systems via Group Policy. It's an easy fix.

[kfr]

The only thing decent about McAfee products is EPO. I still think EPO is overly complicated. McAfee believes they have you by the short hairs because of EPO. ENS 10.x is a little better in the AV department but still lags the more innovative new comers. Many of the new comers are former McAfee employees who set off on their own to start new companies and start with a new foundation not dependent upon signature based detection. McAfee needs to be taken out to pasture. The salesman are a bunch of used car sales rejects, the engineering dept isn't capable of fixing a long list of known bugs and the company has been spun off so many times they can't come up with an identity better than cocaine cowboy John "McAfee".

I'd start switching now unless you want to become a victim of every piece of Ransomware and variants coming down the pipe. I'd recommend setting up and isolated lab with virtual workstations configured like the corporate desktop images (different pw's, similar GPO's). Get malware samples and test away.... All companies and state/govt agencies should be doing this on a continuing basis anyway.

This info is based on horrors of working with many of their products over a long period of time in multiple industries. I'd recommend getting out of McAfee before the state gets burned again. Easier said than done huh? It shouldn't be as political as it is given the loss of so many workstations but the decision will be laden with doubt, funding, testing, project planning and just plain craziness. All is can say is good luck but leave McAfee in the rear view mirror.

[BushMasterBoy]

A briefing given to me by a very secretive government agency stated they were using Norton products. I had fairly good success with Norton.

[Gman]

I read somewhere that Symantec was getting out of the AV business.

https://www.theregister.co.uk/2014/0..._a_moneymaker/

[Bailey Guns]

I just got out of the Symantec business after their NRA bullshit.

[sroz]

I just got out of the Symantec business after their NRA bullshit.

Yep and amen.

[Musashi]

Curious to hear how all this plays out as I am in the .gov sector too and we are in the midst of getting rid of Kaspersky.