I Haven't A Clue.
Friday, 23 October 1998
Updated Saturday, 5 December 1998

In a recent press release, McAfee's VirusScan 4.0 is touted on the Network Associates website as dealing with Back Orifice and NetBus.

They say: "VirusScan 4.0 combines desktop detection of over 22,000 viruses, Active X and Java hostile applets, Internet and corporate e-mail infection and security threats like Back Orifice and Net Bus, into a single easy-to-use package."

There's no question about this. It says the product detects Back Orifice.


I have updated, just days ago to version 4.0. I have made four attempts to communicate with them over three days, all without success. They have no live humans of the right sort who answer their phones, so I am forced each time to wait out their customer service queue at my expense on a long-distance call. Each time I called, I explained to the service person or to a voicemail machine that I hoped to explain to my website's 2000-daily visitors what was going on and what NAI does or will offer. I asked the same questions each time, or at least attempted to do so.

The McAfee product, of all the major virus-scanning packages, appears to have been the least responsive to the rash of remote-admin trojans. They've taken the longest even to comment on the subject.

I had hoped to make positive statements about Network Associates' offerings and/or progress in this respect, but they have made that quite impossible.

I use their product; have used it for many years. But I no longer recommend it.

I am in process of building a page which describes the many countermeasures against BO and the other similar trojans. It's a large task of information-gathering and web-page construction, and will require some days. Stay tuned! Maybe by the time I post that page NAI will have spoken.

Meanwhile, be warned... where BO and NetBus are concerned, I have positively determined that McAfee VirusScan 4.0, as of this date, does not deliver as promised. Don't rely on it. Take other measures, such as AVP and/or BODetect.

Update Saturday, 5 December 1998:

Several people have written to inform me that McAfee does detect Back Orifice. In fact, this was the case by the end of October, however I found at the time that McAfee did not detect BO or its components entirely reliably. I apologize to one and all for the slow update of this page.

Today, after upgrading to McAfee's very latest this very morning; I have found no significant change. This morning's test determined that McAfee's VirusScan:

Therefore my recommendation still stands. Do not rely on McAfee for protection against BO.

I have an assortment of trojans in my archives, and I set McAfee to work scanning those files. It successfully spotted a number of them. Although I have not checked it for consistency, it found:

It did NOT find:

I've used McAfee and been happy with it for a very long time. But partial solutions to things like viruses and trojans can be worse than none at all, because of the false confidence factor.

McAfee was approximately the slowest of the major/popular Win95 antivirus tools to incorporate any protection at all for Back Orifice, and it is woefully inadequate. Its inattention appears to extend to the other trojans, and I am concerned therefore that viruses, too, may get poor coverage from McAfee.

I've read elsewhere that McAfee's customer service is poor, with speculation that it's suffering from acquisition-itis. Apparently the disease extends to the product's quality and maintenance as well.

I'm sorry to see the McAfee folks go this way, because I've always liked them. I'm sorry too, that they chose to snub my efforts to communicate. C'est la vie.

If the news gets better from McAfee, I'll post it here.