McAfee “Secure” / HackerSafe – Bad Config?

For some of our clients that require PCI compliance we had been using the "McAfee Secure" (aka: HackerSafe) product. Changes to their site over two years ago eliminated the need for this snake-oil type service – so we canceled the service circa 2010q1.

Oddly, their service has continued to scan and send “alerts” for our system.

We contacted McAfee regarding this issue (877-302-9965) and confirmed that our account had been closed "for some time"

Attempts to login to the McAfee control-panel failed, as did attempts to reset our password using the known/proper email address on file. We were told by the system: "A mail has been sent to the email address" – cute. We waited two hours for this message.

It appears, that like so many other snake-oil security products McAfee’s system will also repeatedly nag you about spurious events.

So, just be aware and careful.

Internally it’s a good idea to use tools like OpenVAS to check your systems as well as a third-party provider.