
Will that be the same McAfee that lets most new malware infect your PC...
...whilst eating most of your CPU time for zero benefit.
Cisco's adding McAfee's Advanced Threat Defense to platforms supported by its Email Security Appliance platform. The alliance is designed to make integration between the two systems easy – the Advanced Threat Defence (ATD) e-mail connector is a single checkbox in the McAfee UI, plus selecting permitted hosts and the file …
And this is exactly why this approach will be a success.
By the time Cisco and McAfee have both had a go at your computer, there's no way it'll be able to open any emails, let alone the attachments, and thus the attack will be stopped in it's tracks!
Seems odd, but makes sense if you're a customer. Often companies will have 20+ separate security products that don't integrate -- and they need them to. Collaboration and integration is a growing trend (Cisco and long-time foe Check Point are integration partners to share and enforce group policies).
"Word or Excel documents with macros for example."
tru dat. I guess you wouldnt get away denying users access to macros , but they would of course get scanned when they hit the email server (you'd like to think) , and on the pc as (before) the user opens them. Thats not a new thing . In fact how come mcafee has just decided users cant be trusted not to click on stuff? where have they been?
In fact if I was in charge I'd be holding word docs with macros in so the user has to justify why they are being recieved from outside , cos 9 times out of 10 the macro will be in there by accident and not required.
users just can't be trusted not to click on dodgy attachments....I agree but its more of a training issue.
Training helps. But if you work in HR, Procurement, Accounts Payable etc you'll get shedloads of external emails with attachments that you need to open as part of your job. The bad guys are slowly getting better at hiding the executable element, and in a large business all the training in the world, all the IT Sec policies, all the threats of retribution against employees won't stop somebody somewhere eventually clicking to open a malware file, or following a link to a malware slinging website or file host.
Why not at least put an option in the email client to not have embedded links be live? (I'm looking at you, Thunderbird. ) I'll also point out that as far as attachments go, if the email client is configured for pop/smtp rather than imap, then the AV on the client machine gets a look at all attachements automatically.
I'm all for taking the decision to protect users from dodgy attachments away from the user, as they often click on things without considering if it's malware or a virus. I like locked down Windows User Profiles that don't allow independent installation of any unapproved software, for the same reason. The company owns the equipment (not the user), so the user gets what the company provides, regardless of whether they like it or not or want something else, or not. But McAfee? The only time any of my computers ever suffered a virus infection, is when using McAfee. I'd recommend Norton for this, as that has always protected every PC and Mac I've ever used.