This is going to be a baaaad item of the week. Not bad like I suck at writing, but bad like I hate this damn product. I’m not writing this so much because I thought it would be a nice review for this week, I am writing this to encourage IT admins, etc. to steer far and clear of this product.

It’s bad… real bad. Worse than you thought, most likely.

Components

McAfee for corporate use typically comes with these products:

McAfee Intrusion Prevention System
McAfee Security Agent
McAfee Anti-virus
McAfee Anti-spyware

All of these components sync up with a backend server which manages the updating and synchronizing of the application. Essentially, this server tells the components what to do and how to do it, this way IT guys only need to change one setting and have it filter down. Smart… in theory.

How it plays out

Lets analyze how it really goes down. In a corporation beyond the size of about 30 employees, it’s likely that various people are going to be working on various things. What I mean is, security settings for one individual likely won’t work as well for the next because they will have different needs for their system. For instance, if Joe is developing an application that functions closely with the network, he might have different demands for ports than Steve who is developing a stand-alone application that needs no network access at all. If you start blocking ports as part of your IPS scheme, Steve stays happy, Joe gets pissed.

Additionally, Joe and Steve are going to have different demands of their systems. Steve likely will have minimal security interactions because he is developing a stand-alone application. Joe, on the other hand, will likely be interacting with a number of other applications and servers and will need open access to a particular port on other systems. IPS may end up cock-blocking the whole process.

Furthermore, IPS attempts to keep you protected by preventing any new functions until you either ‘Allow’ or ‘Deny’ them. If you allow, the application continues on just fine. If you ‘Deny’… well, pardon my french but, you’re fucked. If you ‘Deny’ an application by accident, you have to go through a hell of a process. Part of IPS and the rest of the McAfee suite is to self-protect itself from uninstallation or other changes. This means that in order to change any setting, you need to input a password that syncs with the server. If you should happen to deny an application unintentionally, you get to call up IT, have them remote login, and alter IPS for you. Sounds simple? It’s not considering a call with IT can take anywhere from 5 minutes, to 50 minutes. Then he gets to log in and take over you computer for any length of time. Finally he fixes the problem and you can get back to productivity. All this really lends itself to is the end-user automatically defaulting every answer to ‘Allow’ so that they simply don’t have to deal with a ‘Deny’ ever. Not very secure, is it?

Finally, end-users have no knowledge of what is and is not available for their use. They can only spray and pray with the various applications they have. For instance, if Joe wants to install an application that makes various interactions with his registry, IPS or Anti-spyware may block the install or at least block the interactions believing them to be a function of malware. This puts Joe in a tough spot because he either calls up IT and fights with them to unlock the software, or moves on without his application… both inhibit his workflow.

Performance

Beyond the various flaws with the idea of IPS and the way McAfee implements it, lets look at what happens with the performance of a system. My corporate computer is a fairly decent laptop: Intel C2D 1.8ghz, 1 gig of ram, Windows XP Pro SP2… a decent computer for this day-in-age.

When I first recieved this laptop, it ran great. However, the day it started interacting with IPS, everything went to hell. Booting up takes about 7 minutes (I go get coffee in this time), loading applications takes longer than it ever should, even basic tasks like tabbing between applications feels sluggish.

I think part of the problem is this: IPS believes that your system is constantly at risk and treats any application (even if you say its trusted) as a threat. Going along with this, it monitors every move your computer makes… from writing to files, to registry edits, to network access. What this can equate to can be likened to taking a six lane highway and filtering it into a 2 lane side-street… everything jams up.

Processes are slow, end-users are pissed, IT is flooded with phone calls.

Conclusion

In the end, McAfee has a truly poor program. It’s based on the idea that one group of professionals can make decisions for the mass but all it creates is an “us vs. them” mentality where end-users are seeking methods for removing McAfee (I know I am) and IT is trying to keep the system as locked down as possible without inhibiting workflow (it’s not working).

Corporate big-wigs: this application ruins workflow which means less money in your pocket. Do yourselves a favor and spend the money you were going to on this suite of applications and teach your employees about computer security and how they can defend themselves. You will make money in the long run, trust me.