Archives for Kyle Drumm

Why I hate McAfee (the company) and why you should, too

Companies have a tough time fighting spam. I get it. Spam fuels the spread of viruses, phishing, identity theft, and general user confusion. I despise it as much as the next guy, but it has quickly become a part of day-to-day life with any email user or mail-enabled organization. Because of how rampant and aggressive spam email has become, as well as the ever-increasing danger of websites that spam may try to lead you to, companies that fight spam have taken up blacklisting: adding email domains and server IP addresses to one of several lists that are used be various spam filters to more easily detect spam emails. Getting on one of these blacklists can be entirely too easy, and oftentimes it is entirely too difficult to be removed once on one.

At this point you’re probably thinking “good, lets stop as many of those spammers as we can!” Well, the problem is that legitimate email-sending companies can get added to these lists. Before anyone knows what is going on, a legitimate and honest company is having problems sending (or even receiving) emails and business starts to grind down to a halt. At this point the company’s IT resources will begin sorting out the issue and eventually begging and pleading for their server to be removed from one or more blacklists that is crippling their email service. Some of the blacklist providers offer a simple web-based removal process that requires just a simple explanation… but then there is McAfee.

McAfee has a ‘special’ group within their anti-spam division, known as McAfee Messaging Security. This group, from what i have gathered, takes recommendations from affiliate organizations of domains that should be flagged as spammers and arbitrarily adds them to their blacklist without any sort of verification or validation of an actual offense. The only way to be removed from McAfee’s blacklist? Send an email to [email protected] or [email protected] and wait for them to tell you how they picked your domain randomly out of a hat and blacklisted it for no reason.

What’s the real problem, you ask? The real problem is that this Messaging Security group is ONLY AVAILABLE BY EMAIL! No phone call can reach them, no tech support case (even with Gold Support) will be escalated to them, EMAIL ONLY. So while your business is stagnant, crippled, and waiting for McAfee to get back to them to resolve the issue, your customers are fleeing, getting bounce-backs, and wondering why they aren’t receiving prompt replies. But wait, there’s more.

McAfee Messaging Security likes to keep things as vague as possible, that way you have trouble telling that they have no real reason for blacklisting you. Their first response to your email will be “uh, well, this website here has junk html files that need to be removed before we consider removal” (you may think I’m exaggerating, and I wish i was… this is how it actually happens). So, five email exchanges later (12 hours in between each one, mind you) and hopefully you’ll have the problem fixed, or at least have an idea of what you actually need to do to satisfy these ruthless email dictators. Hopefully the affected company won’t also be a subscriber of McAfee’s cloud-based spam filter, because if it is then the email replies from Messaging Security could even be caught in their own spam filter and the exchange could take even longer.

I’ll stop here with my rant. Hopefully you get the picture and take warning. McAfee produces sloppy, sub-par software and backs it with even worse service and support. McAfee is one company that I will never recommend to peers and customers for these reasons.

Data Backups: Can you rely on tape?

Almost every small business that I’ve had a chance to work with has used tapes as their primary means of backing up data (the others have had no backups or no data to backup). Tapes are used widely for several good reasons: they can be stored and archived for many years, they are fairly inexpensive, easy to rotate, and many backup software packages are designed around the use of them. But have you ever had to restore from tape? It’s a tedious process. First, you have to find the tape (or tapes) that has the data you want to restore from (hope you’re labeling them well!), then you have to catalog it, then you have to mount and restore it… something that should be so simple can actually be an excruciating process. After all of that (and the time it takes if you’ve been there) you had better hope that the backup was tested, otherwise it may not even restore properly. What if your business is completely down until the restore is done? That would make for a very stressful day.

In my opinion, tape is a legacy technology. Disk and flash storage is so affordable these days that companies can easily purchase storage capacity that can exceed the amount of space that they have with tapes. This can translate to faster and more reliable backups, longer retention periods, and more available space for future growth. Restores are usually completed faster, too. Interested in a hybrid model? Tapes can still be a good means of off-site archival. Or, you can look into cloud based backups options or even offsite disk-based backups. The options are out there, but you have to make the choice for the backup solution that is best for your business.

Did you know: Standardized Risk Assessments

Did you know that the National Institute of Standards and Technology (NIST) publishes Special Publication 800-30, Guide for Conducting Risk Assessments? This is one of several guides that GROUND Security incorporates within our assessment and analysis framework.

You can find the document on NIST’s website:

Simple Security Tips

Some useful tips for home users to help stay protected on the internet: