<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">
Good afternoon,
<div><br>
</div>
<div>I'm pleased to report that McAfee has resolved this installation issue and has provided an updated binary of McAfee Security 1.2 for Mac (for more information, please see McAfee's documentation <a href="https://community.mcafee.com/docs/DOC-4688">here</a>).
You can download this updated binary now from the IS&T Software Grid: <a href="http://ist.mit.edu/mcafee-security/1x/mac">http://ist.mit.edu/mcafee-security/1x/mac</a></div>
<div>
<div>
<div><br class="webkit-block-placeholder">
</div>
<div>Please let us know if you have any questions or issues with this product going forward.</div>
<div><br>
</div>
<div>Thanks,<br>
~ Justin<br>
__<br>
<br>
Justin Fleming<br>
Mac Platform Coordinator<br>
Software Release Team<br>
Systems Engineering, IS&T, MIT<br>
<a href="mailto:jtflem@mit.edu">jtflem@mit.edu</a> | 617.253.0157 | W92-229A<br>
<br>
Important: IS&T staff will never ask you for your password, nor will MIT send you email requesting your password information. Please ignore any email messages that claim to require you to provide such information.
</div>
<br>
<div>
<div>On Feb 14, 2013, at 6:04 PM, Andrew Munchbach <<a href="mailto:amunch@mit.edu">amunch@mit.edu</a>> wrote:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite">Good Evening,<br>
<br>
Justin F. is currently on a train, but he asked me to pass along the following links so everyone has the most up-to-date information. McAfee has acknowledging the installation issue, confirmed that it is indeed the revoked signing certificate at fault, and
promised an updated binary in the near future. <br>
<br>
While there is a workaround, McAfee's recommendation is: "to resume product deployments once the appropriate [updated] packages are available." IS&T also recommends that Mac users *not* leverage the workaround as it could leave your system vulnerable to malicious
software signed by a revoked certificates.<br>
<br>
<a href="https://community.mcafee.com/docs/DOC-4688">https://community.mcafee.com/docs/DOC-4688</a><br>
https://kc.mcafee.com/corporate/index?page=content&id=KB77390<br>
<br>
Regards,<br>
Andrew<br>
--<br>
Andrew Munchbach<br>
IT Security Analyst<br>
Massachusetts Institute of Technology<br>
IS&T | Operations & Infrastructure | IT Security Services<br>
amunch@mit.edu<br>
+1 (617) 324-4571<br>
<br>
http://ist.mit.edu/secure<br>
<br>
On Feb 14, 2013, at 4:22 PM, Justin Fleming <jtflem@mit.edu> wrote:<br>
<br>
<blockquote type="cite">McAfee's accidental revocation of their code-signing key and the invalidation of their signing certificate (described in the article linked by Andrew) is responsible for this message and for blocking the installation of McAfee Security
on OS X. I've been able to replicate the issue on two Macs running OS X 10.8, and temporarily disabling Mountain Lion's Gatekeeper security feature does not allow the installation to proceed.<br>
<br>
IS&T is investigating this issue and McAfee engineers are reportedly working to re-sign all of their Mac applications with a new certificate. As soon as an updated McAfee Security installer is available, we will replace the current installer distributed on
IS&T's Software Grid and notify this list. IS&T will keep the following page updated with the latest information as we have it: http://kb.mit.edu/confluence/x/7qgBCQ<br>
<br>
Thanks,<br>
~ Justin<br>
__<br>
<br>
Justin Fleming<br>
Mac Platform Coordinator<br>
Software Release Team<br>
Systems Engineering, IS&T, MIT<br>
jtflem@mit.edu | 617.253.0157 | W92-229A<br>
<br>
Important: IS&T staff will never ask you for your password, nor will MIT send you email requesting your password information. Please ignore any email messages that claim to require you to provide such information.<br>
<br>
On Feb 14, 2013, at 3:23 PM, Andrew Munchbach <amunch@MIT.EDU><br>
wrote:<br>
<br>
<blockquote type="cite">Not sure if this is related... but...<br>
<br>
McAfee accidentally revoked the certificate they use to sign software:<br>
<br>
http://arstechnica.com/security/2013/02/a-world-of-hurt-after-mcafee-mistakenly-revokes-key-for-signing-mac-apps/<br>
<br>
Andrew<br>
<br>
On Feb 14, 2013, at 2:58 PM, David James Broderick <djbroder@mit.edu> wrote:<br>
<br>
<blockquote type="cite">I get a very strange message (see attached) when trying to install MacAfee on a couple of new Macs. I tried installing from a thumb drive which had downloaded the app on another computer, just to see if the message would be different,
but same result.<br>
<br>
Also, the message refers to a time when the computer probably did not exist. It only shipped in December.<br>
<br>
I have never seen a message exhorting me to move an app to the trash.<br>
<br>
<br>
David J. Broderick<br>
djbroder@mit.edu<br>
Audio Visual Project Technician<br>
MIT AV 617 253 2808<br>
FAX 617 253 5945<br>
http://web.mit.edu/djbroder<br>
<br>
<NoMcAfee.tiff><br>
</blockquote>
<br>
<br>
</blockquote>
<br>
</blockquote>
<br>
</blockquote>
</div>
<br>
</div>
</div>
</body>
</html>