On my usual daily visit of Slashdot, I read that McAfee introduced a new application called “McAfee Social Protection” for Facebook. In a nutshell, you install their plugin, allow their application to control quite a bit of your Facebook and then you can start uploading pictures “safely”. Here’s a video of it in action.
Specifically, when you upload a picture, you can share it with your friends or groups of friends who also need to install the special plugin in order to view your picture. Once they do, the picture is visible, but! McAfee claims that you can’t save it on your computer or take a screenshot and then paste it in an imaging program. Naturally, I wanted to put their claims to the test 😀
I started by uploading a picture of myself and sharing it with myself :D. Then I tried to right-click on the image but I couldn’t get the usual image dialogue. Next stop, “Print Screen”. Here’s what I got when I pasted the contents into mspaint.
I used Window’s 7 preview on the bottom, so that you can see that we are indeed on McAfee’s application page on Facebook. Then I tried going back to my slashdot tab and taking a screenshot of that.
Unsurprisingly, McAfee’s funky plugin starts messing up other tabs. In order to get your print-screening abilities back, you need to close their tab and then either resize your browser or minimize it and then maximize it (otherwise the blackness remains put).
So, ok you say, it kind of sucks, but what about breaking it? Well, I am not good at reverse-engineering binaries so reverse-engineering their plugin was out of the question. I started experimenting with moving the browser to various places of the screen or maximizing and then immediately hitting “Print Screen”. None of them worked… and then.. lightbulb! I remembered that there are screen-capturing extensions for Firefox.So, I installed Abduction! and tried again.
Here is the extra menu item when I right-clicked on McAfee’s page:
I clicked it, chose the part of the image that I wanted to capture and then saved the resulting file to my desktop. Result?
You see my smile? This, is the smile of success! 😀 Of course, you can save just the picture, but I wanted to show that it is indeed McAfee’s page on Facebook.
If it comes to your computer, it’s yours 🙂
Just take a picture of the screen with your phone, duh! 🙂
Three other likely means of capture, not counting the “point a camera at the screen” method that incurrs a heavy loss of quality.
FRAPS (a screen grabber many gamers already have installed)
Browse from within a virtual machine (it’s easy enough for anyone to install a VMware brower appliance, view the picture in there and hit PrntScrn on the host).
Browsing from a Windows Terminal Server should work too: the remote TS host browses and you hit PrntScrn on your desktop, outside of the tsclient window.
Every method you mentioned will be prevented. They have VM detection, they will kill Fraps, viewing from a remote computer (Windows RDP or some VNC software) will also not work. I tested all this during my research: http://fileperms.org/mcafee-social-protection-broken-by-design/
But at the end, as we see here, there will always be a little loophole (and if not, we got a 10megapixel phone in our pockets)
Pingback: Herzlich Willkommen » lost+found: Kreditkarten-PINs, Defcon, SMS-Spam und mehr
Clever idea using the Firefox screenshot add-on. I was doing some research on this useless piece of software myself, if you are interested: http://fileperms.org/mcafee-social-protection-broken-by-design/
Cool write-up! I didn’t expect that they would actually try to detect whether the plugin is running in a virtual machine… impressive. I thought that they wanted to stop the low-hanging fruit, such as the right-click & save or print.
Assuming they continue with this, I expect that they will start disabling screen-shot addons and the like, making it even less likely that many people would install the thing on their machines.
Yeah it is amazing how much effort they actually put in this – when at the end of the day it is complete useless.
Geek on nikifor!