McAfee are incompetent

bullestock

So McAfee detects one of our applications as a virus (apparently as the only vendor). So I try to report the problem at their dispute submission form (https://secure.mcafee.com/apps/mcafee-labs/dispute-form.aspx?region=us).

Guess what, doesn't work, just gives a cryptic error message: "Problem in submitting this form".

So I go to their web site feedback form (http://www.mcafee.com/us/about/website-feedback.aspx) and try to report the dispute form (which is linked from THAT VERY PAGE) - but the contact form has this gem of javascript:

ARControl_RegularProblemURL.validationexpression = "^((http|https)://)?([\\w-]+\\.)+[\\w]+(/[\\w- ./?]*)?$";

so it does not allow entering the correct URL.

derp

All AV software is shit. I've never actually seen one work as advertised.

error

Have you tried a tiny URL service?

flabdablet

@pauly said:

All AV software is shit. I've never actually seen one work as advertised.

Panda Cloud Antivirus isn't too bad as these things go. It doesn't bring your PC to its knees the way the big name ones do, and it even does a reasonably good job of catching malware.

ubersoldat

You only need to remove the ?region=us param and it works fine

Sutherlands

TRWTF is saying "McAfee are"

dhromed

The trouble with virusscanners is, if they don't catch anything... are they good?

I'm now using Avira. It's ok. Kind of nagware, though.

serguey123

@ubersoldat said:

You only need to remove the ?region=us param and it works fine

Removing that region would indeed solve many problems ;)

ubersoldat

@Sutherlands said:

TRWTF is saying "McAfee are"

No, TRWTF are operating systems that NEED antivirus software

@ubersoldat said:

No, TRWTF are operating systems that NEED antivirus software

yeah, but who uses DOS anymore?

Cassidy

@joe.edwards said:

Have you tried a tiny URL service?

Wouldn't that be caught by: @bullestock said:

ARControl_RegularProblemURL.validationexpression = "^((http|https)://)?([\\w-]+\\.)+[\\w]+(/[\\w- ./?]*)?$";
so it does not allow entering the correct URL.

RichP

It gets worse... once they whitelist you, it will take about 6 months before they release a patch that includes the correction for the false-positive.

Used to run McAfee on an Win2003 server. About once a year their updates would cause random crashes and errors. That would start a cycle of:

opening a trouble-ticket,
have a tier 1 droid tell me to remove, reboot, reinstall (I DID that already, but ok)
update ticket to indicate that it still didn't work.
Have a tier 2 drioid ask to remote into my server at 9AM tomorrow (to remove, reboot and reinstall).
Have me tell them no, I can't reboot a production server tomorrow at 9AM, let's do it at 8AM next Tuesday.
Tier 2 says ok.
Next Tuesday at 10AM, Tech calls in asking to work on my server. No apologies for blowing me off for 2 hours.
I point out that my maint. window has closed, we reschedule.
Reschedule: tech uninstalls, reboots, reinstalls.
Problem continues.
Escalate to Tier 3.
Tier 3 remotes in, collects some data.
Miracle: McAfee engineering finds out there's a bug, don't worry it will be fixed in the next update, due out in 2 months.
1 week later: Tech support calls asking to close the ticket,"because there's nothing we can do now". Um, no, you haven't fixed the problem therefore the ticket is still open
Patch comes out. 50% of the time it works, 50% of the time, restart at step 1 or step 11 (step 11 if I was smart enought to keep the ticket open).

I no longer run McAfee. My anger levels are manageable now.

Cassidy

@flabdablet said:

Panda Cloud Antivirus isn't too bad as these things go.

I hope it's improved since the Win95/NT4 days - Panda Antivirus' support was utterly patronising and incompetant so we dropped them quickly.

@pauly said:

All AV software is shit. I've never actually seen one work as advertised.

Slighty harsh, but not too far from the truth. Flavour of the month one year becomes a resource-hungry treacle monster the following year. Out of all of them, I've found MS Security Essentials to be pretty good under WinXP.

@RichP said:

I no longer run McAfee. My anger levels are manageable now.

Glad to see the story had a happy ending!

error

@Cassidy said:

@joe.edwards said:
Have you tried a tiny URL service?

Wouldn't that be caught by: @bullestock said:
ARControl_RegularProblemURL.validationexpression = "^((http|https)://)?([\w-]+\.)+[\w]+(/[\w- ./?]*)?$";
so it does not allow entering the correct URL.

Well, the whole idea was that it would make it pass the regular expression. The problem seems to be they only want word characters and dots.

@RichP said:

It gets worse... once they whitelist you, it will take about 6 months before they release a patch that includes the correction for the false-positive.

I don't know what the deal is with the anti-virus companies, they all seem to be incompetent morons, its always been that way and it isn't getting any better.

Long ago, in the olden days of DOS and before the World Wide Web, I came across a couple of BBSs that had source code for a bunch of viruses, written in assembly language. Since I was learning assembling language at the time I thought it would be interesting to look at the code. I had no interest in viruses, but I thought that studying actual working programs would be a good way to learn about assembly programming.

One of the viruses had a small subroutine that didn't anything but clear the screen. I think it wiped the characters off the screen in a spiral pattern, or something like lthat. I thought it was sort of neat and so I used it in a couple of programs that I was writing. A few months later it was long forgotten, then one day Norton anti-virus started detecting viruses.

Since I wrote the programs I knew it was wrong, and then it suddenly dawned on me -- my newly updated copy of Norton AV was flagging those couple of programs of mine where I had incorporated that screen-clearing subroutine. THAT's how they are detecting that particular virus??? You've got to be kidding me. I don't think I've ever used anything by Norton since.

A couple of years ago I'm away from home on business for a few days. My wife calls and says she can no longer connect to the Internet. After spending the entire evening trying to troubleshoot the problem over the phone I give up and tell her that she'll just have to wait till I get home. She tries her old crappy laptop and it works, so she uses that, with much complaining. When I get home I finally discover the problem. She had gotten a message from the AV program that it was about to expire, so she renewed it. And of couse you can't just pay for a couple more years of definition updates, you have to install a whole new program, with an entirely different "new and improved" (ie, shit) UI. And finally after much mucking about, I find that a firewall setting, nearly impossible to find buried deep in their new and improved UI, that used to default to ON now defaulted to OFF and that was the problem. Bye-bye Bitdefender.

And then ther's my new current favorite, the AV programs that are busy scanning for "exploits" that haven't existed since Windows 98.

@Sutherlands said:

TRWTF is saying "McAfee are"

There's more than one person at McAfee.

And you has no sense of humour.

rudraigh

@Sutherlands said:

TRWTF is saying "McAfee are"

TRWTF are xenophobes.

In other places in the world, companies are considered a collection of people. In Amerika, companies have become not just entities but, according to Citizens United, persons.

Sutherlands

@El_Heffe said:

@Sutherlands said:
TRWTF is saying "McAfee are"
There's more than one person at McAfee.

So then they should say "People at McAfee are".@El_Heffe said:

And you has no sense of humour.

LIES.

@rudraigh said:

@Sutherlands said:
TRWTF is saying "McAfee are"
TRWTF are xenophobes.

TRWTF are people who say xenophobes when that's not at all a word that applies.

@rudraigh said:

In other places in the world, companies are considered a collection of people. In Amerika, companies have become not just entities but, according to Citizens United, persons.

Let's try something, shall we? Let's use the english language. Let's replace "McAfee" with "The company in question"

"The company in question is incompetent." Correct!

"The company in question are incompetent." Incorrect!

You know what, it's a collection of people, let's use that!

"The collection of people is incompetent." Correct!

"The collection of people are incompetent." Incorrect!

Regardless of what your feeble brain wants to think, English grammar doesn't care how a society defines a corporation.

@Sutherlands said:

Let's try something, shall we? Let's use the english language. Let's replace "McAfee" with "The company in question"
"The company in question is incompetent." Correct!
"The company in question are incompetent." Incorrect!
You know what, it's a collection of people, let's use that!
"The collection of people is incompetent." Correct!
"The collection of people are incompetent." Incorrect!
Regardless of what your feeble brain wants to think, English grammar doesn't care how a society defines a corporation.

Pedantic Dickweed post of the month.

boomzilla

@rudraigh said:

In other places in the world, companies are considered a collection of people. In Amerika, companies have become not just entities but, according to Citizens United, persons.

No. TRWTF are totalitarians who think that people should lose their rights simply because they decide to do something collectively. WTF is wrong with those other places? I sure am glad I don't have to live there. Of course, you're probably losing your rights as individuals, too, so I suppose that's at least a consistent sort of totalitarianism.

Sutherlands

@El_Heffe said:

Pedantic Dickweed post of the month.

Hmmm, no. You could say that my original post in this thread was pedantic if you wanted, but this one is just correcting idiocy. Or is using the actual definition of pedantic too pedantic for you?

bullestock

@ubersoldat said:

You only need to remove the ?region=us param and it works fine

I know. But can we agree that a company's support form should allow entering the actual URLs which that company use?

sh_code

@rudraigh said:

TRWTF are xenophobes.
In other places in the world, companies are considered a collection of people. In Amerika, companies have become not just entities but, according to Citizens United, persons.

Couldn't help myself.

@dhromed said:

The trouble with virusscanners is, if they don't catch anything... are they good?
I'm now using Avira. It's ok. Kind of nagware, though.

I just use Microsoft Security Essentials. It's free and it doesn't nag you - in fact it even reduces the system's overall nagginess by getting rid of Windows' habit of nagging you about it not being protected due to missing anti virus software (I guess the last point is actually the main reason why I even bother).

Now, it hasn't caught a single virus for me so far, but that can mean one of two things:

it sucks, and my computer is now secretly a member of a couple of chinese and russian botnets without me being aware of it
it's only the second line of defense, with the first (my common sense) being effective enough to not let anything threatening or suspicious through

(I hope it' #2)

Unfortunately, for the average computer user, that first line of defense seems to be about as tight as a line on the ground, drawn in chalk... in the rain. Which, I guess, is why AV software companies are even still in business.

ender

I distribute a Windows installer for popular open-source program. Every now and then I'd start getting e-mails that this-and-that AV program flagged my installer as malware. At first I just told the users that it's a false positive, but when you get 200 messages in a few hours, this becomes slightly annoying, so I started putting up a very visible notice that Antivirus X is falsely accusing my program of being malware, and that users should switch to alternative solutions. This was apparently effective, since fixed definitions were released much faster, and I've also had far less false detections.
@El_Heffe said:

Since I wrote the programs I knew it was wrong, and then it suddenly dawned on me -- my newly updated copy of Norton AV was flagging those couple of programs of mine where I had incorporated that screen-clearing subroutine. THAT's how they are detecting that particular virus???

I was sometimes getting flagged because I use a particular installer - antivirus would detect unins000.exe as malware and delete it, sometimes together with unins000.dat, making the program impossible to uninstall.

Anketam

If it is antivirus story time, then here is my story back from my days in high school. Our school's antivirus would detect itself as a virus and proceed to try and remove itself, unfortunately it failed. I think it was novell, but it was long ago.

sh_code

@Anketam said:

Our school's antivirus would detect itself as a virus and proceed to try and remove itself, unfortunately it failed. I think it was novell, but it was long ago.

That's great! That solves all the future problems with SkyNet!

"I must protect humans.

Humans are the biggest threat to themselves.

Therefore, I must eliminate humans.

Therefore, I am the biggest threat to humans.

I will proceed to eliminate myself."

error

@ender said:

I distribute a Windows installer for popular open-source program. Every now and then I'd start getting e-mails that this-and-that AV program flagged my installer as malware. At first I just told the users that it's a false positive, but when you get 200 messages in a few hours, this becomes slightly annoying, so I started putting up a very visible notice that Antivirus X is falsely accusing my program of being malware, and that users should switch to alternative solutions. This was apparently effective, since fixed definitions were released much faster, and I've also had far less false detections.

In the mid-90s I was doing my first amateur programming projects and sharing them with my friends. Frequently enough they would tell me their antivirus flagged a file as a virus, and I would reassure them that I wrote every line of the program and this was definitely a false positive.

Later I found out that I'd been distributing the CIH (Spacefiller, Chernobyl) virus to all my friends.

@Wikipedia said:

In September 1998, Yamaha shipped a firmware update to their CD-R400 drives that was infected with the virus. In October 1998, a demo version of the Activision game SiN was infected by one of its mirror sites.[4] In March 1999, several thousand IBM Aptivas shipped with the CIH virus,[5] just one month before the virus would trigger.

At least I wasn't the only one.

Cassidy

@Anketam said:

Our school's antivirus would detect itself as a virus

I've heard of one AV product getting a false positive off another AV product, but not one that dings itself.

Other than these.

I thought I also read a story on TheRegister about free USB pens given away by an AV suit at a seccon actually being infected themselves, but can't find it at the moment.

da_Doctah

@joe.edwards said:

In the mid-90s I was doing my first amateur programming projects and sharing them with my friends. Frequently enough they would tell me their antivirus flagged a file as a virus, and I would reassure them that I wrote every line of the program and this was definitely a false positive.

Later I found out that I'd been distributing the CIH (Spacefiller, Chernobyl) virus to all my friends.

And the moral of the story is this: Never trust your friends.

Ben L.

@Sutherlands said:

TRWTF is saying "McAfee are"

It's occasionally valid; for example, "The morons at McAfee are incompetent" or "TRWTF is saying 'McAfee are'"

flabdablet

@dhromed said:

The trouble with virusscanners is, if they don't catch anything... are they good?
I'm now using Avira. It's ok. Kind of nagware, though.

I've got a 120-strong fleet of school PCs using Panda Cloud Antivirus Free (unusually for a commercial AV, the free version's licence allows use by nonprofit organizations) and it finds and stomps the occasional teacher-installed trojan. I've actually not seen malware-like activity on the school network since 2006, which is when I switched all the default browsers to Firefox with Adblock Plus.

Panda is also notable among freebie AV products in just how little nagging it does. It doesn't ask for a pat on the head every time it updates itself and it doesn't make you jump through licence renewal hoops. It also doesn't break whatever it was that Microsoft Security Essentials broke while I was trying that out.

I won't go so far as to say that I like PCAV, because I bitterly resent being required to run any such thing, but as antivirus products go it really is the least annoying one I've used.

flabdablet

@Cassidy said:

@flabdablet said:
Panda Cloud Antivirus isn't too bad as these things go.

I hope it's improved since the Win95/NT4 days - Panda Antivirus' support was utterly patronising and incompetant so we dropped them quickly.

The only time I've needed support, I used their forum and it seemed to work. I figure I'm lucky to get any support for a freebie. Can't speak to how well they support their paying customers.

Sutherlands

@Ben L. said:

@Sutherlands said:
TRWTF is saying "McAfee are"
It's occasionally valid; for example, "The morons at McAfee are incompetent" or "TRWTF is saying 'McAfee are'"

:P