« November 2005 | Main | January 2006 »
Today I found yet another reason to not like McAfee products. Unfortunately, I can't really do much about it as this isn't my computer. I came home from school to find out the operating system that I want to use doesn't like the modem, so I can't connect to the internet via our old school dialup here. So I have to use my mom's computer. The problem with this is that she uses McAfee, although she may ditch it for a cheaper and better solution of NOD32 soon (I hope). The main reason I don't like it is that it seems to have a way to "lock" your computer while you're using it if McAfee is in the process of updating something, doesn't matter what. It completely stops any new processes from starting somehow until the update is over. Now to the part about hating mIRC.
Since I don't have mIRC installed on my mom's computer I needed to download it and "install" it. I say install as all I needed was the program files and none of the links as I'm not completely installing it, just a temporary thing. Since I don't like the mIRC GUI, I also downloaded the script/GUI add-on that I like the best for it, PolarisX. So I extact all of the files and go to run the program. as the interface is loading the PolarisX custom settings, McAfee decides that the program has a "virus" file associated with one of the configuration files, mirc.ini, and decides that the best method of dealing with the threat is deleting the file. It doesn't ask me what I want to do, it doesn't allow me to say to just quarantine the file, it has to completely delete it. I don't know about other people out there, but I'd rather have a choice in what happens with files on the computer I'm working on as maybe I want to run a virus, or maybe it's just a file that 'could' have malicious intent, but doesn't do anything, like the mirc.ini file applying the PolarisX settings.
So I re-extracted the file in case there was actually something wrong with it. Try to start up mIRC again and the same thing happens, only I see that the file is caught just as the PolarisX script loads, meaning it thinks that the ini file that is telling mIRC what to do is something bad and shouldn't be there. I search around for a way to prevent the action from reoccurring or saying that the mirc.ini file was safe, but McAfee apparently thinks that the users don't know what they're doing, which they obviously don't really know if they're using it, but that's another thing entirely, so they don't offer people a way of changing their settings or ignoring files or anything of the sorts cause "McAfee knows best for your safety", at least that's what I'm seeing. Seeing as I'll never get the program working with the real-time scanner running in the background, I just turn it off and use mIRC as I normally would. Then turned the junk scanner back on so that it could keep "protecing me" from all the unsafe files that are out there.
The best part about this is what happens last, at least I think so. To make sure there aren't any malware items in the directory, I decided to scan the files that are in there and confirm the fact that they're safe. I'm not really sure how a text file can be considered a trojan, but just to be sure, I had to check. So I scan the mIRC directory with all of the files in it needed to run the program and nothing is found, although it took about 5 min. to scan about 100 files or so with the very slow scanning engine the program has, on top of the fact that it seems to like to freeze or run really slow. I'm almost tempted to try and run mIRC again so I can see the third false positive result in less than an hour. I'm also really confused in the fact that McAfee is identifying the virus to be a named trojan (although trojans aren't really viruses) and it isn't even an "Unknown" thing. McAfee is sure that this threat has previously existed and that a GUI altering script is a dangerous threat to the operating system. I'll let you all make your own conclusions on McAfee, but I'd rather go with the best, NOD32.
Posted by imnuts at 08:49 PM | Comments (0) | TrackBack
Since Microsoft decided to accept me into the Windows One Care Beta twice, once on the new Microsoft Connect Site and once a while ago on the aging BetaPlace site, I decided I'd at least download it again and test things out to see what they've improved in the past couple months as the last I used it was in Aug. or Sept. I figured with the bug reports that were submitted and feature requests and such, it would have had to have gotten better. So, after looking around for an hour for the web installation (the Microsoft Connect Install instructions are horrible) I finally got it installed on my fresh VMWare computer running XP SP2 fully up to date with next to nothing else on it.
Now comes to testing out how it works. At first, I was pleased, just after rebooting, it was already checking for updated virus definitions. It also displayed that the system was "Green" meaning that everything was up to date and running properly. I figured, "Hey, this might turn out to be a fairly good program" and continued about what I was planning for this test system. After a while, I had a few freeware/shareware screensavers that I wanted to install to get the final *.scr file from them, then remove what was installed as there is some spyware and junk that gets installed along side the screensavers. I didn't expect much to come of it, install the screensavers, take the files that I wanted and all would be good. The problem comes about 4 installations in.
So I'm installing and copying away, knowing that spyware is getting on the system and thinking nothing of it. I get to about the fourth screensaver or so and things went downhill fast for OneCare Live Beta. The spyware junk that it should supposedly protect a user from is completely ignored by the "protection" it offers. I can sort of see this as it is currently antivirus, firewall, backup, and general performance only with no antispyware component included. But after the spyware that was installing (same things over and over) finally started, I was disappointed by the bubble messages. Since I hadn't done any configuring of stuff since my system was good, the firewall recognized the spyware that was installed and of course accessing the internet. There were two things, Save.exe and one I never saw before VVDC.exe. As the firewall picked them up, it was still on auto-config, so it said "Lets allow these programs access, they don't look to bad" and the spyware now succeeded in its mission of getting into the system and tried to work.
Unfortunately for the spyware, I'm a little to advanced. After realizing that it wouldn't die just by ending the task and I couldn't delete it yet as I had more spyware installing screensavers to add yet, I just revoked it's permissions. It's amazing how quickly you can kill a program by removing all access priveliges to the folder that it's in from everyone, even the system and owner and administrators. It doesn't know what to do with itself. So I continued installing my screensavers, got all the files and uninstalled the screensavers. I forgot about the permissions thing, so I had to manually uninstall that junk after resetting permissions somewhat. But the thing that bothers me most is the fact that the firewall auto-configured itself to allow known spyware programs access the internet. I'll of course be submitting feedback on this issue (and also for the bug I found in the process). Hopefully, the developers see an error in their detection/configuration rules that can remedy the issue, as allow spyware access to the internet is a bad idea.
Now off to test it out against an AIM virus that was spreading a few weeks ago and see how the antivirus component stacks up against NOD32, which I already found out can handle the job, since I tried to install the virus on purpose to test out NOD32 since I don't get viruses.
Posted by imnuts at 11:45 PM | Comments (0) | TrackBack
I'd just like to wish everyone a happy and safe holday season. Whatever your religious orientation it is a time of year to be thankful for all we have in the world.
Posted by e to the x at 09:44 AM | Comments (0)
Powered by Movable Type 3.2. Valid XHTML too, and we got an RSS Feed.
PROnetworks Blog is a fully owned subsidiary of the Hawaiian Style Organization LLC