Now blogging at diego's weblog. See you over there!

holy service pack batman!

Yeah, well, I still can't get that ridiculous image of Batman @ Buckingham out of my head, so I'm writing it in somehow.

A few days ago I installed Service Pack 2 on one of my PCs, the idea being that I could see whether it would interfere with share, etc. The actual installation went allright (it took a while to download & install though).

The first boot after the install was finished I was asked to configure the "security settings". Since I rely on an external firewall and have all the dangerous stuff disabled anyway, I left this disabled as well. After that the login appeared.

I logged in. And waited. And waited. Icons drew themselves painstakingly across the screen, as if the millions of tiny drunken leprechauns that are responsible for the behavior of Windows were suddenly more inhebriated than usual or maybe were away on a security seminar and thus unavailable to paint icons or do their usual tasks.

Eventually the leprechauns decided to get to work, but slowly. So I rebooted, hoping that things would get fixed that way. No luck. The second time, login took even longer.

I was sort of resigned to things not really working anymore, and thinking how I was going to uninstall this piece of crap, when a dialog box distracted me.

It was from one of the McAfee applications.

Now, backtracking for a moment. I purchased McAfee VirusScan a few weeks ago when my Norton License expired. I had fond memories of VirusScan from many years ago, when it was a simple program that included nice command line tools. Norton AV has become a monster in recent years, installing all sorts of background services that do NOTHING useful except take up resources and interrupt whenever it's most inconvenient. (Note: these services usually are somewhat useful when you operate in an all-MS environment; i.e., Office, Outlook, Messenger, etc. and you have no idea of what you're doing). Be that as it may, I had gotten tired of Norton's heavyhanded approach and decided to try something else, so I remembered VirusScan.

To be honest, I was a bit weary. McAfee had been through a number of corporate acquisitions and mergers and "refocused" on the corporate market (which is usually code for "we will now be able to push garbage down our customer's throats, only now 20,000 seats at a time). But I really had good memories of VirusScan and thought, "really, how much could they have screwed it up?".

As it turns out, the answer is "quite a lot". VirusScan 8 is one of the worst pieces of software I have ever seen. Difficult to register for. Difficult to install. Difficult to set up. Slow. In short, do not buy VirusScan. Norton is much better (if I find a simple product that just scans for viruses and doesn't try to set up my PC as if it was NORAD, I'll let you know :)).

And, most of all, VirusScan is intrusive as hell. You wouldn't believe how many times I've been interrupted in the middle of typing by the stupid VirusScan notification window telling me that "it has downloaded an update" and asking if I wanted to "continue with what I was doing."

I know that my topic was supposed to be XP SP2, not VirusScan, and that this appears to be too hyperbolic even for me, but I am getting somewhere.

About a week before I installed SP2, one of the VirusScan updates installed something called the "McAfee Security Center", which is basically a fancy control window (which is probably ActiveX-based) that tells me that my security in my computer sucks because I don't have any McAfee products installed. I am completely serious about this: McAfee is telling me that my computer is not secure simply because I don't have their software (i.e., their firewall, antispam, etc) installed--irrespective of whether I have other software or other solutions installed. When this security I disabled all the automatic services except the Virus definition update and promptly forgot about it (naturally, the thing kept updating itself, but it wasn't too bad).

Okay, so after SP2 is installed, and the second time I reboot, while I am wondering how to get rid of SP2, the following dialog box pops up:


Since I am suprised by the dialog box, I read it carefully. And even though I read it carefully, I am still not sure of the implications of this action. Keep in mind, I have just installed SP2. I haven't had time to see any of these features. As far as I know, there's nothing in Windows called "Security Center". And yet McAfee wants to replace the default with its own (which I am barely aware exists as it is).

Reasonable person that I am, I decide that no, I will not let McAfee take over the Windows Security center, since I want to see what this is, and maybe later I'll set it up like that. So I press "No" in the dialog above.

Clearly selecting "No" then triggers the following dialog:


Look at the text of the second dialog carefully.

Notice that, again, there's the options "Yes" and "No". However, because of text that can only be described as designed to deceive, the meaning of the buttons is inverted from what it was in the previous dialog. Normally, if you require double-confirmation, you'd say something like "are you really sure? Y/N". The McAfee guys, counting on the fact that you'd made up your mind and you'll probably click "No" again, simply invert the behavior of the buttons on the second dialog, so that you do what they want, no matter what.

Let's recap for a moment.

There's new security settings on SP2. Claims from Microsoft about "improved security" notwhistanding, as far as I can see the main improvement in this pack is that Microsoft is bundling all sorts of apps that until now have been third-party apps, such as adaptive personal firewalls. Additionally, they have disabled a bunch of stuff that is "dangerous", thus taking the path of "if something has a security hole, disable the feature, instead of fixing the hole." (granted, when the problem is the design, "fixing the hole" is much harder, but that's not an excuse on my book).

Anyway, it is clear that to appease third-party vendors (such as Symantec and McAfee) Microsoft has included an API of some sort of this Security Center stuff. And obviously the poor third-party companies do not want users to use the Windows defaults.

So they resort to terrible UIs and behavior like what I described here. They have to be both devious and in-your-face, so that you are not silently taken away to the MS-bundled elements over time, and you remember that it's McAfee (or whoever) that's protecting you, rather than Microsoft.

I think that most technical users will find most of this stuff completely confusing and they will either a) end up with a machine where nothing works, without knowing why, or b) end up disabling all the security.

These are several bad effects that are all clearly tied to the implementation of SP2 (and dependent to some degree on the different products that people already had). Bad UI. Confusing features. Software that's difficult to use, and crippled so that it's "secure".

I am sure that Microsoft can do better.

PS: In the end I did leave SP2 installed. After a few more reboots, the drunken leprechauns magically started to work properly again, and that was that. The only other strange thing was that Windows Messenger refused to start on reboot, and has been behaving erratically since I upgraded (when I say "erratically" I mean exactly that. Yesterday, for example, it kept showing its right-click menu no matter what I did anywhere on the screen. I had to kill it. Today, nothing's wrong. Two days ago, there were two taskbar icons for the same Window).

And yes, I have scanned for viruses, just to be sure that the source of the weirdness is not something else. :)

Categories: technology
Posted by diego on September 13, 2004 at 4:58 PM

holy security breaches batman!

So Batman shows up at Buckingham Palace, and all I can think is, good thing Robin's not around.

And, too bad that guy, whoever he is, doesn't have a WiFi handheld with him. Blogging off a ledge in what is supposed to be one of the most secure sites in the world while dressed as Batman would sure get you some hits. Don't count on sponsorship from Warner or DC Comics though.

This reminds me of the time a few months ago when some guy dressed up as Osama Bin Laden (and quite convincingly too) slipped into a party on the gardens of the Palace and walked around for a while... using the 60's Batman outfit is clearly a superior choice though, as far as looking ridiculous is concerned.

All of which brings me to my point: I was sitting down to blog a bit myself when I saw this stuff on the news .... and that was that.

I mean, who can concentrate on babbling irrelevant when things like these happen in the world?


Categories: personal
Posted by diego on September 13, 2004 at 3:50 PM

Copyright © Diego Doval 2002-2011.