Recent Issues - Scanning
I've been finding myself increasingly turning McAfee's services off in order to do simple tasks without massive interference.
It's a well known and demonstrated fact that applications which use a lot of small files, like the new version of the Notes client (the Eclipse version) do not run happily with Anti-Virus.
Why? Because everytime they pick up a file to execute it, the Anti-Virus app "snatches it off them for a look". In the days of large applications, the anti-virus would simply scan a massive EXE file once and then move on. That's no longer the case.
Last Friday, I was trying to download some things from the IBM site using their "Download Director" facility. McAfee seized the Java applet and took so long to scan it that it kept timing out. In the end, the only way I could download the file was to turn off my Anti-Virus.
Recent Issues - Malware Detection
Then of course, there is malware detection. I've been becoming quite irritated with the otherwise good (and FREE) McAfee Site Advisor software because whenever I went to look at my own blogs (and any other blogs hosted by Google Blogger, it would block the site and tell me that the site was a Phishing site. If I looked the site up in Site Advisor, it would tell me that the site was clean.
I spent about a week and a half trying to get responses out of McAfee about the problem. Eventually I got a response that said;
After some investigation, we have discovered that this error was related to a bug in the SiteAdvisor program, which has now been fixed.
Anyone who sees this error should uninstall SiteAdvisor, and then reinstall it via the following link:
Please write back to me if this error is still occurring after these instructions have been followed.
I'm pretty annoyed about this. Who else has been getting this problem and is it "trashing" my internet reputation? I hope not.
Anyway, this again points to a problem on my PC - actually, I think it's very widespread because I've got the problem on both my home and work PCs.
Recent Issues - Anti-Spam
My anti-spam issues with Symantec were pretty bad (and I reported them on this blog a couple of years ago) but they've all disappeared since then. Since I moved the Anti-Spam off our servers and onto a hosted servivce.
I think that there are two good solutions to this problem;
1. Border Management
2. Safety Scans
There are about five ways in which executables or malformed data can enter your PC.
- Drives - Floppy, CD/DVD and USB
- Wired Network Connections (Generally trusted)
- Wireless Network Connections (Not necessarily trusted)
- Other Means (Developed, Parallel Laplink etc) - Unlikely.
All computers should have a firewall which is secure enough to actually lock off floppy drives, network connections and other direct ports.
For the trusted connections, there should be a simple check on boot to determine if the connection is still the same. If the network is the same (as one previously authenticated), then the connection to the resource should be opened. If not, perhaps a scan might be initiated, or a key might be required to be entered by the user.
In the case of rewritable media, like CD-RW or USB Sticks, the user should be offered either an opportunity to scan the entire device once or to open a "realtime scan/protected" connection.
In this way, the onboard firewall could protect the PC without having to constantly scan files as they are opened. The impact on the PC's performance would be minimal.
All other scanning services, such as scanning of network file shares, scanning of internet connections etc, should be done by dedicated hardware to remove the need for individual PCs to do the work.
These can be done after hours. all PCs and File Servers probably should have some sort of anti-virus and anti-malware task running on them by default after hours.
The Waiting Game
Well. It all sounds good in theory... now I just have to sit back and wait until someone develops the technology. IMHO, it's a good market opportunity for the right company.