Awesome Conferences

See us live(rss)   

Why does McAfee hate Samba?

When McAfee changed the name of McAfee VirusScanASAP to McAfee ManagedVirusScan the released a software update that changed the name, the logo, added many features, and breaks the ability to mount shares from Samba servers. Turn off "Script Scanning" and things will be ok. Will McAfee ever fix the problem? They won't tell me, so I am left to re-enable that feature now and then to see if the problem returns. Now I have a network of machines that live without protection against Nimba. This must be why so many people tell me "McAfee sucks."

This problem seems to happen only for W2K machines talking to Samba (and possibly only Mac OS X's built-in Samba). The XP machines I use don't have the problem, and no machine that talks with a real Windows File Server (not Samba) has seen the problem.

ManagedVirusScan, for those that don't know, is an interesting product. It is a virus scanner (and now pop-up blocker, Outlook email scanner, and presumably an anti-Samba tool). It installs by either running an .EXE or, more commonly, by going to a particular URL and letting the ActiveX program that gets downloaded do the install for you. The URL is at McAfee, so you don't need a server. The updates are automated (both software updates and signatures) and those updates come from McAfee's server's directly. As the administrator, I am given an account on McAfee's web site which I can log in to see a "dashboard" display of all my machines, query for out-dated machines, and so on.

It's very convenient, especially for small companies. For example, when we found the incompatibility with "script scan" we went to the dashboard, modified our policy to disable that feature, and in 12-24 hours all of our machines had updated themselves. I kept logging into the dashboard to see, over time, machine after machine update themself. Since these machines are 5 timezones away, it was much better than calling the staff there constantly to nag them about doing the updates manually.

I had many problems with McAfee's support. The first Tier-1 engineer I spoke with was not trained beyond "is it plugged in? is it installed correctly?" type of questions. That's fine for home users, but by virtue of the fact that I'm using ManagedVirusScan I should go directly to Tier-2 support. However, to get to Tier-2 support you have to jump through hoops.

Interestingly, when I did jump through the hoops, suddenly the Tier-1 person was able to help me. Do they get punished every time someone successfully makes it to Tier-2, so by clearing their hurdles I scared them into doing their job? Or is this like the Wizard of Oz... Tier-2 doesn't exist, it's just a smoke and light show. Therefore, anyone asking to speak with Tier-2 is told they first have to kill the Wicked Witch of the West, which is impossible. Alas, this Dorothy defeated their ruse and suddenly they had to make other plans. Ah, that's it! Tier-2 doesn't actually exist!

Seriously though... the hurdle was that I had to collect specific data from the machine when the problem occurred. No so bad. However, once I got the data to that person he disappeared. I called in to ask for status of my ticket and got someone else on the line. She re-asked me all the questions that were already recorded in the ticket (how annoying). She then said that it would take a while to analyze the data I had sent and she would call me back. I told her that I wanted it analyzed while I was on the phone (my thinking was that the next time I called in to check status I'd be talking to a third engineer, and the entire process would start again.) At this point I would think that she would say, "Oh, someone from Tier-2 will have to analyze the data." but amazingly enough, she didn't. Suddenly she could find the problem in the knowledge base. Ah ha! Further proof that Tier-2 doesn't exist!

In customer support class that I teach I recommend a well-defined "escalation procedure" and I was very impressed that McAfee had one. However, I think it has backfired. The first engineer I spoke with was lazy and seems to use the escalation procedure to simply get out of doing any work. He has realized that he can either work to get the customer's question answered, or do what it takes to get them to qualify for Tier-2. The latter is easier. He's got a good thing goin' on.

The McAfee phone wait time was terrible. Each time I called McAfee I followed the "phone menu" to the best of my ability, waiting 45 minutes or more in the queue, and then was told that I was in the wrong queue and was put on hold for another 30 minutes. Oddly enough, I had to go through this every time. I'm a relatively smart guy but I couldn't figure out what buttons I should be pressing to get into the right queue. I think they actually have the first queue there just to "protect" people in the second queue. If enough people hang up out of frustration. "It takes months to find a customer, but only seconds to lose one... the good news is that we should run out of them in no time."

I had a number of important meetings the days I was debugging this, but I couldn't leave the phone (if I hung up, I'd have to go to the end of the queue when I dialed back in). Therefore, I was in this comical situation of leaving my phone on "speaker" loud enough so that I could hear it from my meetings. When I'd hear the engineer yelling, "hello? hello?" I would run down the hall to grab the phone. I felt like Lucy in the chocolate factory episode. I'm sure everyone in my hallway enjoyed listening to McAfee's hold music, separated by interruptions of their reminder, "Did you know many common problems can be fixed by reading the f'ing manual or updating your damn software?" (paraphrased)

So while I spent 3 days trying to get an answer out of McAfee, my staff was replacing McAfee with the "free" version of a competing vendor's scanner. McAfee should pay attention to that. In hind-sight, it would have been easier to switch away from McAfee than to get this problem solved. The one thing that kept me staying with McAfee is that as a hosted solution and I'm short on staff. That dashboard becomes very valuable to me, as a manager. Sure, other solutions have a dashboard, but it runs on my server, not theirs. That means I have yet another server to maintain. It also means that PCs outside our firewall wouldn't have access to updates.

If Dilbert's worked at McAfee, I fear his boss would read this article and say, "Hey, the proof is in the pudding! They didn't leave us for the competing product therefore this isn't a problem!" I once worked for a CEO that thought like that. That company isn't in business any more.

If anyone from McAfee is reading this, I'd love to talk with them directly.

Posted by Tom Limoncelli

No TrackBacks

TrackBack URL: http://everythingsysadmin.com/cgi-bin/mt-tb.cgi/853

1 Comment | Leave a comment

[url=http://www.softassembly.com/Signatures.html]Signatures coupon[/url].

Leave a comment