Home

I just got home from the hospital where I booked my wife in… to the maternity ward. Our third child, another daughter, will be born tomorrow via C/Section.

It’s quite amazing. Every flippin’ time they put her in the same ward, in the same bed. :p I guess it means everything will be just fine 🙂

It’s been 5 years now since our last child. Everything is scary again in that ‘Oh boy, here we go again’ kind of fashion, but at least we know what we’re doing. Well, I hope we know what we’re doing. :p

View all of It's happening again


McAfee Madness

25th Jan 2007 technical

We run McAfee as our corporate antivirus software. It’s fairly nice to manage via ePolicy Orchestrator, and I haven’t really had any issues with it, apart from corrupt Framework agent files now and then etc. Until I rolled out VirusScan 8.5 + AntiSpyware.

We use several remote admin tools on our network, one of them being TightVNC. So, because of this, in the Unwanted Programs Policy, I disable the category to detect remote admin tools, thinking that our remote tools would be safe.

I roll out 8.5 to a few machines here and there for testing purposes. It’s been running on my entire department’s machines since the 21st December, and it has been running on about 7 additional test workstations scattered throughout the environment for the past two weeks with no issues.

So today is the big rollout day where we deploy 8.5 to the rest of the company.

The next thing, I notice that our monitoring workstation has a virus alert on the screen. I go take a look – and discover that McAfee has gleefully deleted Tight VNC – detecting it as RemAdm-TightVNC. Hmmm… RemAdm… Remote Admin perhaps? That category that was UNSELECTED for detection? Yep.

Since our monitoring workstation is set up in a really inconvenient place to work on it (hence the desire for VNC), I decided to try remotely execute a few commands in an attempt to solve the situation.

Oooh. Guess what – psexec is detected as RemAdm-PSKill.

What I find hilariously funny is that I have PSTools installed on my workstation – in my Windows directory for that matter, and I have been running McAfee VirusScan 8.5 for the past month with EXACTLY the same policy that is installed on our monitoring station, yet it has NOT picked it up. It also fails to pick up UltraVNC which I have installed on this workstation. Gotta love the selective detections.

So I add all those detections as specific exclusions in the Unwanted Programs Policy. Then I get to thinking, “What else is this fucking software going to detect and delete?”

To the knowledgebase, Batman!

I find an article referencing Antivirus 8.0i, explaining how to get a list of PuPs (Potentially Unwanted Programs) from a command line tool called csscan.exe. The article says to run csscan.exe /TARGET APPLIST >c:\applist.txt

I run it and view the resulting applist.txt.

CommonShell Command Line Scanner (VSCORE.13.3.1.100)

Engine Version : 5100.0194 AV DAT Version : 4947.0000 223716 detections Built Tuesday, January 23, 2007 Extra DAT : 0 detections

Summary :- FilesFound : 0 FilesScanned : 0 FilesNotScanned : 0

ObjectsFound : 0 ObjectsInfected : 0 ObjectsCleaned : 0 ObjectsDeleted : 0

FilesInfected : 0 FilesCleaned : 0 FilesMoved : 0 FilesDeleted : 0

Wow, quite a list. Well, I figure that since the article was applicable to 8.0i and not 8.5, they might have changed the command line a bit.

Indeed they had. Now there was a nifty parameter called PupList.

Please wait … retrieving list of names from the Anti-PUP DAT Detection name list retrieval failed

Fun fun. So I try all the other *List parameters, and discover that the only one that works is VirList, which helpfully lists most detections in the DAT files.

I also discovered that csscan.exe can be used to restore the backups that are made before files are deleted.

csscan.exe /BackupDir C:\Quarantine /RestoreBackup RemAdm-TightVNC

There’s quite a lot of nifty things that can be done with that csscan.exe. Pity it’s not documented somewhere useful. :p

View all of McAfee Madness


Frightened

25th Jan 2005 gaming

I have to say that Doom 3 is the scariest damn game I’ve ever played. Can’t tell you how many times I’ve jumped out of my skin already. I even stopped playing it for a few months cuz my damn nerves were shot.

View all of Frightened


Admittedly, the graphics are brilliant (on my 6800 at least), however the install process is NOT worth the agony. I sure as shit will not buy another game that uses so-called “Steam”.

If any of your buddies are looking to buy the game, warn them.

The install process is AGONY, especially if you only have a modem. I’m not sure that my 64k ISDN would have been much better, if it had been working.

So you have your nice DVD-sized box (If you didn’t buy the collector’s edition). I took the one with the face of that scary looking dude on it. Open the box… Just a crappy little cardboard tray with 5 CDs in paper sleeves, and 1 crappy “reference card”. Hmm. Another useless box, like the Doom 3 box, that can’t be stored with my other regular DVD-case games.

Install off 5x CDs takes awhile… bout half an hour(+?) or so. First it installs the “Steam” client, and then it installs the game proper.

Ready to play the game? Nope!

Steam updates itself. This took about half an hour (analogue connection at “48k”).

Ready to play? Nope!

Steam “decrypts” Half-life 2. This took a long time. But then it also said something about downloading content for “Codename: Gordon” – which really made me happy, considering I was connected at 48k(!), and had already been connected for around 2 hours (Note to self: Don’t mess around with other stuff in Steam while bored). Set Codename:Gordon to Never update. It didn’t stop the download. Killed Steam (had to kill the task as well), and restarted it. Half-life 2 properties shows that it has 99% updated.

Check Steam monitor. No updates in progress. Right, how the hell do I force an update? Can’t find any info. Screw it. Launch game.

Please wait… Half-life 2 will be ready in…. 86 minutes.

Wha-fuck?

More waiting. Eventually the wait time dropped… until it showed ready. I cancelled the launch. Stuff that. I wanted to see if so-called “Offline” mode worked. I disconnected the modem, and then quit Steam.

Relaunch Steam, and after awhile, it bitched about not being able to connect. Do you want to go offline? Yes, damnit.

Finally. Launch Half-life 2. It runs. About fucking time.

One thing I can say, is that I’ve definitely been put off Steam. Reading various form posts reaffirms my conviction. I will NOT buy another Steam game. (I probably will, but right at this point, I will not! I won’t! So there!)

View all of Half-life 2 First Impressions


So I run out and buy Half-life 2 this afternoon. Get home, all ready to play it, only to discover, to my horror, that it requires an internet connection to install(!). Fucking bastards. What the fuck for??

Now normally, I wouldn’t be too bothered about this… but I think our telco exchange got nailed by lightning last Thursday, because I haven’t been able to make a digital connection (ISDN) since then. Using an analogue modem has been really flaky as well. It’s the first time in 2 days that I’ve been able to establish a connection, shitty as it is, and the fucking telco has been really slack about fixing the damn problem. I’m pretty damn pissed off.

It really annoys me that a game now requires an internet connection in order to function. This ain’t America folks. We just don’t have the fucking infrastructure for that! — Well we do, but there is one telco here, and it has a monopoly, so it charges the earth for phone calls and especially data connections.

So my question is, why isn’t there an alternate means of activating this game? Why no phone numbers? What the fuck is wrong with you people? You think everywhere is the same as the USA? Kiss my ass. Unfortunately some of us have the misfortune of living in a shithole backwater (Or should I say shitwater backhole?).

View all of Half-life Heresy