This is part one of a three-part story. If you haven't read part one and part two yet, you should do that first.
At this point I'm past my threshold for endurance. Shoddy installer allows a partial install that borks my ability to establish an IP, incessant messages popping up during normal computer use, a driver causes blue screens due to some unknown interaction with other software, and (as I was about to find out), misconfigured uninstaller.
Mini-Rant: The second point you might quibble over, as almost all firewall software does this. But DSA2 takes it to the irritating extreme: it also pops up to ask you if you really want to run this program, every time a new process spawns that it doesn't know about. You can turn it off, and I did, but this mentality bothers me. As a software developer myself, I've seen message boxes get ignored, and more of them is not the answer. More messages to the user means more familiarity for the user in clicking No, or Cancel, or "whatever makes it go away". This is really a separate rant, on UI design, but yet it's relevant here. My own mother, who is hardly a technophobe yet also not the most tech savvy, has complained to me about this very thing, both when I installed Spybot's TeaTimer (which watches for important registry changes and asks you to allow/block them) and when I enabled her firewall software. Both times she told me she found herself just allowing everything through, because she didn't know what any of it was (and she's not going to punch each one of them into a search engine--but nevermind that; DSA2 doesn't give you time for that. You have 30 seconds to press a button. Geez.)
So it came time to uninstall DSA2. This should be the easiest part, shouldn't it? I fire up MyUninstaller again and lo, it isn't in the list. I search (yes, you can search for text in the list, one of many novelties Microsoft can't be bothered to give you in Add/Remove Programs) for Dynamic, and then for Privacyware. Nada. I look in the Start menu. Nope! I look for the option in the program. Nuh-uh. I google "Dynamic Security Agent uninstall" (without the quotes; this turns up results for most programs, particularly if people don't like them and want to get rid of them, which I would imagine DSA2 causing). Nothing useful. On a lark, I decide to fire up Add/Remove Programs, and there it is in the list, under Dynamic Security Agent.
Now I've been using MyUninstaller for quite some time, and this is the first time I've ever seen it fail to see something Add/Remove Programs saw. What non-standard way could they have registered their uninstaller that it would show up in one but not the other? You might think this indicates a bug in MyInstaller, not DSA2, but I'm inclined to lean the other way. It's proven in so many ways (including a shoddy installer) that it doesn't play nice with other applications or, in fact, the operating system, so why should it start now? Due mostly to the fact that I've never seen this happen before and I, as previously mentioned, install and uninstall a lot of software regularly, I'm going to say this one is on DSA2 as well.
I wish I had the perseverance to hunt down the "right" way and see how that deviates from DSA2's way; or to hunt down what exactly caused the BSOD that I kept getting before. But let's be honest. They don't pay me to debug their software. It's sufficient, for the purposes of this blog post, to say it didn't work for me. It didn't work for me and it wasted 5 hours of my time as it was, and I highly do NOT recommend this software. To anyone. I don't understand how it's rated so highly by users on Download.com, but I'm publishing my experiences with it, with error messages and such intact, so that maybe someone else googling them will have better luck than I did at figuring out what's wrong. Dynamic Security Agent is wrong. Get rid of it. I don't say that lightly. I very very nearly came to the point where I was going to throw my hands in the air and just go ahead and reinstall Windows. You shouldn't need a degree in Computer Science to clean up the mess a program makes, particularly a program you downloaded to prevent messes from happening on your computer.
Sunday, December 16, 2007
Spyware, Google, and Dynamic Security Agent (part 2)
This is part two of a three-part story. If you haven't read part one yet, you should do that first.
Back to diagnosing software then. First I check on the server end to see what it sees the client doing via the log kept by the DHCP daemon on my router (a Linux box). It received a discover and issued an offer, but it never received a request for an IP address (which it would respond to with an ack to complete the handshake). Something is very broken here. Next, I check the LSP list in Spybot to see if there's some residual brokenness from the malware I cleaned up--something in the form of a break in the chain caused by a file being deleted, say. No dice.
I check the Event Viewer (Start->Settings->Control Panel->Administrative Tools->Event Viewer or the "easy way" of Win+R, eventvwr.msc) for any hints as to where the failure is occurring. There are a couple of interesting System errors: A couple of services failed to start because "a device attached to the system is not functioning" (DHCP among them), "boot-start or system-start drivers" failing to load (I attributed this to my stint in Safe Mode), and "The Privacyware network service service failed to start due to the following error: The system cannot find the file specified." I check Windows' Services manager (in Control Panel, or Win+R, services.msc) and check the DHCP Client service's dependencies, then check to make sure they're all running. Check. Nothing else looks out of whack there. The Privacyware thing slips my mind and I move on to installed applications.
Now I don't use Add/Remove Programs under Control Panel, and I'll tell you why. I tend to be a power user (maybe you've noticed?), so I have lots of programs installed. The more programs you have, the (exponentially, or so it seems) longer it takes for Add/Remove Programs to populate the list of installed applications. What takes so long, I'm convinced (though I could be wrong) is calculating disk space. For each program, it looks at the location where it's installed and calculates the size of that directory tree. Not only does it take a long time, it's also often incorrect, for applications that share directories and the like. That all being irritating and useless to me, I instead choose to use MyUninstaller. So I load it up and sort by date of install, descending, and am looking through the most recently installed programs. What's interesting at this point isn't what I see, but what I don't see. The antivirus software is there, but Dynamic Security Agent isn't. Odd.
I check under the Start menu and don't find it (much less an uninstall option there). I look under Program Files but don't see it filed under the application name. I google it to find the company name. Privacyware...why does that sound familiar? I go back to Services and locate the Privacyware Network Service service, go to properties, note the file, and browse to it. It is, in fact, missing. Not having any clear way to uninstall it, I decide instead to reinstall it. This time the installation goes swimmingly. It wants to reboot. I reboot.
One of the first things I notice is that I have internet connectivity again. Having found the problem, I set about running all my internet applications (IM, torrent, web browser, etc.) I quickly realize that its process monitor is going to drive me up the wall, so I turn that off. I check in with AVG to see how its scan is going (it started a Complete Scan in the background hours ago, but with all my crap and the multiple reboots, it has yet to finish it). I open up AVG's Control Center by accident, instead. In just clicking around, getting used to the program, I go to open the Virus Vault.
Blue Screen of Death.
DRIVER_IRQL_NOT_LESS_OR_EQUAL in PWIPF6.SYS
As soon as I'm back into Windows, I google it. Nothing? Hmm. I google just PWIPF6.SYS. It's not an AVG driver that crashed--that driver belongs to DSA2. Thinking that maybe it's a fluke, I open up the AVG Control Center and try it again. Same BSOD. Next time I'm in, I try something different in the Control Center (can't recall what) and get the same BSOD.
Continue reading with part three.
Back to diagnosing software then. First I check on the server end to see what it sees the client doing via the log kept by the DHCP daemon on my router (a Linux box). It received a discover and issued an offer, but it never received a request for an IP address (which it would respond to with an ack to complete the handshake). Something is very broken here. Next, I check the LSP list in Spybot to see if there's some residual brokenness from the malware I cleaned up--something in the form of a break in the chain caused by a file being deleted, say. No dice.
I check the Event Viewer (Start->Settings->Control Panel->Administrative Tools->Event Viewer or the "easy way" of Win+R, eventvwr.msc) for any hints as to where the failure is occurring. There are a couple of interesting System errors: A couple of services failed to start because "a device attached to the system is not functioning" (DHCP among them), "boot-start or system-start drivers" failing to load (I attributed this to my stint in Safe Mode), and "The Privacyware network service service failed to start due to the following error: The system cannot find the file specified." I check Windows' Services manager (in Control Panel, or Win+R, services.msc) and check the DHCP Client service's dependencies, then check to make sure they're all running. Check. Nothing else looks out of whack there. The Privacyware thing slips my mind and I move on to installed applications.
Now I don't use Add/Remove Programs under Control Panel, and I'll tell you why. I tend to be a power user (maybe you've noticed?), so I have lots of programs installed. The more programs you have, the (exponentially, or so it seems) longer it takes for Add/Remove Programs to populate the list of installed applications. What takes so long, I'm convinced (though I could be wrong) is calculating disk space. For each program, it looks at the location where it's installed and calculates the size of that directory tree. Not only does it take a long time, it's also often incorrect, for applications that share directories and the like. That all being irritating and useless to me, I instead choose to use MyUninstaller. So I load it up and sort by date of install, descending, and am looking through the most recently installed programs. What's interesting at this point isn't what I see, but what I don't see. The antivirus software is there, but Dynamic Security Agent isn't. Odd.
I check under the Start menu and don't find it (much less an uninstall option there). I look under Program Files but don't see it filed under the application name. I google it to find the company name. Privacyware...why does that sound familiar? I go back to Services and locate the Privacyware Network Service service, go to properties, note the file, and browse to it. It is, in fact, missing. Not having any clear way to uninstall it, I decide instead to reinstall it. This time the installation goes swimmingly. It wants to reboot. I reboot.
One of the first things I notice is that I have internet connectivity again. Having found the problem, I set about running all my internet applications (IM, torrent, web browser, etc.) I quickly realize that its process monitor is going to drive me up the wall, so I turn that off. I check in with AVG to see how its scan is going (it started a Complete Scan in the background hours ago, but with all my crap and the multiple reboots, it has yet to finish it). I open up AVG's Control Center by accident, instead. In just clicking around, getting used to the program, I go to open the Virus Vault.
Blue Screen of Death.
DRIVER_IRQL_NOT_LESS_OR_EQUAL in PWIPF6.SYS
As soon as I'm back into Windows, I google it. Nothing? Hmm. I google just PWIPF6.SYS. It's not an AVG driver that crashed--that driver belongs to DSA2. Thinking that maybe it's a fluke, I open up the AVG Control Center and try it again. Same BSOD. Next time I'm in, I try something different in the Control Center (can't recall what) and get the same BSOD.
Continue reading with part three.
Spyware, Google, and Dynamic Security Agent (part 1)
About 5 hours of my day were wasted today, and I'm going to chronicle them for you in the hopes that I can help you avoid my mistakes. In case you don't like spoilers, you should avoid reading the following: Dynamic Security Agent is trash; don't install it.
It started when I went to Google something, like I do so often (hence Google used as a verb). I was greeted by the following cheery message:
Their antivirus and spyware links point to download.com, so I do what seemed sensible at the time. I restricted both lists to free (not "free to try") software, sorted it by user ranking (highest rated at the top), and downloaded and installed the first few useful seeming programs from each category. One such program was named Dynamic Security Agent 2.0 (henceforth, DSA2), and it sounded innocuous enough from the description.
Fast forward a bit and I've now installed AVG and Avast, have upgraded Spybot and Ad-Aware 2007, and am installing DSA2. I've decided to install it last since their blurb on Download.com says "DSA incorporates anomaly detection components that baseline normal computer operation and detect unacceptable deviations from typical use." If that's true, I want it to consider the other software I installed to be part of the baseline, and not nag me each time I install antivirus software. It's also about this time I head to bed, so I leave the spyware scanners running and AVG is still doing its complete scan in the background. It completely fails to register that I double clicked the installer (twice even) and nothing ever happened.
When I wake up, the scanning is done, DSA still hadn't presented an installer, and I decide to reboot, to let Spybot finish cleaning house (I actually had to boot into Safe Mode to get a particularly nasty bit of malware that had installed itself as a driver. Then I rebooted again.) One of the first things I notice is that I don't have an internet connection any more. Running through the list of normal offenders, I find that my DSL modem and router are neither one the cause--I can ping various things from the router fine--and the daemons running on the router aren't either--I can ping those same things from my file server (meaning DHCP and DNS are working on the router as well). So the problem is on the Windows box, the machine I had just rebooted after scanning completed.
I fire up a command prompt and run ipconfig. I have a 169.254.x.x address, meaning that Windows APIPA kicked in because DHCP failed (i.e., it gave me an IP address that would only be useful if I were running an ad hoc network with no DHCP). What's peculiar about this is that I know (above) that DHCP is working as is all the hardware between this machine and the router issuing DHCP leases. I test the easiest thing first: I run ipconfig /release followed by ipconfig /renew. After approximately five forevers, it tells me that the DHCP server could not be contacted. I check Network Connections and see that my Local Area Connection is set to obtain IP automatically and determine DNS servers automatically. I check Device Manager and all looks well.
Has my NIC gone out? Yet it has a link light at both ends. I plug the known-working file server into the switch port that my Windows box was connected to, have it DHCP again, and test via ping again. The port works fine. I swap the cables back and try a USB NIC I have (actually the Wii-branded one, which I know works because my Wii was using it). One irritating driver download/transfer/install later, and I'm able to confirm that it's not the NIC, as this other NIC behaves the same way (driver up and running, link light on, yet refuses to DHCP). At this point I know it's not a hardware issue, as I've tested all the hardware between the client and the server (explicitly or inductively--I can't actually take the NIC out and try it in another computer as it's on the motherboard).
That leaves software. Specifically, that leaves (presumably) system software, as the only application software I've installed is known to be good and safe, right? Bad assumption. Not particularly wanting to troubleshoot Windows internals at the moment, I decide to try the easy way out. I dig out a Windows XP SP2 CD and set about repairing my installation. That's the third repair option, by the way, not the "press F2" one at the beginning, and not the Recovery Console when it offers that--you pass those and act like you want to install Windows, then it detects an existing install and offers the option to repair it. I mention that because it's not at all intuitive, and you might care, if you've read this far. Skipping past the fun update and driver issues that caused for me, let's just say that didn't help at all. Booting into a "repaired" XP, I find a 169.254.x.x address waiting for me again.
Continue reading, with part two.
It started when I went to Google something, like I do so often (hence Google used as a verb). I was greeted by the following cheery message:
Their antivirus and spyware links point to download.com, so I do what seemed sensible at the time. I restricted both lists to free (not "free to try") software, sorted it by user ranking (highest rated at the top), and downloaded and installed the first few useful seeming programs from each category. One such program was named Dynamic Security Agent 2.0 (henceforth, DSA2), and it sounded innocuous enough from the description.
Fast forward a bit and I've now installed AVG and Avast, have upgraded Spybot and Ad-Aware 2007, and am installing DSA2. I've decided to install it last since their blurb on Download.com says "DSA incorporates anomaly detection components that baseline normal computer operation and detect unacceptable deviations from typical use." If that's true, I want it to consider the other software I installed to be part of the baseline, and not nag me each time I install antivirus software. It's also about this time I head to bed, so I leave the spyware scanners running and AVG is still doing its complete scan in the background. It completely fails to register that I double clicked the installer (twice even) and nothing ever happened.
When I wake up, the scanning is done, DSA still hadn't presented an installer, and I decide to reboot, to let Spybot finish cleaning house (I actually had to boot into Safe Mode to get a particularly nasty bit of malware that had installed itself as a driver. Then I rebooted again.) One of the first things I notice is that I don't have an internet connection any more. Running through the list of normal offenders, I find that my DSL modem and router are neither one the cause--I can ping various things from the router fine--and the daemons running on the router aren't either--I can ping those same things from my file server (meaning DHCP and DNS are working on the router as well). So the problem is on the Windows box, the machine I had just rebooted after scanning completed.
I fire up a command prompt and run ipconfig. I have a 169.254.x.x address, meaning that Windows APIPA kicked in because DHCP failed (i.e., it gave me an IP address that would only be useful if I were running an ad hoc network with no DHCP). What's peculiar about this is that I know (above) that DHCP is working as is all the hardware between this machine and the router issuing DHCP leases. I test the easiest thing first: I run ipconfig /release followed by ipconfig /renew. After approximately five forevers, it tells me that the DHCP server could not be contacted. I check Network Connections and see that my Local Area Connection is set to obtain IP automatically and determine DNS servers automatically. I check Device Manager and all looks well.
Has my NIC gone out? Yet it has a link light at both ends. I plug the known-working file server into the switch port that my Windows box was connected to, have it DHCP again, and test via ping again. The port works fine. I swap the cables back and try a USB NIC I have (actually the Wii-branded one, which I know works because my Wii was using it). One irritating driver download/transfer/install later, and I'm able to confirm that it's not the NIC, as this other NIC behaves the same way (driver up and running, link light on, yet refuses to DHCP). At this point I know it's not a hardware issue, as I've tested all the hardware between the client and the server (explicitly or inductively--I can't actually take the NIC out and try it in another computer as it's on the motherboard).
That leaves software. Specifically, that leaves (presumably) system software, as the only application software I've installed is known to be good and safe, right? Bad assumption. Not particularly wanting to troubleshoot Windows internals at the moment, I decide to try the easy way out. I dig out a Windows XP SP2 CD and set about repairing my installation. That's the third repair option, by the way, not the "press F2" one at the beginning, and not the Recovery Console when it offers that--you pass those and act like you want to install Windows, then it detects an existing install and offers the option to repair it. I mention that because it's not at all intuitive, and you might care, if you've read this far. Skipping past the fun update and driver issues that caused for me, let's just say that didn't help at all. Booting into a "repaired" XP, I find a 169.254.x.x address waiting for me again.
Continue reading, with part two.
An introduction (AKA pointless blather)
Despite the name, this blog isn't about insignis interactive, a business I claim develops software despite having none available for download at the moment. It's also not about serious ranting, which I do elsewhere. That's not to say I won't rant here--I will--but more about the day-to-day things than the enduring, and more on pragmatic things than theoretical. At least that's the way I'm seeing it now and thus what I'm claiming (and I already know what my first "real" post will be, so that's not nothing). So sit back and relax while I bore your socks off.
