Tweet
well, my day just went to shit in a fucking hurry. i have many consulting clients. they are located far and wide, and have many machines at each location. all win32 machines that i deploy run my standard gamut of utilities, all installed from a master disc that i keep handy. it's nice to know that no matter what site i may be going to, all computers will have the exact same tools available to me (basics like winzip, winrar, ssl tunnel, putty, process explorer, regmon, etc.)
one of the tools i've installed at least eight million times is VNC... possibly my favorite "remote desktop" type tool. i love it because of its ridiculously slim footprint and resource use and the fact that it runs as a service yet only uses two files. i tunnel it all through SSL and am happy as a pig in slop. anytime someone has weirdness, i can choose to securely connect in remotely, fuss around, and usually fix it without putting on pants.
today, with Revision #18 of Symantec's September 20th virus definition file, version 1.2.3 of TightVNC is being called a "trojan" and the antivirus tool is trying to delete is.... all. fucking. over. town. i've got panicked and uncertain people calling me, and i can't just tell them "no, you're not virused, close the message and i'll get to it when i see you next" since the antivirus tool is actively trying to delete an executable that's running as a service... failing to do so, then generating another message every 30 seconds. the latest TightVNC (1.2.9 stable and 1.3.8 beta RC1) seems unaffected. looks like i'm in for a huge-ass session of repair jobs.
heh, if i were unscroupulous i'd be able to make a killing on this and charge everyone for "emergency service" fees or something.
UPDATE: some new fun details of the situation
1. for those who haven't figured this out yet, trying to remotely update one's own remote-connection tools is not a day at the beach. i've had to custom-create a zip file that i'm going to remote-download onto these machines which includes within it a batch command that will (hopefully) kill the vnc service, rename the old executables, extract the new executables, and restart the service again. of course, on servers where the firewall monitors the checksum of all TCP connecting apps, that will be a problem.
2. the newer versions of VNC seem to be a little bit flaky at times. for example, the "send Ctrl-Alt-Delete" command (the most useful fucking thing about vnc if you're on a winnt platform at the other end) seems to not always work. [EDIT: after a little more poking and prodding, it seems that a restart of the service or in extreme cases a reboot of the computer will get the Ctrl-Alt-Delete functioning without error.]
3. nowhere on symantec's web site does there seem to be a phone number that i can call in order to scream at someone. random email to their support staff simply will not convey my emotions properly at this moment.
UPDATE: someone was kind enough to clue me in to the company's naming scheme for email accounts. a list of corporate officers and other department heads yeilded an audience for the email i sent off late last night.
UPDATE2: of the few emails that i sent, one generated a response. symantec's President of Consumer Products and Solutions replied with a very polite and sympathetic message, telling me that their response team would look into the matter. i'm still going with my script kiddie theory (seen in a response below) as opposed to any attempts by one company to torpedo a competetor's product.
one of the tools i've installed at least eight million times is VNC... possibly my favorite "remote desktop" type tool. i love it because of its ridiculously slim footprint and resource use and the fact that it runs as a service yet only uses two files. i tunnel it all through SSL and am happy as a pig in slop. anytime someone has weirdness, i can choose to securely connect in remotely, fuss around, and usually fix it without putting on pants.
today, with Revision #18 of Symantec's September 20th virus definition file, version 1.2.3 of TightVNC is being called a "trojan" and the antivirus tool is trying to delete is.... all. fucking. over. town. i've got panicked and uncertain people calling me, and i can't just tell them "no, you're not virused, close the message and i'll get to it when i see you next" since the antivirus tool is actively trying to delete an executable that's running as a service... failing to do so, then generating another message every 30 seconds. the latest TightVNC (1.2.9 stable and 1.3.8 beta RC1) seems unaffected. looks like i'm in for a huge-ass session of repair jobs.
heh, if i were unscroupulous i'd be able to make a killing on this and charge everyone for "emergency service" fees or something.
UPDATE: some new fun details of the situation
1. for those who haven't figured this out yet, trying to remotely update one's own remote-connection tools is not a day at the beach. i've had to custom-create a zip file that i'm going to remote-download onto these machines which includes within it a batch command that will (hopefully) kill the vnc service, rename the old executables, extract the new executables, and restart the service again. of course, on servers where the firewall monitors the checksum of all TCP connecting apps, that will be a problem.
2. the newer versions of VNC seem to be a little bit flaky at times. for example, the "send Ctrl-Alt-Delete" command (the most useful fucking thing about vnc if you're on a winnt platform at the other end) seems to not always work. [EDIT: after a little more poking and prodding, it seems that a restart of the service or in extreme cases a reboot of the computer will get the Ctrl-Alt-Delete functioning without error.]
3. nowhere on symantec's web site does there seem to be a phone number that i can call in order to scream at someone. random email to their support staff simply will not convey my emotions properly at this moment.
UPDATE: someone was kind enough to clue me in to the company's naming scheme for email accounts. a list of corporate officers and other department heads yeilded an audience for the email i sent off late last night.
UPDATE2: of the few emails that i sent, one generated a response. symantec's President of Consumer Products and Solutions replied with a very polite and sympathetic message, telling me that their response team would look into the matter. i'm still going with my script kiddie theory (seen in a response below) as opposed to any attempts by one company to torpedo a competetor's product.
Comment