Network News

X My Profile
View More Activity

Not-So-Supportive Tech Support

Security Fix received some correspondence from a reader the other day that reminded me of a topic that deserves some attention: the dangers of software tech support people handing out advice on what to do with your security software when it potentially interferes with the proper functioning of your programs.

Case in point: The reader forwarded me this e-mail he received from the support folks at his company after he inquired about having trouble viewing shared photo albums on Kodak's EasyShare Gallery:

"We're sorry to hear that you are experiencing a problem with the Gallery's website. You may have security software in place that is preventing you from completing your task. Please disable the security software that you may have running, and try your task again. You may also need to disable the Windows firewall. Please follow the link below for instructions regarding disabling your Windows firewall. ..."

Yes, occasionally it is necessary to temporarily disable security software to diagnose a problem, but in nearly every case where you encounter this advice, nowhere do you see companies urging customers to remember to re-enable the security software once the problem is fixed or diagnosed.

What's more, this kind of advice always takes a broad-brush approach: rather than telling customers what behaviors their software might exhibit on a Windows computer running certain types of firewall and anti-virus applications -- and offering specific steps on what to do about it -- many companies simply tell customers to smother their security defenses.

This kind of advice is far too common, and usually comes from automated tech support services or from people who are reading scripts from a FAQ page. This is not an isolated incident: Google the words "install" and "disable firewall" and you will see just how many companies offer this kind of "support."

Turns out this reader's problem was fixed by adding Kodak's site to his Web browser's "trusted zone" (yes, he was using Internet Explorer), but the reader didn't get a satisfactory response from the company's support group (i.e., escalation to a real, live person) until his conversation with a washingtonpost.com reporter was mentioned.

By Brian Krebs  |  March 21, 2006; 1:31 PM ET
Categories:  From the Bunker  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Turning Adware into Shameware
Next: Exploit(s) Released for Unpatched IE Flaw

Comments

One of these days such advice will lead to significant customer harm (e.g., identify theft), at which point the customer should be able to make a pretty good liability case against the vendor who advised them to drop all their security defenses. Is software technical support subject to the same terms as the software license agreement?

Posted by: BZ | March 21, 2006 3:28 PM | Report abuse

Last year I was trying to listen to a local radio station's internet feed. They advertised this as requiring a special player. I could never get this to work and was sent a lengthy list of things to disable (see: http://www.jimcarson.com/a/2005/03/fomplicated.shtml), leading me to coin the word "fomplicated".

What's the likelihood that my company's IT department will disable - even temporarily - firewalls and whatnot just so I can listen to a music feed? Answer: not likely.

The ultimate resolution to the problem came when the vendor sent me the direct link to the feed. Not only does it work without a hitch (or disabling things), but it's free of additional advertainment.

Posted by: Jim Carson | March 21, 2006 3:53 PM | Report abuse

Adding a site to the Trusted Zone and enabling/disabling a firewall are two very different things. Kodak not only gave bad advice from a security perspective, their initial advice wouldn't have worked anyway.

It also makes me wonder whether their photo-sharing app and its servers are free of bugs and security holes. Is the carefree attitude toward security by the support folks also shared by their data center staff?

Posted by: Ken L | March 21, 2006 4:13 PM | Report abuse

Hi..

There is no society so bent on self destruction as one who hands over the security of its territory, weaponry or technology, including "tech support", to those who want to take over its markets. This includes territory as well as labour, services and goods.

The philosophical, economic and technological superiority that our western societies have achieved has not been 'given to us" and is not a "blessing" but is a by-product of our rejection of, and rebellion against the tyrannical oppression of Church and King with their "divine rights", ordering and demanding obedience to their man-man dogmas. In a more pro-active way, our reliance on the pseudo science which was medicine, alchemy and magic was forced to change because of the plagues and pandemics that devastated Europe and North America.

Basically, each in their own little way, our forefathers, not necessarily understanding the reason why or the broader implications, just refused to "obey" and comply. Maybe it's a natural evolutionary process that follows an intellectual or spiritual enlightment, or maybe it was a process that follows a change of energy for fuel. Europe had used up it's wood supply and was moving to coal and other fossil fuels such as oil, feuling the industrial revolution.

Innovation meant survival and no king or church was going to stifle that drive. Add to that the pressures of plagues and wars and the picture of our survivalist western "free" attitude becomes clear.

We are now wanting, in true capitalistic fervor, to profiteer with our superior technological, and freer society from the rest of the world's cheaper labour markets, and abundant natural resources by sending the security and support for our technology (tech support) to an obedient and compliant polulation, still controlled by religion and "tyrants" and expect them to be "innovative". We opine, to satisfy our religious or altruistic instincts, that we are creating jobs and pulling them into the 21st century.

But, what we don't see, is that it is impossible for the individual "tech support guys" to make sense of the contradictory information they are receiving. They do a poor job at keeping us, the "user", satisfied while in their religious and culturally obedient and compliant minds, they have "fought the good fight" against the "materialist west" or the "great Satan" as some call us. And after all, they have done what was asked of them: work cheap, fill quotas, delay, follow proceedures, obey, obey, obey...

We are mavericks, rebels, irreverent, disobedient, and free and our technology reflects that. They are obedient, compliant, reverent and subject to the point of slavery to culture, religion, and caste, and their attitude reflects that.

Then, to top it all off, they get instructions from the (our) company management to work cheaper, faster according to quotas etc. Our expectation of a "good job" according to our standards, is impossible by their standards. Although in their societies, they already earn the big bucks are are the nouveau riches, by our standards, they are the poor and are still a cheap labour pool

We are the silly ones to expect more than that. Unless we start adressing the political systems and religious institutions that keep them obedient, and compliant and "serfs", we will not see "innovative" tech support from those societies. So what is the solution?
How can we acheive our desired "Gross National Happiness"?

Unless we adress their religious and political institutions, we must bring back to our economically devastated middle class, the "tech support" jobs, that they, our higher paid, but rebellious, irreverent, materialist, maverick, disobedient but innovative, and patriotic working class can do, and watch them make it work properly...

Keep on the Sunny Side of Life...

It will get worse before it gets better.
We are the silly one, not them (the tech support guy)

4d-Don

Posted by: 4d-don | March 21, 2006 4:44 PM | Report abuse

My 13-year-old is having difficulties installing a video game from a CD, Lord of the Rings Battle of MiddleEarth II. I encountered a similar note in the tech support-disable the antivirus program when using with XP. I'm confused-won't we be inviting more problems by doing so? I shudder to think of what we're inviting in with games, even those relegated to one specific computer.How many kids would get used to 'oh, disable this program,' and never re-enable? I want to avoid all games but I won't win that battle.

Posted by: EO | March 21, 2006 4:44 PM | Report abuse

My horror story: got the blaster virus two years ago. Called Microsoft for help and was immediately charged $35 and was told to hold for help. Two hours of Muzac later--no help. Emailed, recalled dozens of times. Nothing.

SIX WEEKS later, long after I'd repaired it on my own, Microsoft support calls me up.

I demanded a refund...it never came. I paid Microsoft $35 for absolutely nothing.
Good thing I have more money than Gates(not).

More tech madness on the Muse in "Oodles of Googles."

http://www.eyewitnessmuse.com/diary.php?p=195

Posted by: The Eyewitness Muse | March 21, 2006 6:37 PM | Report abuse

Granted, companies should not tell customers to do things that leave them open to attack. Having said that, you try to:

-Explain to the 70 year old little old lady on the other end of a phone what a firewall is...

-Guess which, if any, antivirus, anti-spyware, or firewall they have installed from their description...

-Help the customer distinguish between the desktop, the taskbar and the system tray over the phone...

and on and on and on...

Tech support people are generally not employed to educate customers how to use their computers. To expect them to do so is to expect too much. Most call centers want you to solve the customer's problem as quickly as possible, get 'em off the phone and take the next call.

In that atmosphere, the problem you've pointed out is the natural result.

Posted by: The Evil Midnight Bomber What Bombs at Midnight | March 21, 2006 7:49 PM | Report abuse

I can certainly empathize with these tales. Two days ago after downloading a needed McAfee update, suddenly the incoming e-mail would not work. First calls to the ISP tech support whereby a good tech told me it is well known that McAfee updates will change the data in the "incoming server" field. Sure enough after correcting that I could get into Outlook Express but then still could not get my mail. Called ISP again and got someone who was floundering and absolutely no help. ISP had suggested calling McAfee to notify them of what had happened with their download. Called and was referred to "pay for call" undoubtedly to Asia. After giving credit card info was on line for nearly an hour making absolutely no headway when the tech said "I'll call you back." In the interim I called ISP yet a fourth time and got a very good tech who tried a number of fixes to no avail. He then asked me to wait a moment, came back on the line and apologized saying the ISP was having problem with their outgoing mail server (my incoming mail server) whereby no one could log on to get their incoming mail. He had been unaware of the problem. Approx. 12 hours later the problem was fixed and mail appeared. 24 hours later 'Asia' called to continue but I didn't answer the phone because we had solved the problem. McAfee does. however, change the data on the pc during an update. Now I know but after many phone calls, some costly (for the phone call to Asia I'm suer), and 24 frustrating hours. I guess the moral of the story is to keep plugging away and for one to fix it oneself.

Posted by: LS | March 21, 2006 8:33 PM | Report abuse

I think we over estimate the responsibility of the company to diagnose a user's computer problems and ensure the users safety while surfing. If you're having difficulty with a website because of a popup blocker, firewall, or other security measure, there are a number of fixes that are possible.

A tech support representative has few options, automated or not, when speaking to the average user (who knows alarmingly little about the 900 dollar machine he's hacking away on). These options including telling him one of the fixes, or all of them. The client will then likely try each fix until one works. This means he'll add the site to his trusted site zones under internet options, upgrade to service pack 2, download an IE patch for more encryption, disable any number of firewalls or pop-up blocking software the customer may have installed, to list a few. Any or all of these might fix the user's problem. It's difficult for a tech support representative to know which one will work. A wide brush approach must be used unless you want to pay dearly for more advanced tech support.

Do not blame the companies for not "suggesting" to the client that they reactivate the numerous bits of software shielding their machine. That is hardly a company's responsibility. More so it would be a gesture of good will on the tech support representative's part to remind the client to take care of their own business.

People are far too ready to blame the corporations for all of their problems. You called the company; they got their site to work for you. After that, cya. The miasma of blaming others for our own problems has grown large enough.

It's not a company's job to know all of the intricacies of every software bundle out there meant to block pop ups and stop intrusion. That's the user’s job. You buy and use software, you should know about it. Don't count on Citi Bank or Bank of America to babysit your online experience outside of their domains.

In short, C.Y.A. The e-mail did say TEMPORARILY disable, after all.

Posted by: William | March 21, 2006 9:53 PM | Report abuse

William, the e-mail did NOT say temporarily. Those were my words.

Posted by: Bk | March 21, 2006 11:33 PM | Report abuse

Sorry -- I misread that part. My point still stands.

Posted by: William | March 22, 2006 1:03 AM | Report abuse

Often it seems the technical support is lacking and only aimed at simple solutions for the inexpert user. Find a real problem or ask a technical problem and most often the reaction is to blame the user or their computer, regardless of facts. One might think many so called support staff would think a CPU bus was work transport laid on by the company. So why be surprised at poor advice.

Posted by: Steve | March 22, 2006 1:20 AM | Report abuse

Here's an anology.

You go to an auto parts store to buy a part for your car.

You then try to install the part and you find out that it won't work.

You go back and are told that yes it fits your car but only if you don't have an air conditioner on it.

This is the kind of crap that software companies are foisting on people.

They don't test their software for the common configurations that many folks have and further, they don't disclose that they haven't tested their product on those configurations.

Then when you have trouble, they engage in non-responsive, finger-pointing.

I'm suprised that someone has not put up a website that details - for each software product - user experiences with it - much like Consumer Reports does with it's annual auto survey where owners of the cars report the problems that they've had with those cars.

THEN.. consumers WOULD have the capability to make an informed decision.

Not that everyone would. Just like with Consumers Reports - there are cars with really bad realiability scores that some people will still buy because they like its' "looks" but others would be helped.

Posted by: Larry Gross | March 22, 2006 4:17 AM | Report abuse

Larry,

Of course software companies test with common configurations.

How many configurations can you reasonably expect them to test?

There are essentially 5 operating systems in popular use. Each one has a number of different major upgrades that change how they handle different program components.

There are 3 major antivirus companies, a multitude of productivity suites, QuickBooks or Quicken, Tax software, Internet browsers, in short, at least three products for your computer for any situation or program type that is imaginable.

It is ridiculous to compare a Personal Computer to a car. No, I take that back. The physical computer is the car. The CPU is the engine, the hard drive the seats, the RAM the tires. Your operating system is the person controlling the car. With all of the unique motivations and experiences that effect how that person acts and responds to situations and events.

Actually Larry, I think you already proved that to yourself. Do you really think that you are the first person to think up a great idea like having a forum for customers to discuss product issues?

Use your google!

Posted by: Dave | March 22, 2006 11:45 AM | Report abuse

I recently upgraded to the Norton 2006 System works from the 2005 version. After having many years of problems when installing, this year, unbelievably, no install problems. In addition ,SYMANTEC ALSO PROVIDED A "FREE" 2006 INTERNET SECURITY disc. Since I already have 3 different adware and bug removal programs (which I paid for) and MS premium service, I really did't think I needed any more protection. After calling Symantec,(to see if this was necessary) I waited over 1 hour, after literally 4 different voicemail programs finally directed me to someone in INDIA!!! After having much difficuly understanding him, he stated it WAS necessary to install this internet security disc even though I already had other programs providing protection. After inserting the disc, it indicated a version of internet virus protection was already installed and I should delete this part of the Norton System works. After doing this, I realized I was completely vulnerable to any and all virus attacks and reinstalled the system works. (I threw away the "free"disc.) Norton provided the same antivirus on both discs even though the second disc was for internet security. After reading the installation booklet prior to any installation (And I CAN READ) NO WHERE DOES IT STATE THE SAME PROGRAM EXISTS ON BOTH DISCS AND ONE SHOULD BE REMOVED BEFORE INSTALLING THE OTHER!If I had listened to this "expert" I'd still be trying to remove the viruses and everything else that would have attacked the computor!

Posted by: Mel | March 22, 2006 12:52 PM | Report abuse

For a quality AV solution, look to ESET NOD32. NO I do not work for ESET.

For a firewall solution, I always recommend Tiny Firewall. It will be a nuisance at first to learn, but it works for the outside sales force on the road.

I jumped ship from the Nortons software in 2004, after I realized how embedded it was to the registry and how bloated it has become.

The difference has been like night and day, or another analogy would be discovering Citrix after using a VPN remote connection for two years.

Cheers. :)

Posted by: DOUGman | March 22, 2006 1:57 PM | Report abuse

The first question one has to ask is why in the world would a user ever need to add an Internet web site to their trusted websites list?

This is just more crapware from lazy programmers and companies failing to adequately test their software.

If the Kodak programmers knew how to write good software, users would be able to access their website with typical Internet web browser settings.

I am no fan of Kodak software. Their Easyshare software will not run under a simple Limited User Account (LUA). Again, more lazy programming from a bad software company.

Posted by: too many lazy programmers | March 22, 2006 2:00 PM | Report abuse

Way back in late 1999 when many felt that the year change to 2000 would produce chaos in the computer world I read about a program called "Go Back" by Wild Fire..Liked the principle involved so was purchased for about $25.00 ..The Sky did not fall..nor any other disasters strike...However it was one of my best & cheapest investements ever made..Am not particularly Computer savvy & this program which I still use, has come to my rescue innumerable times, both from lousy programs that would render the P.C. usless & the solution for which was beyond my comprehension, and for my own stupid mistakes..To one of the responders to this who inferred that as we age we become unable to understand things I would like to say that I am 83 yrs Young..Have 3 P.C.s
of various ages and m,anage to keep all 3 up and running without active technical assistance.. I do read quite a bit & heed sensible advice..TJH

Posted by: Thomas J Hegerich | March 22, 2006 3:43 PM | Report abuse

Considering Kodak's EasyShare is bundled with spyware, Do you really WANT that on your machine ? Get a CLUE! Your programs did exactly what you told them to do ( which was to protect your from spyware in this instance ). Why complain about your software doing exactly what you ASKED it to do ?

"And the users exclaimed with a jeer and a taunt 'Its just what we asked for ... but not what we want!' "

Posted by: J Perseo | March 23, 2006 9:40 AM | Report abuse

I recently downloaded the latest 'security fixes' for MS XP Pro SP1. When I next browsed the Internet, I began getting a mass of 'object expected' error notifications - including web sites that I built where there were no objects to be expected. I had experienced similar problems the one time I used SP2. Once I uninstalled the updates, everything worked fine. When I contacted them about this issue, I was directed to their 'self-help' FAQ's and newsgroups.
How is it we have evolved to having to spend valuable hours of our time researching and debugging software issues? Software applications are products. We spend our life's blood to earn the money to buy these products, and then are expected to spend more of our time sorting out problems that should be handled automatically by the supplier.
Does anyone else feel like it's time for a change?

Posted by: G Coghill | March 23, 2006 10:37 AM | Report abuse

The world is divided into two classes of people:

those who have even the foggiest idea what

"For a quality AV solution, look to ESET NOD32. . . . I jumped ship from the Nortons software in 2004, after I realized how embedded it was to the registry and how bloated it has become. The difference has been like night and day, or another analogy would be discovering Citrix after using a VPN remote connection for two years."

means and those who don't.

When I buy a car, I expect the dealer or a repair shop to be able to fix it--and usually that's the case. When I buy a television set, same thing.

But for some reason--according to some people--when I buy a computer (a relatively expensive item) whose software and applications are constantly changed, revised, and updated by the companies that created them, I'm expected to acquire, miraculously and overnight, all the knowledge and expertise and technical know-how to solve whatever problem comes up.

Too difficult for the company's so-called service person on the telephone to figure out what I need? Isn't that what I'm paying for? I'm not stupid. Ask me some questions, and I'll answer them. Walk me through a procedure, and I'll follow you.

When more and more members of the second class of people referred to above find it impossible to take care of their own computers even in simple matters and even if they've been using computers for 15 years in an era when more and more educated people are using them, isn't that an indication that something's wrong somewhere? I think so, and foolish, arrogant advice like C.Y.A. is useless. Must we all go to computer school if we want to remain among the ranks of the computer users?

Posted by: NG, DC | March 23, 2006 4:11 PM | Report abuse

Addressing some of "NG,DC" 's comments directly ...

Did you take Driver's Education ? Behind the wheel with an instructor ? What about the written exam ? All so you could get your driver's license ...

Hmmmm ... You probably also took a care care class, brought insurance and a Chilton's Manual too. You get your oil changed and fill the tank when you're running low. You also check the tire pressure and a plethora of other items associated with the car. You pay taxes on the car, inspection and license renewal.
You have to do all of that and more for the privlage of driving YOUR OWN CAR.

So, what is so difficult to comprehend when dealing with software on your PC ? Did you open that booklet that came with the software or just throw it out with the box ? Did you check the web site for updates and information ? Did you use a search engine to help you find out more about your product like tips and tricks to make it easier to use instead of just 'break / fix' work. Did you do any homework BEFORE buying the software ?

All of the above applies to the purchase of hardware as well as software. Take responsibility instead of pushing it off as "software companies playing CYA". When you own something (Car, PC, TV, Cell Phone, Etc), You are required sometimes by law and often by society to take responsibility for your own actions and inactions. I am not disagreeing with you when I say that companies need to take responsibility for what they put out and make available for sale or bundle, However, You must realize your role in this as well.

If something has a problem with it that you cannot live with, DON'T BUY IT. Write e-mails, send faxes, whatever floats your boat saying that you don't want something that is infested with spyware ... or whatever your particular gripe is about the product. You would be surprised how many companies WILL Respond to the above suggestions. On occasion, will even compensate you.

Posted by: RL and JP | March 23, 2006 7:15 PM | Report abuse

re: " Of course software companies test with common configurations.

How many configurations can you reasonably expect them to test?"

Computer configurations can seem much more complicated than autos but I would not compare operating an auto with it's manufactured configuration.

The term "aftermarket" is used with respect to installation of 3rd party automobile equipment and accompanying almost every product is a list of configurations that the aftermarket product has been designed .. and certified to "fit" and function.

And actually, if one goes into an auto part store - the very first thing they ask you is your auto name, model, engine, etc because that is what the counter guy needs to find the correct part for your car. This applies to even simple things like filters which you can prove to yourself when you go into WalMart. A thick book - that you need to navigate to find the proper filter for your car.

Do you think all of those different kinds of filters were just created out of whole cloth? No. Of course not. Each ONE .. WAS designed and tested explicitly BEFORE that product was put on the market.

And guess what. If you can't find your car's configuration in that thick book - it means that there is NO filter available.

You may not like the fact that they don't manufacture a filter for your car but at least they are telling you up front that they don't and that if you choose to try to use another one - it's YOUR problem - as it should be.

AND - the manufacturer of that filter is subject to a warranty about the functionality of that filter for your car. In other words, if you buy the filter that they say fits your car and the filter fails to perform and, in fact, ends up harming your car - they are subject to compensation for the damage.

Yes.. the are LOTs and lots of computer configurations but at the very least, the
manufacturers of products for them have a direct responsibility to inform the consumer about the applicability of the product with respect to fit and function.

In other words, if they have not tested the configuration then say so - and then let the consumer decide if they want to take the risk.

Instead, what companies do - is say that you need a particular OS with a certain amount of disk space and that's about it.

I use Norton AV and I now have major regrets because it has altered my system in so many ways that are not beneficial and worse - uninstalling it has it's own risks because the folks that designed it - did not provide a clean way to uninstall it.

For months, I have suffered from an executable called msmsgs.exe which has disrupted my system, slowed it down and, in general rained havoc and run rampant ... because some genius at Norton decided to have it installed with the rest of the product - with no warning and no words on what it did and why or how to disable it.

Yes.. I DID find the answer with GOOGLE after I searched in vain on Norton's website for words of advice. Norton's website was a black hole with respect to this nuisance that they put on my machine.

So to end this... what if car parts were done the same way that computer sofware "parts" are now done?

Well.. you'd have a ton of crippled autos that didn't work right... which is.. exactly what we have in the computer world.

Computer Software companies want to create and sell products on the cheap without performing due diligence with respect to their products. This might have been acceptable with the dawn of PCs.. much like autos when they were first manufactured but its no longer acceptable.

Posted by: Larry Gross | March 24, 2006 5:02 AM | Report abuse

If ever an Isp or anyone tells me disable scurity I will broadcast it on the internet hoping no one will use their product. It is that simple.

Another thing to keep in mind is the word SHARE A five letter word on the WWW I avoid this word entirely
But it is up to you.

There is nothing wrong with using a wire to place pictures on your computer, then placing them onto a CD for safe keeping.

Total cost would be less $100, about thirty minutes for the work, and you save yourself hassles of re-installing your computer.

TNT
PQ

Posted by: Paul Q | May 25, 2006 10:18 AM | Report abuse

There is a wider concept to be considered. In our sometimes paranoid sesrch for security of data, we are rendering business impossible. Despite a nationa l feear of things foreign, there are still companies that do business overseas, and data transfer has become almost impossible, thanks to the probably well intentioned, but dismally inefficient Sarbanes Oxley act, and the general unreliability of internet service - both in the USA and overseas. Power outages during a download can not only cause frustration and data loss, but destroy the computer functionality. Try using corporate or software provider help from outside the USA. Even a company with good IT credentials seems unable to remember who is on the other end of a VPN and keeps demanding confirmation during web use.
Please remember that the rest of the world not only exists, but that people work there.

Posted by: IanH | July 11, 2006 2:42 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company