5 Replies Latest reply on Feb 23, 2010 1:39 PM by sameer172006

    Speak out everyone! This product needs a solid review.

      I have held back commenting here simply because Id lost all faith.

       

      I cannot begin to express how many hours I have spent following all the correct procedures with my concerns, including a telephone conferece with product management and I stand by most of my issues.

       

      I believe more time is being spent adding new gimmicks that are probably just as badly thought out. So I hold little hope, if any, of McAfee having the will to sit and look  at what they have done badly, or wrongly and FIXING IT.

       

      I also understand from support that this product is developed in several locations. I cannot confirm this, but if that is the case then maybe they need to get people together and start looking at what is wrong here.

       

      Here is a start

       

      - The firewall functionality in the TOPS security center is abhorrent.

       

           - No execution path noted for "unrecognised programs". Seriously - how can an engineer make any informed decision on whether to block or allow , or investigate a program simply based on the image name it reports? I raised this a year ago, and still nothing. Dont they realise that MALWARE can report any image name it wants and look like a valid program?

           -The firewall also blocks on footprint analysis - so every time a program updates, it can be blocked. There is no way of controlling this. And this was never explained in any documentation. It was a nightmare trying to work out what the hell was going on until I almost screamed at support and eventually someone told me.

           - The unrecognised programs report is a complete joke. Its a cumbersome list of garbage programs that mcafee think I might want to know about to add to another policy "one day"

           - There are prorams in the unrecognised programs report that are in ALL policies and still get reported (probably due to the footprint issue, god only knows)

           - The actual firewall policies themselves often contain programs (again NO EXECUTION PATH PROVIDED) that are NOT blocked (ie they are functional), maybe due to the whitelist mcafee uses, but how do I know that when it telss me is it BLOCKED and ISNT?

           - If you have several policies, then each policy contains all the other programs from all the other policies as well. I DONT WANT TO SEE PROGRAMS ACCEPTED IN ONE POLICY THAT HAVE NEVER BEEN INSTALLED IN ANOTHER LAPTOP UNDER A DIFFERENT POLICY AND GROUP. THis is ridiculous and unmanageable. Each policy is different computers, what are they doing reporting programs blocked that DO NOT EVEN EXIST ON THE LAPTOPS in another policy and GROUP!!!

           - You cannot remove programs from the firewall policy - so what do you end up with? A huge list of historical prgrams from multiple policies.

       

       

      AND I HAVE PLENTY OF OTHER STORIES!!!!

       

      In fact - Im exhausted already and simply dont want to get involved in this anymore. If I see some feedback from users here and there is collective agreement then I will reconsider my position on this and contribute my thoughts.

       

      There is safety in mumbers, so PLEASE EVERYONE SPEAK OUT.

       

      Can I also add that I was crying out for a public forum on this product over a year ago.

        • 1. Re: Speak out everyone! This product needs a solid review.

          Argint,

           

           

          I am delighted to see people coming up and being vociferous about things that need to be set right at the earliest. This only goes to show that McAfee has a great and a loyal market share and we the users want McAfee to set things right.

           

          I have already listed out a couple of ideas /suggestions in my earlier posts. The thing with ToPS is , It is a promising product but has ended up being nothing more than a flash in the pan. We need to be together here and form a collective feedback/product enhancement request and make sure that it goes in to the right hands.

           

          With all the brouhaha about the cloud computing and Saas, It is high time McAfee starst respecting its customers and starts taking serious strides in its product development. I completely agree with your feedback on the firewall. it is a request to have all the queries/problems/suggestions to be brought together under this string.

           

          Lets keep updating this discussion with our issues and suggestions pertaining to ToPS and let see where it takes us this time...  !!!

           

           

          Sameer !

          • 2. Re: Speak out everyone! This product needs a solid review.

            Hi Sameer,

             

            This is exactly why I was wanting a public forum. I too had very high hopes of this product. Its a great idea and we are a perfect target audience. However I get the feeling that they are making bad assumptions about the technical proficiency and knowledge of their userbase. Being a small company does not mean we should be less concerned or knowledgable about what this product is meant to do.

             

            My background is software development so I can almost imagine the pressures to get stuff out the door, with split site development, poor coordination. I dunno - perhaps they are all just demoralised and dont care anymore. It does happen, and Ive been there.

             

            I would be prepared to start by focussing on one issue at a time. I would start with this badly hought out, badly implemented, and possibly dangerous firewall functionality. Then we can move on if the effort seems to be worth it.

             

            The focus is on the security center. Perhaps the actual firewall itself is top of the range but the usability is utterly appalling from the security center as an adminisrator.

             

            In fact, I have already suggested several times to McAfee it could even be dangerous in its current form. Obviously got no technically valid reply to that one!!!!

             

            I do not wish to get involved with McAfee at this moment due to the dreadful experience I had when I was dealing with all levels of their support structure in the past. You will get talked over, talked around, your valid concerns will not receive an admission and you will be shoved back in to the system again. And I am too busy to allow myself to get angry again.

             

            For this to be effective (if thats possible) we would need to present detailed arguments. We would need to prioritise the concerns starting with the most obvious flaws down to usability concerns and general suggestions for improvement coming from real-world users.

             

            Im not promising anything, but depending what I start to read on this forum, I could get involved again. We are currently setting up our server structure that will allow us to dump this product, but I am prepared to see what comes of it here.

             

            Argint.

            • 3. Re: Speak out everyone! This product needs a solid review.

              Well?! lol. anyone wanna make a start on laying out whats wrong in a rational, technical, and constructive way?

              We agree its a great idea, so can we give some real-world feedback to see if we can improve it?

               

              The firewall is the most obvious choice as I see it. As its the most obviously wrong part in the security center.

               

              Any input Sameer?

               

              Or is the forum a flash in the pan too!!

               

              Argint

              • 4. Re: Speak out everyone! This product needs a solid review.

                Ok, Ill start!

                 

                1. I administrate our 34 nodes. My current feeling towards the firewall functionality is one of uncertainty and slight dread. Our laptops are on the move, users scream if things dont work. The firewall doesnt help me make decisions. This is my experience after 2 years using this product.

                 

                2. At a fundamental level, from the security center, I will ask openly off any security engineer: "Would you make a decision on the nature of an unrecognised program based on image name alone?" This is all the security center tells me. I will accept I am wrong if you can prove me to be so. I do not believe I am. The execution path at a bare minimum should be available to me in the security center to make some sort of judgement as to the validity of a firewall blocked program. This is very basic. It would at least allow me to locate the program. This information is available in the console when you manage the firewall from the client end. Why not in the security center? This is so fundamental, and Ive never received a valid answer.

                 

                3. Since that information is not available, I suggest the functionality is possibly dangerous as it is asking you to make judgements under pressure. If I click Allow, it could be Malware. Simple as that. As I have no execution path, how am I supposed to locate this program? Do a full search of a harddrive? No thanks! Aint gonna happen.

                 

                4. The Unrecognised Programs report provides me with a never ending list of image names that could be in all of my policies, or some, or none. This is hellish to work with. I even see Total Protection Service elements in that list, all the time!!! All the Microsoft Office programs constantly appear in this list. There is no sanity here!! In a busy environment it leads to an empty feeling in my gut.

                 

                5. The product should be doing all the work for me. Not me doing all the work to deduce what the hell is going on. The information is available. It is simply being presented in an ultimately unusable way. When I open that report, I expect to see what it says. Unrecognised programs. ie. "Here is a program thats not in a policy. Do you recognise it?" If so, the Allow. If not, then Block and give me information to go and find it. ie execution path at least to start with. Then, that program should disappear from that list until it is executed on anoth machine that it is not recognised in, but not until that moment. I dont want it sitting there in a list because McAfee think I might want to add it to a policy some other time. This is plain silly!!!!!!

                 

                6. If it is unrecognised because of a footprint (ie update) Then Tell Me That, feed me information, put it in a different list, but give me the information to make decisions, dont just give me a never ending list of image names that confuse me, or I give up all hope on.

                 

                7. There must be some sort of issue about the McAfee whitelist. Common programs that function on the laptops are registered as blocked when you go to the actual list of programs in the firewall itself. Again, more confusion, more doubt, more fear.

                 

                8. In the actual firewall policies themselves there are hundreds of image names. No execution path. No information. You presently cannot even sort the column on blocked or allowed status, so you have to scroll thru them. More confusion, more fear, more doubt.

                 

                9. Even if the blocked programs had a different colour that would be a start, how long would that take an ASP developer to do??? More confusion.

                 

                10. You cannot delete from the firewall allowed application list. We now have hundreds of image names accumulated over time. Unmanageable. More fear, more doubt, more worry.

                 

                11. Each policy contains the image name from all other policies. Nightmare!! We have different laptops with different applications. We separate them in to groups, and after all that, all programs from all policies appear in all other policies!!! More confusion, more fear, more doubt.

                 

                12.  Can no-one out there see that over a period of time, we just end up with a great load of image names and no sanity, no ability to make sane judgements and general despair from day to day.

                 

                13. I was a developer for years. I know this is all fixable, so why all these ajaxy widgety type gimmicks??? get the basics right first and the rest will follow. Go back and review this. Show me you care McAfee!!

                 

                That will do for now.

                 

                Argint.

                • 5. Re: Speak out everyone! This product needs a solid review.

                  Argint,

                   

                   

                  Sorry for the delay in response.

                   

                  I have been having some issues with the Internet acting crazy all the time. Its not fine yet . Arrghhh !!!!

                   

                  I completely agree with you on the Firewall issues. Also, I have observed that due to some peculiar reason that I am unaware of, The ToPS firewall keeps blocking the apps that I allow. For example, If I want the VMware workstation and all its services to be allowed, It keeps asking me again and again. That is more than enough to **** me off for starters ! Memory lapse eh ?

                   

                  The firewall component itself is mediocre to say the least. I mean, I have used McAfee Host Intrusion Prevention and firewalls from other software. You can see the active component keeping a watch on the network traffic if you go into the IPV4 settings and you would see a firewall filter there. Nothing of that sort here. This firewall I believe is just the same component of the firewall found in Home user's software and can be disabled or compromised easily !

                   

                  Moving on to the Virus Scan Option :-

                   

                  1} The On Access Scanner or the Virus and Spyware Component of ToPS has this nasty habit of shutting itself off quite a few times due to reasons only known to the software or the developer. Now the most disheartening feature is that, the service is not configured to take any action on its failure. Yes, You read it right. You would have to manually set it to restart the services immediately or just keep looking at the McAfee console which says you are at risk. Help me Jesus !!!

                   

                   

                  2} Even a school student would know that if he/she has to fiddle around with the comp and its settings, They just have to disable the AV. The McAfee's main scanning component (mcshield.exe) can be stooped by going in to the Services tab or even from the Task manager. McAfee's ToPS can't even protect itself from being terminated. No wonder, Any malware can easily spread its roots in to a system with ToPS by just disabling it.

                   

                  3} There should be a way to lock down the settings in ToPS as well. Even the Home User's Total protection 2010 will not let you stop mcshield.exe so easily let alone tweaking its settings. I wonder what made the developers to just ignore this very important feature.

                   

                  4} I have told it time and again. With the current influx of new variants and dangerous malware in the wild, the customers should have a greater leverage to decide what kind of heuristic sensitivity is good for them. There is no easy way to set the Artemis sensitivity level either from the console or from the Security centre. McAfee by default sets it to very low. It is as good as not having it at all. In my earlier posts, I did talk about a painful method of changing the Artemis settings using regedit.exe.

                   

                  5} ToPS does not clean cookies in the Real time Scans. Unlike VSE. You run an On demand scan and the only detection you will see is that of cookies. I am not interested in knowing how many cookies were there in my comp. For god's sake, Do not keep the cookies in my system untill I run an on demand scan. Please take care of it real time and get me a clean report if my system is clean and do not show me 30 detections and scare the living day lights out of me and then laugh out loud at my face by showing how many cookies you deleted !!!

                   

                  6} You cannot run an On demand Scan by just right clicking on the tray icon. Come on McAfee !!! All your products have that option. Why do I have to open the console just to run a scan. Now that I have the Console open, You do not want to give me the update option. I have to close the console and only then try an update. Why cant you just let the update happen without nagging me to close the already open window ???

                   

                  7} If I try and submit a sample from the Quarantinbe viewer, I can't. I wonder why. Some one wants to help me understand ???

                   

                  I have listed out other features as per my understanding of them. Take out a little friends and lets try and let McAfee know where they are lacking and help McAfee help itself !!!