The Only Thing Worse Than Viruses…

Our CTO once said:

“The only thing worse than viruses — is virus protection software. And the only thing worse than virus protection software — is free virus protection software.”

So true. The most frustrating bug reports we get at Newsvine are the seemingly random ones. We’ll get a cluster of reports from people who all of a sudden can’t vote, can’t comment, or can’t perform some other necessary function. And none of the bug reporters seem to share common characteristics like what browser they are using, what proxy they are behind, or anything else. On more than one occasion, the common thread has turned out to be that they had a certain anti-virus or “internet security” product installed on their machine. The havoc that some of these programs wreak on HTML, javascript, and general HTTP connections is astounding to me sometimes.

I remember one instance where one of our image calls was to a file called “poke.gif?ad=whatever”. The image was not a decorative element but a functional element which was necessary for dealing with our transactional logs. It took days to figure out that the mere use of the word “ad” caused Norton to block the request completely. If we changed the word “ad” to “glad” the problem was solved. And even more paradoxically, if you just put an ampersand in front of the word “ad”, that also solved the problem. Simply maddening, although it was a frustrating enough episode to at least plant a little bug in all of our heads about virus “protection” software: if you’re trying to squash a bug that seems illogical or isn’t easily reproducible, always consider that it could be because of a user’s security software.

Last night, I was trying to debug a problem with Newsvine’s new commenting system with a user who was having issues, and it turns out he is using “CA Internet Security Suite” which came free with his RoadRunner broadband service. I downloaded this thing and installed it into my Windows XP instance running inside of VMWare Fusion.

Oh my god is this software bad. The first thing it does after it installs itself is to run a scan on my system. It then gives me an extremely alarmist dialog box telling me my system has been “infected with 36 instances of spyware”. It lists the spyware inside the dialog box. All 36 pieces of “spyware” are actually just harmless (and functional) cookies from places like Newsvine and AT&T. Just for kicks, I hit “Remove” and of course it prompts me to spend $70 for the full version just so it can clear my cookies. Brilliant.

So then I open up a web browser and I notice that the CA software is now checking every single server call the browser makes against its database of “safe” and “unsafe” sites, slowing the browsing experience down to a crawl.

And then, just for kicks, I try to visit my Newsvine page at http://mike.newsvine.com, and here’s the dialog box I get:

Blocked from my own site! Because it’s a “dating site”! Ridiculous.

We haven’t resolved our problem yet with the commenting system, but something tells me it has something to do with this stuff.

Having used a Mac for the last 24 years, I’ve just never really had to use anti-virus software. It’s a rude awakening seeing how the other half lives, in this case. If I used Windows on a daily basis, I think I’d opt not to use anti-virus software at all and instead set up automatic restore points once or twice a week. VMWare Fusion lets you do restore points automatically which is really nice. If I happen to contract a virus one day, I can just roll my machine back a few days and get rid of it.

Much better than having the Norton/CA gestapo stomping on my face every time I try to make a simple HTTP call.