Minor Antivirus Issues

It's almost too minor to mention, but at work we see it fairly often. Somebody has a Windows Server product like '08 and they can't install some recent Windows Updates. Rather than even try to Google the KB number, they call in (I'm like a cop that assumes everybody's a crook after dealing with crooks daily for 20 years - only the real dummies call in with this one. Most customers can handle it themselves) and complain that the updates won't load. This of course isn't even a Windows issue. The one I'm talking about is the issue which one discovers the second one springs into action and actually Googles the KB number.

If the KB numbers that come back from the update complaint are found to be recent security updates, check and see if the operator is running a popular antivirus product like McAfee. If so, turn the agent to STOP, do all the Windows Update permutations (downloading, installing and multiple rebooting for config passes) and then turn the agent to START. You are the hero.

[My completely unproven explanation for why the KB'z won't load is that the agent sees strings of quotes of bad code, trojans, etc. in the updates, in the act of being described to the OS so it knows what to ignore. McAfee and similar companies then eventually must engineer a way to keep the agent from thinking these strings are infections rather than just descriptions. MS probably would not want to publish how it has updates tell the OS what to ignore, for obvious reasons.]

Here's the interesting part: what enables you to fix the issue here is the ability to turn the antivirus agent off. According to one theory one shouldn't build into the agent any ability to turn off, since that gui (or control of any kind) might be exploitable. By such theory, you should build the agent like ESET Nod32 does it - without any kind of "off" control. This not only removes the danger of outside intervention but keeps the agent running through the next bootup so as to catch boot viruses. Nod32 does indeed give a temporary turnoff control that operates "until next boot", which however I suspect isn't totally off, since you want to catch boot nasties coming back around. Great. But...

I ran into the Windows Security Update KB 2345245345345whatever issue - on a machine with Nod32 on it. Solution: uninstall the A/V, do the updates and reboots, then reinstall the A/V. It was the only way - and I do not fault ESET for this, since the safety is worth the extra trouble.

Just make sure the owner of the box you're working on is buying the Mai Tais. The world is still full of people that can't even handle Windows Update with NO complications, although that thing's been around for, what, 25 years?