Ver. 1.0.614 Definition Update Problems

  • Thread starter Thread starter John Gruener
  • Start date Start date
John - Steve is unavailable for awhile, so I'll reply--you can decide
whether to wait or not.

I'd recommend doing the manual replacement fix. I believe that should
resolve the issue, and that future updates should then work normally.

It'd be especially interesting if you could grab the def files for 5729 and
put them in, 'cause you could then see whether an update to 5731 worked.



--

John Gruener said:
Steve,

I was running 1.0.509, then updated to 1.0.613 for one
day, then 1.0.614.

Just after today's "downgrade" occurred I checked the
files. The two files (gcThreatAuditThreatData.gcd and
gcDeterminationData.gcd) are indeed 5727 files, dated 6-26-
05, with the sizes corresponding to 5727 as listed here:
http://support.microsoft.com/default.aspx?scid=kb;en-
us;892519

I then did the "File - Check for updates" and it said it
was updating to 5731, but the only file that was updated
was gcUserData.gcd. The DeterminationData and ThreatData
files are still 5727, even though "Help - About" says I've
got 5731.

I disabled my Anti-Virus (McAfee) and software firewall
(ZoneAlarm) with the same results.

I'm running Windows 2000 SP4 and IE 6.0 SP1, with all
critical updates applied. No proxy server. This worked OK
in previous versions, and I've made no changes to
connectivity in many months.

Of course I could manually download the files and replace
them, but this would not help Microsoft diagnose the
problem. Let me know what you'd like me to try.

- John
(e-mail address removed) (remove the 2 'z's)

-----Original Message-----
While we are investigating, I am looking for the following:

1) What build you were running before upgrading to 614.
2) Does the problem go away if you uninstall and re- install build 614.

I would like to have a few people try the uninstall and re-install and let
me know if that is working for them.

--
-steve

Steve Dodson [MSFT]
MCSE, CISSP
PSS Security
http://blogs.technet.com/stevedod
--

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.
Microsoft is aware of this issue and interested in your experience.

When you mention that the defs are downgraded--have you in fact looked at
the dates and sizes of the def files and observed whether they change? My
own guess is that the upgrade is, in fact, failing, rather than a
downgrade occurring.

--


In case it's not clear from all the postings on this
issue, there is definitely a problem with the definition
updates.

After manually updating from 5727 to 5729, the next day
the automatic update says that an update is available (I
have the "Apply new updates without interrupting me"
option unchecked). I click yes to tell it to update, and
it downgrades the definitions to 5727.

I then manually update (File - Check for updates) and it
updates to 5729 again. In fact even after 5729 is
installed, each time I check for updates it
says "Upgrading definitions version 5727 to version 5729".
This occurs even after a reboot.

Next day I'm again notified that an update is available,
and it again downgrades the definitions to 5727.

I see this same problem on several machines, running
Windows XP SP2 and Windows 2000 SP4.

It would be helpful to know if anyone at Microsoft is
aware of this problem and is working on it.

- John
Click to expand...


.
Click to expand...
Click to expand...
 
That's what I did and it seems to be fine ("About" = .GCD Files)
The GCD's do not match any of the files listed in the KB, which tops out at 5729, so I
assume that these must be 5731 files.

--
Regards;
Rob
------------------------------------------------------------------------
I'd recommend using the fix of manually replacing the definition files.
Click to expand...

<snip some more>
 
My current understanding of the issue is that it is a server-side issue,
and that Microsoft is working on it. However, I'm not sure whether
resolving the server issues fixes a machine which has already "stuck."

I'd recommend using the fix of manually replacing the definition files.
Click to expand...

I wouldn't be so sure, that this is the server-side problem. Why? I have
observed on the system I use to test MSAS (my home computer, XP HE SP2
Polish), that after such unsuccessful update the process called
GIANTAntiSpywareUpdater.exe remains in memory. Just like it haven't
finished his job (what actually happens).
However before any action, other observations of such behavior should take
place on other computers and by other users, I think.
 
"error 1328.error applying patch to file
C:\Config.Msi\PT1D3.tmp. It has probably been updated by
other means, and can no longer be modified by this
patch. For more information contact your patch vendor."

Here it is. I am on 1.0.613 and it keeps looping every
few days. XP professional with IE latest and Firefox and
Yahoo browsers. Mcafee 6.0 firewall and AV.
 
We have no information about what might be wrong with 613. Personally, if
613 isn't behaving (it did, for me)--I'd uninstall it, delete the
installation folder and all subfolders and files (losing quarantine and
settings in the process) and reinstall 614 from scratch.
 
Bill,

I downloaded the files from download.spynet.com, but these
are larger than 5729, so I assume they are 5731 (which are
still not posted in the KB article). I don't know how to
find older versions. If you can tell me where to get them
I'll try it.

Meanwhile I went ahead and saved off the 5729 files
(all .GCDs) and copied the 3 downloaded files to the
program directory. That was yesterday. So far no repeated
automatic "downgrades".

While this may solve my problem, there is the issue of
tens of thousands of folks who are not savvy enough to do
this, so it would seem Microsoft needs to find a fix to
force this update.

Since I saved the 5729 files, I should be able to
reproduce the problem.

- John

-----Original Message-----
John - Steve is unavailable for awhile, so I'll reply-- you can decide
whether to wait or not.

I'd recommend doing the manual replacement fix. I believe that should
resolve the issue, and that future updates should then work normally.

It'd be especially interesting if you could grab the def files for 5729 and
put them in, 'cause you could then see whether an update to 5731 worked.



--

Steve,

I was running 1.0.509, then updated to 1.0.613 for one
day, then 1.0.614.

Just after today's "downgrade" occurred I checked the
files. The two files (gcThreatAuditThreatData.gcd and
gcDeterminationData.gcd) are indeed 5727 files, dated 6- 26-
05, with the sizes corresponding to 5727 as listed here:
http://support.microsoft.com/default.aspx?scid=kb;en- us;892519

I then did the "File - Check for updates" and it said it
was updating to 5731, but the only file that was updated
was gcUserData.gcd. The DeterminationData and ThreatData
files are still 5727, even though "Help - About" says I've
got 5731.

I disabled my Anti-Virus (McAfee) and software firewall
(ZoneAlarm) with the same results.

I'm running Windows 2000 SP4 and IE 6.0 SP1, with all
critical updates applied. No proxy server. This worked OK
in previous versions, and I've made no changes to
connectivity in many months.

Of course I could manually download the files and replace
them, but this would not help Microsoft diagnose the
problem. Let me know what you'd like me to try.

- John
(e-mail address removed) (remove the 2 'z's)

-----Original Message-----
While we are investigating, I am looking for the following:

1) What build you were running before upgrading to 614.
2) Does the problem go away if you uninstall and re- install build 614.

I would like to have a few people try the uninstall and re-install and let
me know if that is working for them.

--
-steve

Steve Dodson [MSFT]
MCSE, CISSP
PSS Security
http://blogs.technet.com/stevedod
--

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.
t. com...
Microsoft is aware of this issue and interested in your experience.

When you mention that the defs are downgraded--have you in fact looked at
the dates and sizes of the def files and observed whether they change? My
own guess is that the upgrade is, in fact, failing, rather than a
downgrade occurring.

--


In case it's not clear from all the postings on this
issue, there is definitely a problem with the definition
updates.

After manually updating from 5727 to 5729, the next day
the automatic update says that an update is available (I
have the "Apply new updates without interrupting me"
option unchecked). I click yes to tell it to update, and
it downgrades the definitions to 5727.

I then manually update (File - Check for updates) and it
updates to 5729 again. In fact even after 5729 is
installed, each time I check for updates it
says "Upgrading definitions version 5727 to version 5729".
This occurs even after a reboot.

Next day I'm again notified that an update is available,
and it again downgrades the definitions to 5727.

I see this same problem on several machines, running
Windows XP SP2 and Windows 2000 SP4.

It would be helpful to know if anyone at Microsoft is
aware of this problem and is working on it.

- John






.
Click to expand...
Click to expand...


.
Click to expand...
 
If you now do a File, check for update--does it proceed normally? You could
wait until a new def set is available and find out whether in fact you get
an update--but just verifying that it doesn't attempt an update now would be
useful.

I don't know now many people are seeing this issue--but I don't think it is
10's of thousands--judging by the traffic here. I know that I have not yet
seen it first hand on the 3 dozen or so machines I work with regularly, but
then I'm on vacation and not looking too closely--but this issue broke
before I left home.

For most but not all users, simply replacing the definition set with one
which gets properly installed--via this manual process--should fix the
problem--they don't need new code.

--

John Gruener said:
Bill,

I downloaded the files from download.spynet.com, but these
are larger than 5729, so I assume they are 5731 (which are
still not posted in the KB article). I don't know how to
find older versions. If you can tell me where to get them
I'll try it.

Meanwhile I went ahead and saved off the 5729 files
(all .GCDs) and copied the 3 downloaded files to the
program directory. That was yesterday. So far no repeated
automatic "downgrades".

While this may solve my problem, there is the issue of
tens of thousands of folks who are not savvy enough to do
this, so it would seem Microsoft needs to find a fix to
force this update.

Since I saved the 5729 files, I should be able to
reproduce the problem.

- John

-----Original Message-----
John - Steve is unavailable for awhile, so I'll reply-- you can decide
whether to wait or not.

I'd recommend doing the manual replacement fix. I believe that should
resolve the issue, and that future updates should then work normally.

It'd be especially interesting if you could grab the def files for 5729 and
put them in, 'cause you could then see whether an update to 5731 worked.



--

Steve,

I was running 1.0.509, then updated to 1.0.613 for one
day, then 1.0.614.

Just after today's "downgrade" occurred I checked the
files. The two files (gcThreatAuditThreatData.gcd and
gcDeterminationData.gcd) are indeed 5727 files, dated 6- 26-
05, with the sizes corresponding to 5727 as listed here:
http://support.microsoft.com/default.aspx?scid=kb;en- us;892519

I then did the "File - Check for updates" and it said it
was updating to 5731, but the only file that was updated
was gcUserData.gcd. The DeterminationData and ThreatData
files are still 5727, even though "Help - About" says I've
got 5731.

I disabled my Anti-Virus (McAfee) and software firewall
(ZoneAlarm) with the same results.

I'm running Windows 2000 SP4 and IE 6.0 SP1, with all
critical updates applied. No proxy server. This worked OK
in previous versions, and I've made no changes to
connectivity in many months.

Of course I could manually download the files and replace
them, but this would not help Microsoft diagnose the
problem. Let me know what you'd like me to try.

- John
(e-mail address removed) (remove the 2 'z's)


-----Original Message-----
While we are investigating, I am looking for the following:

1) What build you were running before upgrading to 614.
2) Does the problem go away if you uninstall and re- install build 614.

I would like to have a few people try the uninstall and re-install and let
me know if that is working for them.

--
-steve

Steve Dodson [MSFT]
MCSE, CISSP
PSS Security
http://blogs.technet.com/stevedod
--

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.
t. com...
Microsoft is aware of this issue and interested in your experience.

When you mention that the defs are downgraded--have you in fact looked at
the dates and sizes of the def files and observed whether they change? My
own guess is that the upgrade is, in fact, failing, rather than a
downgrade occurring.

--


In case it's not clear from all the postings on this
issue, there is definitely a problem with the definition
updates.

After manually updating from 5727 to 5729, the next day
the automatic update says that an update is available (I
have the "Apply new updates without interrupting me"
option unchecked). I click yes to tell it to update, and
it downgrades the definitions to 5727.

I then manually update (File - Check for updates) and it
updates to 5729 again. In fact even after 5729 is
installed, each time I check for updates it
says "Upgrading definitions version 5727 to version 5729".
This occurs even after a reboot.

Next day I'm again notified that an update is available,
and it again downgrades the definitions to 5727.

I see this same problem on several machines, running
Windows XP SP2 and Windows 2000 SP4.

It would be helpful to know if anyone at Microsoft is
aware of this problem and is working on it.

- John






.
Click to expand...


.
Click to expand...
Click to expand...
 
If you now do a File, check for update--does it proceed normally? You could
wait until a new def set is available and find out whether in fact you get
an update--but just verifying that it doesn't attempt an update now would be
useful.
Click to expand...

As explained in Case #1 below, this did NOT fix the
problem.
I don't know now many people are seeing this issue--but I don't think it is
10's of thousands--judging by the traffic here. I know that I have not yet
seen it first hand on the 3 dozen or so machines I work with regularly, but
then I'm on vacation and not looking too closely--but this issue broke
before I left home.
Click to expand...

The numbers would have to be based on the number of
installations, and I have no idea how many there are. I'd
have to assume at least a million by now. From my
observations of just the 5 cases outlined below, I'd have
to guess at least half are experiencing some kind of
update problem. So I'm revising my estimate from tens of
thousands to hundreds of thousands.

There are perhaps several reasons for little traffic on
this. First, this appears to be a new problem with 613 and
614. Second, In perhaps many cases with 509 installed (as
in Case #5 below) there is no notification of a newer
update, so the definitions are continuing to be updated
correctly by 509. Third, less than one in a thousand
normal users will even notice or be aware that the
definitions are not correctly updating. Of those that do,
perhaps 90 percent will assume that it will probably fix
itself. Of those that realize there may be a more serious
problem, only a very small number will take the time and
effort to get on this newsgroup and report the problem.

So that's perhaps one in 50,000 to 100,000 cases will
actually have been reported here so far, and I think we've
seen that many.
For most but not all users, simply replacing the definition set with one
which gets properly installed--via this manual process-- should fix the
problem--they don't need new code.
Click to expand...

Bill, although this is fine for testing to see if it
works, I cringe when I see it suggested as the final
solution. As explained, very few folks will notice the
problem, and very few will be savvy enough to manually
find and manually install the updates (if that even
works). The great majority of folks do not scrutinize
these things like you and I do, or know how to do these
things.

It is becoming clear these are code problems, and only
code fixes that automatically repair the problems should
be acceptable to Microsoft. If that becomes impossible,
then a very visible public notice should be issued by
Microsoft to all MSAS beta users to uninstall/reinstall a
new version that has been proven to fix the problems.

5 Cases
-------
I have looked closely now at 5 machines with MSAS on them.
Three are Windows XP SP2, and two are Windows 2000 SP4.
All are up to date with all hotfixes. In all cases except
#1, MSAS is set to auto-update without interrupting. On #1
(my own) I have it set to auto-update, but to interrupt.
In all 5 cases they are set to inform if new software is
available. Here are the results:

(In cases where 509 was still installed, the users had not
been clicking "Yes" to the software update pop-up, if they
got one).

Case #1 - Windows 2000 SP4
--------------------------
(My own, that we have been discussing in this thread). I
got a pop-up message that a new update was available. I
clicked "Yes" to install it. After the update, the display
said I still had 5731. I checked my files and indeed I
still had the 5731 files. The only file updated was as
before, gcUserData.gcd.

I then did "File, Check for updates". It then said it was
updating from 5731 to 5733. The display now says I have
5733, but again the 5731 files were not replaced. Every
time I click "Check for updates", it goes through the same
cycle, and no files are updated.

So, even though I have manually replaced the 5729 files
with 5731, the problem remains.

Case #2 - Windows XP SP2
------------------------
Displayed versions: 1.0.614, 5729 (07-09-2005 16:38:38).
Actual files: 5729 (06-24-2005). (The machine is left on
24/7). I did not attempt to manually update this.

Case #3 - Windows XP SP2
------------------------
Displayed versions: 1.0.509, 5731 (07-08-2005 10:18:52).
Actual files: 5733. MSAS was set to auto-update at system
startup. (The machine is shut down every evening.) As soon
as I started the program (by double-clicking the icon in
the system tray), the "Newer version available" pop-up
appeared. I ran the update and rebooted. Displayed
versions: 1.0.614, 5731. Actual files: 5733. After another
reboot it displayed 5733.

Case #4 - Windows XP SP2
------------------------
Exactly the same as #3, except when I started the program
no pop-up appeared. I ran "File - Check for updates" and
the "AutoUpdater Status" said that the most recent
definitions and software were already installed, but the
pop-up also appeared and said that a newer version was
available. I ran the update and rebooted. Displayed
versions: 1.0.614, 5733.

Case #5 - Windows 2000 SP2
--------------------------
Displayed versions: 1.0.509, 5733. Actual files: 5733. I
ran the program from the tray icon, but like #4 no pop-up
appeared. I then did "File - Check for updates", and
the "AutoUpdater Status" said that the most recent
definitions and software were already installed, but in
this case the "newer version" pop-up did NOT appear. I did
NOT update this by installing a downloaded 614.

Summary of the 5 Cases
----------------------
Case #1 - Proves that manually replacing the files does
not repair the update problem.

Case #2 - With 614 installed no definition updates are
automatically occurring.

Case #3 - With 509 installed it was auto-updating the
definitions, but my guess is that it will not auto-update
with 614 installed.

Case #4 - Something's wrong when "AutoUpdater Status" says
there is no update available, and at the same time a pop-
up appears that says there is. Also, since #3 immediately
popped-up the new version dialog, how come this one
didn't, and I had to click "Check for updates"?

Case #5 - Again with 509 installed the definitions were
updating, but there is no software pop-up message,
and "Check for updates" says there is none available. So
there is no way for the user to be aware of the 614 update
or to force it to update.

I have now spent many hours on this, both in testing and
to report the problems, and I am convinced the problems
are much larger than you appear to recognize. There is
clearly a problem with the definitions auto-update after
613/614 is installed, and other serious problems with the
software update from 509 to 614.

Hopefully Steve or some other Microsoft technician will
soon be taking a more serious look at this. Let me know if
I can be of any further help.

- John
 
John Gruener said:
As explained in Case #1 below, this did NOT fix the
problem.


The numbers would have to be based on the number of
installations, and I have no idea how many there are. I'd
have to assume at least a million by now. From my
observations of just the 5 cases outlined below, I'd have
to guess at least half are experiencing some kind of
update problem. So I'm revising my estimate from tens of
thousands to hundreds of thousands.

There are perhaps several reasons for little traffic on
this. First, this appears to be a new problem with 613 and
614. Second, In perhaps many cases with 509 installed (as
in Case #5 below) there is no notification of a newer
update, so the definitions are continuing to be updated
correctly by 509. Third, less than one in a thousand
normal users will even notice or be aware that the
definitions are not correctly updating. Of those that do,
perhaps 90 percent will assume that it will probably fix
itself. Of those that realize there may be a more serious
problem, only a very small number will take the time and
effort to get on this newsgroup and report the problem.

So that's perhaps one in 50,000 to 100,000 cases will
actually have been reported here so far, and I think we've
seen that many.


Bill, although this is fine for testing to see if it
works, I cringe when I see it suggested as the final
solution. As explained, very few folks will notice the
problem, and very few will be savvy enough to manually
find and manually install the updates (if that even
works). The great majority of folks do not scrutinize
these things like you and I do, or know how to do these
things.

It is becoming clear these are code problems, and only
code fixes that automatically repair the problems should
be acceptable to Microsoft. If that becomes impossible,
then a very visible public notice should be issued by
Microsoft to all MSAS beta users to uninstall/reinstall a
new version that has been proven to fix the problems.

5 Cases
-------
I have looked closely now at 5 machines with MSAS on them.
Three are Windows XP SP2, and two are Windows 2000 SP4.
All are up to date with all hotfixes. In all cases except
#1, MSAS is set to auto-update without interrupting. On #1
(my own) I have it set to auto-update, but to interrupt.
In all 5 cases they are set to inform if new software is
available. Here are the results:

(In cases where 509 was still installed, the users had not
been clicking "Yes" to the software update pop-up, if they
got one).

Case #1 - Windows 2000 SP4
--------------------------
(My own, that we have been discussing in this thread). I
got a pop-up message that a new update was available. I
clicked "Yes" to install it. After the update, the display
said I still had 5731. I checked my files and indeed I
still had the 5731 files. The only file updated was as
before, gcUserData.gcd.

I then did "File, Check for updates". It then said it was
updating from 5731 to 5733. The display now says I have
5733, but again the 5731 files were not replaced. Every
time I click "Check for updates", it goes through the same
cycle, and no files are updated.

So, even though I have manually replaced the 5729 files
with 5731, the problem remains.

Case #2 - Windows XP SP2
------------------------
Displayed versions: 1.0.614, 5729 (07-09-2005 16:38:38).
Actual files: 5729 (06-24-2005). (The machine is left on
24/7). I did not attempt to manually update this.

Case #3 - Windows XP SP2
------------------------
Displayed versions: 1.0.509, 5731 (07-08-2005 10:18:52).
Actual files: 5733. MSAS was set to auto-update at system
startup. (The machine is shut down every evening.) As soon
as I started the program (by double-clicking the icon in
the system tray), the "Newer version available" pop-up
appeared. I ran the update and rebooted. Displayed
versions: 1.0.614, 5731. Actual files: 5733. After another
reboot it displayed 5733.

Case #4 - Windows XP SP2
------------------------
Exactly the same as #3, except when I started the program
no pop-up appeared. I ran "File - Check for updates" and
the "AutoUpdater Status" said that the most recent
definitions and software were already installed, but the
pop-up also appeared and said that a newer version was
available. I ran the update and rebooted. Displayed
versions: 1.0.614, 5733.

Case #5 - Windows 2000 SP2
--------------------------
Displayed versions: 1.0.509, 5733. Actual files: 5733. I
ran the program from the tray icon, but like #4 no pop-up
appeared. I then did "File - Check for updates", and
the "AutoUpdater Status" said that the most recent
definitions and software were already installed, but in
this case the "newer version" pop-up did NOT appear. I did
NOT update this by installing a downloaded 614.

Summary of the 5 Cases
----------------------
Case #1 - Proves that manually replacing the files does
not repair the update problem.

Case #2 - With 614 installed no definition updates are
automatically occurring.

Case #3 - With 509 installed it was auto-updating the
definitions, but my guess is that it will not auto-update
with 614 installed.

Case #4 - Something's wrong when "AutoUpdater Status" says
there is no update available, and at the same time a pop-
up appears that says there is. Also, since #3 immediately
popped-up the new version dialog, how come this one
didn't, and I had to click "Check for updates"?

Case #5 - Again with 509 installed the definitions were
updating, but there is no software pop-up message,
and "Check for updates" says there is none available. So
there is no way for the user to be aware of the 614 update
or to force it to update.

I have now spent many hours on this, both in testing and
to report the problems, and I am convinced the problems
are much larger than you appear to recognize. There is
clearly a problem with the definitions auto-update after
613/614 is installed, and other serious problems with the
software update from 509 to 614.

Hopefully Steve or some other Microsoft technician will
soon be taking a more serious look at this. Let me know if
I can be of any further help.

- John
Click to expand...

From Robin Walker

After much debugging, I have found that the problem with definition update
failures and repetition is because of an incorrect version of the file
gcUnCompress.dll in C:\WINDOWS\SYSTEM32\ (for XP) or C:\WINNT\SYSTEM32\ (for
2000 or systems upgraded from 2000).

The incorrect version is of length 130,272 bytes.
The correct version is of length 95,448 bytes.

To update your system to install the correct version of the file, do the
following:

1. In the System Notification Area, right-click on the MSAS icon and select
"Shutdown Microsoft AntiSpyware".
2. In Explorer, navigate to C:\WINDOWS\SYSTEM32\, locate the file
"gcUnCompress.dll", right-click on it, and select "Delete".
3. In Control Panel "Add or Remove Programs", select "Microsoft AntiSpyware"
and click button "Change".
4. Click "Next".
5. Select "Update Microsoft AntiSpyware", click "Next".
6. Click "Install".
7. When the re-installation finishes, click "Finish".
8. In Explorer, in folder C:\WINDOWS\SYSTEM32\, check that
"gcUnCompress.dll" is now 95,448 bytes long, by right-clicking it and
selecting "Properties".
9. Launch MSAS, pull down the File menu and select "Check for updates" -
this time it really will update your definition files to the latest version.
10. In Explorer, open the folder C:\Program Files\Microsoft AntiSpyware, and
satisfy yourself that the modification dates of the three definition files
have changed:
gcDeterminationData.gcd
gcThreatAuditThreatData.gcd
gcThreatAuditScanData.gcd

Done!

You won't ever have to manually install the definition files again, nor will
the update keep repeating every time you try.
 
John Gruener said:
Case #2 - With 614 installed no definition updates are
automatically occurring.
Click to expand...

See the first post in the thread "Definition update recycling - Permanent
Fix" in the group microsoft.private.security.spyware.announcements for the
fix for the problems you are having.
 
See the first post in the thread "Definition update recycling - Permanent
Fix" in the group
Click to expand...
microsoft.private.security.spyware.announcements for the
fix for the problems you are having.
Click to expand...

Thanks Robin. I've now seen the post, after all these
hours of trying to convince Bill and Steve that there is
indeed a problem! :-(

However, in case it wasn't clear from my lengthy post, my
intention is not to fix MY problem, but to help Microsoft
understand that there is indeed a problem, and to help
them fix it.

Is this not what beta testing is all about? If we just fix
our own problem and go on our merry way, how can we help
test whether Microsoft has indeed come up with a fix that
works for the average user?

For this reason I have not yet manually applied the fix
you kindly posted, and am still awaiting some response
from Microsoft.

Do we yet have anyone's attention at Microsoft on this?

- John Gruener
 
John Gruener said:
Thanks Robin. I've now seen the post, after all these
hours of trying to convince Bill and Steve that there is
indeed a problem! :-(
Click to expand...

Hi John,

I truly do believe the problem is fixed. For myself, I believe the
first line of defense is the user practicing safe hex. I don't
expect to see an infection on this machine, but I can't completely
rule it out. I'm running the beta just to see if the wheels fall
off. This *is* a beta1.<g>

Bob Vanderveen
 
I truly do believe the problem is fixed. For myself, I believe the
first line of defense is the user practicing safe hex. I don't
expect to see an infection on this machine, but I can't completely
rule it out. I'm running the beta just to see if the wheels fall
off. This *is* a beta1.<g>

Bob Vanderveen
Click to expand...

Yes Bob, I recognize this is the fix, but fixed for whom?
Only those that know enough to manually fix the problem.
What about the hundreds of thousands (millions?) of users
that don't even know there is a problem, or those that do
and have not a clue as to how to fix it?

The point is, Microsoft needs to produce a fix that
automatically updates all these machines and fixes the
problem! So far I've not seen one word from a Microsoft
technician that they even recognize the severity of this
problem, let alone a word that an automated fix is on the
way.

Yes, I know it's a beta, and that's why we should be
testing an automated fix, rather than manually patching it.

John Gruener
 
reply interleaved

John Gruener said:
Yes Bob, I recognize this is the fix, but fixed for whom? > Only
Click to expand...
those that know enough to manually fix the problem.
What about the hundreds of thousands (millions?) of users
that don't even know there is a problem, or those that do
and have not a clue as to how to fix it?
Click to expand...

I guess it slipped my mind that this is an *unusual* beta. One would
normally assume that a beta tester would have some minimal skill
level.
The point is, Microsoft needs to produce a fix that
automatically updates all these machines and fixes the
problem! So far I've not seen one word from a Microsoft
technician that they even recognize the severity of this
problem, let alone a word that an automated fix is on the
way.
Click to expand...

I've some decades of observing the process of software developement.
As the problem has just now been clearly defined, I wouldn't have
expected any feedback directly from the developers before this time
if ever. My personal experience would lead me to believe there's a
large database of problems to be resolved and new code to implement.
Those who are assigned responsibility for the resolution of a
particular problem are likely several steps removed from this
newsgroup.

However, we help each other...they learn.
Yes, I know it's a beta, and that's why we should be
testing an automated fix, rather than manually patching it.
Click to expand...

I would expect the fix to be within a package of fixes rolled into a
new version which will be released only after thorough testing out
of our view.

Very respectfully,
Bob Vanderveen
 
John Gruener said:
However, in case it wasn't clear from my lengthy post, my
intention is not to fix MY problem, but to help Microsoft
understand that there is indeed a problem, and to help
them fix it.

For this reason I have not yet manually applied the fix
you kindly posted, and am still awaiting some response
from Microsoft.
Click to expand...

It is apparent that the problem lies not with the MSAS product itself, but
with its installer. The problem will affect only those who upgrade from the
5xx builds to the 6xx builds. The 6xx installer does not overwrite a
previously existing gcUncompress.dll with its updated version, with the
outcome that all definitions updates will silently fail, though be displayed
as succeeding. The posted fix will get 6xx users back on the road to
continue with their beta testing.

It is documented that the MSAS beta-test is without official support from
Microsoft, so it might be demanding too much to expect a response from them.
The only offered support is the community-based support in these newsgroups.
 
(Response interleaved)
It is apparent that the problem lies not with the MSAS product itself, but
with its installer. The problem will affect only those who upgrade from the
5xx builds to the 6xx builds.
Click to expand...

Yes Robin, exactly. Contrary to what Bill Sanderson was
reporting, this affects 100% of those who upgrade, and I
would imagine that's hundreds of thousands, if not
millions of systems.
The 6xx installer does not overwrite a
previously existing gcUncompress.dll with its updated version, with the
outcome that all definitions updates will silently fail, though be displayed
as succeeding. The posted fix will get 6xx users back on the road to
continue with their beta testing.
Click to expand...

Just how much of the installed base will recognize and do
this?
It is documented that the MSAS beta-test is without official support from
Microsoft, so it might be demanding too much to expect a response from them.
The only offered support is the community-based support
Click to expand...
in these newsgroups.

I don't mean to be "demanding" anything, but perhaps
merely "expect" that some form of acknowledgement would be
forthcoming from Microsoft that they recognize the problem
and are working on a fix. You and I (if not others) spent
many hours of our own good time on this, so it would seem
that a few seconds of their time to respond to our efforts
would not be too much to expect. I realize this is a beta
test, but do not beta testers get some feedback when they
report problems?

Also, as Bob points out, this is an *unusual* beta in that
Microsoft has made this available, and even promoted, to
the general public rather than just technical folks.
Consequently only one in a thousand or so of the MSAS
users will actually check this newsgroup or look for
announcements.

Although not "officially" supported, it would seem
Microsoft would want to be made aware of the problem,
which is what I was trying to do. At the time I started
posting this no one seemed to be the least bit aware of
how widespread this problem is. I would think they also
would want to develop an installer that automatically
fixes the problem, since so many folks are adversely
affected without their knowledge.

I am however new to MS newsgroups, so I may not understand
what interaction (or lack of it) we have with Microsoft
personnel. Steve Dodson is apparently a Microsoft
employee, so I assumed he could speak for Microsoft on
this issue, and interact with the MSAS developers. Is this
not the case? Does he not have any official capacity for
the product? In his absence is there no other Microsoft
employee that frequents this newsgroup?

Regards,
John Gruener
 
John Gruener said:
I have now spent many hours on this, both in testing and
to report the problems, and I am convinced the problems
are much larger than you appear to recognize. There is
clearly a problem with the definitions auto-update after
613/614 is installed, and other serious problems with the
software update from 509 to 614.

Hopefully Steve or some other Microsoft technician will
soon be taking a more serious look at this. Let me know if
I can be of any further help.
Click to expand...

John - I assume you've now seen Robin Walker's solution to this issue.

Microsoft is aware of the problem, but I don't know what they will do with
regards to providing a fix. I do know that I hadn't seen it first hand
until yesterday when I returned from vacation. I'm not sure whether there's
a pattern about who sees the issue and who does not--I don't have any
picture of that at all--but I know I have a number of machines that don't
have the problem, and some that do--at last count 3 out of a few dozen.

Thanks for all your effort, and I'm sorry that I wasn't able to take the
time to really dig into this when it was most needed.
 
John Gruener said:
For this reason I have not yet manually applied the fix
you kindly posted, and am still awaiting some response
from Microsoft.

Do we yet have anyone's attention at Microsoft on this?

- John Gruener
Click to expand...

We do, but they take vactions, too!
 
John Gruener said:
(Response interleaved)

Yes Robin, exactly. Contrary to what Bill Sanderson was
reporting, this affects 100% of those who upgrade, and I
would imagine that's hundreds of thousands, if not
millions of systems.
Click to expand...

Not my own experience. I can't give you stats, but I have a number of
upgraded 614 machines which have the correct .dll file and didn't see this
issue.
I don't mean to be "demanding" anything, but perhaps
merely "expect" that some form of acknowledgement would be
forthcoming from Microsoft that they recognize the problem
and are working on a fix. You and I (if not others) spent
many hours of our own good time on this, so it would seem
that a few seconds of their time to respond to our efforts
would not be too much to expect. I realize this is a beta
test, but do not beta testers get some feedback when they
report problems?
Click to expand...

I believe we'll hear from Microsoft when they are satisfied that they have
an appropriate response to make.

I certainly appreciate your effort and Robin Walker's as well as the others
who have tried to convince me of the seriousness of this issue. It is,
indeed, more significant than I had realized, but my own experience with 614
upgrades was such that I didn't see the issue first hand until yesterday--it
isn't universal.

Thanks, and stay tuned.
 
Back
Top