TAM Clntfile.exe errors

clntfile error
Hi, my name is clntfile and I'm a crashaholic

Look familiar?  My logs are full of clntfile.exe errors, have been for years, and now that I support numerous businesses running TAM, looks like I wasn’t alone.  A number of years ago I went on a crusade digging up all these TAM related errors in my log and tried to get answers from Applied as to why they are there and what can be done to reduce the frequency of such apparent application crashes.  I got absolutely nowhere.

Additional Error details:

Event Type:    Error
Event Source:    Application Error
Event Category:    (100)
Event ID:    1000
Date:        2/25/2010
Time:        1:17:45 PM
User:        N/A
Computer:    CALEAT01
Description:
Faulting application clntfile.exe, version 0.0.0.0, faulting module msvbvm60.dll, version 6.0.97.82, fault address 0x00020d87.

I’d be the first to admit, clntfile isn’t the only application crashing on these boxes, but nothing does it with as much frequency.  Applications crash, as sure as the sun will set, but nothing needs to crash this often.  The other thing is, this behaviour has transcended version after version.

letter32 crash
clntfile is not alone

It’s not only clntfile though, homebase.exe and letter32.exe are also common figures in this 3 act play.

Perhaps I’m alone here, or perhaps I desire clean logs a little too much, but I just find it somewhat unacceptable to run software with a 9-dot-something version that has the same annoying, all-to-common hiccups as it did in 7-dot-something.

At the very least, I would like to know what is at the center of these issues – well I mean beyond the frequent mention of msvbvm60.dll – which I will take a stab at – is Microsoft Visual Basic Virtual Machine?  Doesn’t anyone code in C++ anymore?  I won’t even get started on wowexec or ntvdm…

Event Type:    Information
Event Source:    DrWatson
Event Category:    None
Event ID:    4097
Date:        2/25/2010
Time:        1:17:45 PM
User:        N/A
Computer:    CALEAT01
Description:
The application, H:\WINTAM\clntfile.exe, generated an application error The error occurred on 02/25/2010 @ 13:17:45.934 The exception generated was c0000005 at address 73590D87 (MSVBVM60!_vbaStrComp)

Anti-Virus to become obselete?

Who doesn’t run anti-virus these days (ok all you Mac users put your hands down) – the use of anti-virus, or anti-malware applications is practically a given, to the point where it seems that no matter how poorly it may perform, we keep using it.  AVG itself declares that only 3% of today’s viruses are of your typical old school variant, moreover, time and time again real world AV protection seems to be nowhere near the vendors’ claimed detection rates.  We are all running some kind of AV product, yet it never fails, some user gets infected anyway and off we go with our little toolkits of clean-up utilities, wasting countless hours trying to pry that insidious, pervasive malware from every nook and cranny only to do it all again at some later date.  All this despite have invested good money in “protection”.

What am I getting at?  It’s pretty clear, signature-based anti-malware does not work – to be fair, I should say, it works, but only sometimes.  We have to ask ourselves though – is sometimes good enough?  I’m sure the sales reps will say that some protection is better than none, but then again is a false sense of protection better than none?  Malware writers have been ahead of anti-malware vendors for years, it is a constant game of catch-up where the good guys are always trailing behind.

An analogy of signature-based anti-malware:  “anti-cat 2010”

Anti-Cat 2010 is the latest in stray feline infiltration technology that will prevent stray cats from roaming free on your property.  Now we have to define what a stray cat is so that they can be accurately detected and effectively shoo’d.  We also have to be careful not to shoo other animals or friendly felines, so the definition needs to be exact, to the point where really we need a sample stray to model our first signature out of.  Therefore we catch a stray and create a signature that matches it exactly- number of hairs, meow frequency, weight, height, eye colour, dna sequence and so on.  Now that cat will surely be detected, unless it loses some hair, or weight, or gets a cold.  Nor will it’s offspring be detected.  Nor will any of the other cats be detected.  So starts the cat and mouse game of collecting strays to sample and adding those definitions to Anti-Cat; problem is there is no end to the number and variation of strays one will encounter.

Turns out it might be somewhat easier to do this job inclusively rather than exclusively, that is, build a list of acceptable animals, albeit equally detailed, that you will allow on your property.  In essence a critter whitelist, any animal that happens upon your golden acre that does not match the list gets shoo’d.

This is synonymous with application whitelisting, which is a burgeoning technology already proven superior to the current standard of malware blacklisting.  One of the things that makes this technology feasible is the speed of today’s computers, this technology would not have been possible a few years back, the performance hit would have been too great.

Some of the current big AV vendors are looking long and hard at this technology because they know that the current technology has had it’s day and it’s time to move on.  While they try to shuffle the deck, there are already a number of players in the market who have lead the charge and currently offer very capable enterprise class products.

Google Dropping IE 6 Support

Story here

Google Apps will no longer support Internet Explorer 6, as well as older versions of other browser offerings. What does this mean to you? Mainly it mean, if you are still using something this old, it’s time to upgrade. With all the offerings today, there is a browser for everyone: IE, Safari, Firefox, Opera and Chrome round out the big guns.

Some have speculated this move has been prompted by Google China’s recent network compromise which may have been partially due to older browser support / usage. Even if that is not the case, it’s still a good move, IE 6 is old and weak and full of holes – time to retire.

IE Zero Day Exploit

If you have not heard, there is a very serious Internet Explorer Zero Day exploit making it’s rounds.  How serious?  Serious enough for Microsoft to put forth an Out-of-Band patch for it.  This is very much related to the Google China network compromise that has been in the news recently – this was one of the exploits leverage that gave hackers access to Google’s network.  Since then the exploit code has shown up in various places on the Internet where more blackhats and criminals have gotten their hands on it.

While initially an IE 6 exploit, proof of concept code now exists that can target IE 7 – IE 8 appears to be somewhat protected if DEP is still enabled on the system.

This exploit is serious enough where the French and German governments have issued public advisories to it’s populace to use an alternate browser like Firefox or Opera.

The value of forums

There has been a lot of talk about the value of forums lately, especially where ASCnet is concerned.  There is debate whether ASCnet sees the value of their own newgroups which are currently old USENET style nntp-based groups accessible only by dedicated news reader or a reader-enable email client.  The attempted move to web forums has been a long and somewhat painful process and presently the project seems to have stalled somewhat.  Is there value in web forums or forums in general?

Forums, historically have largely been grassroots, user base driven undertakings by folks with similar interests.  Forums likely are not great marketing vehicles though and it is not uncommon for businesses to lose sight of the needs of their user base (clients) and put more effort into marketing their product to new clients than appeasing the needs of their current users.  Even Apple has been guilty of this, a company that likely owes a lot to it’s fanatical user base.

Novell is another company that tends to have some very devout users, they certainly make use of their forums, which currently still run on NNTP as well as vBulletin with a custom-coded bridge keeping the two in sync.

It is quite hard to find a company today that does not make use of forums for support purposes.  Microsoft, Adobe, Nvidia, and AMD all do it.  Even non-tech companies might dabble in support forums, but those who don’t will often find their user base will create their own, as owners of various cars and trucks tend to do.

Forums also offer an impromptu gathering place where people with common interest can gather, exchange ideas and help each other out.  So there is definitely value in forums, and that value does go both ways.

And your little blog too…

AU has now completed it’s triple-play, and a blog is born. As with our wiki, the blog is a community effort and those who wish to contribute are welcome to do so. Contributor accounts can be setup by the admin, so just drop him an email or post in the forums and we’ll get you set up.

Content for the blog can be current events affecting our industry, notices of events, regional user group info and so on. I certainly hope you all find the resources of AppliedUsers.Org useful and appropriate. See you in the forums.