IT Support For Your Company (No Pay - No Way)

[JohnK]

From my point of view, there's two theories. One theory is you're not liked at the office, so you were ignored as a matter of politics rather than process.

The second theory is that you raised the issue and it was in line to be fixed, or looked at on a basic level. The second time someone else raised it, IT puts the pieces together and realises that the same problem has arisen in a short amount of time, so either the last fix was ineffective, or this just reaffirms the nature of the problem.

Your first theory is more than likely correct.

 

[harvyk]

Something which I also take a little bit of issue with, is the title of this thread... "IT Support For Your Company (No Pay - No Way)". Whilst I realise that in the context, there is every chance that your IT company has not done it's job properly, there is certainly many a person who feels that IT companies should not charge for every minor thing.

To that I say, well a good IT person can easily command 6 figure salaries. Such people are expensive to hire (speaking from experience, both in hiring others, and if you wanted to hire me, I don't come cheap, that said I have no shortage of work), and you really need to ensure that everything they spend their time on is billable. So this does mean that the quick fix needs to be charged for, since half the reason why it is a quick and easy fix is your drawing on many years of industry experience. Furthermore the good ones are often able to anticipate issues before anyone else in the business knows there is an issue, and fix it. Which pretty much means that the really expensive IT person whom seems to charge for everything might actually be the reason why you haven't just spent the entire week with no computer systems.

As the OP may be discovering, there is a reason why the good ones are so expensive, and that is because the cheap ones are not worth the paper they print their resume on. I've also have the displeasure of hiring (and firing) and working with the not so good IT people. They are the ones whom don't solve the minor issues before they have become major problems, they are the ones that do spend a day working on what should have been a 10 minute fix. They are also the ones which might seem cheap on the surface, but if you then look at the fact that you've just had an outage lasting a week with your employees spending that entire time looking blankly at the walls, well it ain't so cheap any more (best one I know of was a outage which cost the company around the $250,000 mark, all because they wanted to save a couple of dollars)

That's not to say that you don't every so often come across a cheap IT person who is also good, but they are actually a pretty rare breed.

 

[Robert K]

It's also going to be a lot more expensive to go with an IT firm instead of just a IT guy. The firm will charge their time at 4 or 5 times what a IT guy would charge.

 

[robd]

Something which I also take a little bit of issue with, is the title of this thread... "IT Support For Your Company (No Pay - No Way)". Whilst I realise that in the context, there is every chance that your IT company has not done it's job properly, there is certainly many a person who feels that IT companies should not charge for every minor thing.

To that I say, well a good IT person can easily command 6 figure salaries. Such people are expensive to hire (speaking from experience, both in hiring others, and if you wanted to hire me, I don't come cheap, that said I have no shortage of work), and you really need to ensure that everything they spend their time on is billable. So this does mean that the quick fix needs to be charged for, since half the reason why it is a quick and easy fix is your drawing on many years of industry experience. Furthermore the good ones are often able to anticipate issues before anyone else in the business knows there is an issue, and fix it. Which pretty much means that the really expensive IT person whom seems to charge for everything might actually be the reason why you haven't just spent the entire week with no computer systems.

As the OP may be discovering, there is a reason why the good ones are so expensive, and that is because the cheap ones are not worth the paper they print their resume on. I've also have the displeasure of hiring (and firing) and working with the not so good IT people. They are the ones whom don't solve the minor issues before they have become major problems, they are the ones that do spend a day working on what should have been a 10 minute fix. They are also the ones which might seem cheap on the surface, but if you then look at the fact that you've just had an outage lasting a week with your employees spending that entire time looking blankly at the walls, well it ain't so cheap any more (best one I know of was a outage which cost the company around the $250,000 mark, all because they wanted to save a couple of dollars)

That's not to say that you don't every so often come across a cheap IT person who is also good, but they are actually a pretty rare breed.

I don't mind paying a premium for premium IT support. What is a minor thing, though?

Last Friday I was doing something on my computer and needed to temporarily disable my McAfee AV. The McAfee AV was installed by the current IT co. on an annual subscription which we have prepaid in full. I went to the console to disable the software, but it was not an available option without a login and password, so I emailed the IT company requesting the login info. Their response was that they do not supply login details to their customers as it is for their use only. They wanted to know what I wanted to do. I emailed back saying that I don't need their assistance for what I wanted to do, and requested again that they please forward the admin login and password to me. Their response was "we have nothing to hide, our admin login have access to all customers mcafee subscriptions and we will not provide that to anyone outside our company. Please specify what you want to do so I can help." So the minor thing that I can do without assistance, I am unable to do, because they will not supply the login and password details for the software that we paid for and that we also paid them to install. Now they want to be paid for their two clicks worth for disabling and re-enabling it?

I'm interested to hear your thoughts?

 

[harvyk]

I don't mind paying a premium for premium IT support. What is a minor thing, though?

Last Friday I was doing something on my computer and needed to temporarily disable my McAfee AV. The McAfee AV was installed by the current IT co. on an annual subscription which we have prepaid in full. I went to the console to disable the software, but it was not an available option without a login and password, so I emailed the IT company requesting the login info. Their response was that they do not supply login details to their customers as it is for their use only. They wanted to know what I wanted to do. I emailed back saying that I don't need their assistance for what I wanted to do, and requested again that they please forward the admin login and password to me. Their response was "we have nothing to hide, our admin login have access to all customers mcafee subscriptions and we will not provide that to anyone outside our company. Please specify what you want to do so I can help." So the minor thing that I can do without assistance, I am unable to do, because they will not supply the login and password details for the software that we paid for and that we also paid them to install. Now they want to be paid for their two clicks worth for disabling and re-enabling it?

I'm interested to hear your thoughts?

My thoughts are, in a past life, I made an absolute killing from repairing computers after a "power user" (non IT people who are not afraid of looking under the bonnet) attempted to make "small and easy changes". Seriously those guys are the reason why I could afford to purchase my car and my house.

I can understand them not wanting to allow a person who is not a full time IT person from playing around with systems which it is their job to support for the following reasons.

1. They would potentially need to update their own internal documentation about your system.
2. Should the update cause any issues in the future, they are potentially going to have to support the update, despite not necessarily knowing what it is or does. This could also include having to fix side effects from the update
3. If they have install McAfee under corporate account, and they don't have a individual login details for each customer, then handing out the password does represent a security risk.
4. Updates should not require AV (or security in general) to be disabled, as such they are right to question what that update is likely to do, since whilst the security systems are disabled, technically that update (which I suspect you have not verified against an MD5 hash before allowing it to do what it likes) could do anything. Even if the company which issued the update is on the level, with security disabled, a malicious person could sneak code into the update, without security (and without verification against an MD5) that update could do anything.

 

[anat0l]

Last Friday I was doing something on my computer and needed to temporarily disable my McAfee AV.

What kind of thing are you doing that would require disabling the AV?

I haven't dealt with McAfee for a long time. Some AV software does use an "inoculation" technique or similar which, I believe, tracks and possibly prevents the changing of "key" system files (by logging the signature of said files at a previous time when the system was "clean"). In more than half of cases, this doesn't stop the installation of software (mainly because there's no need to modify the core system - most are in Program Files) and other features like Windows Update are granted exclusive access. Of course, you can change the specifics of that feature to be a lot tighter, but in many cases that could be unrealistic (and unworkable).

Unless the AV was on a really draconian protective mode, there aren't many things I can think of that you cannot do without disabling the AV. Anything that requires disabling the AV would usually entail system changes.


I'm not sure about our IT support at work, but I haven't had trouble using my supplied computer with fairly standard activity. The only main times to contact IT support have been to maybe obtain a licence for specific software and maybe installing said software (because it needs to be connected to a licensing server).

 

[robd]

My thoughts are, in a past life, I made an absolute killing from repairing computers after a "power user" (non IT people who are not afraid of looking under the bonnet) attempted to make "small and easy changes". Seriously those guys are the reason why I could afford to purchase my car and my house.

I can understand them not wanting to allow a person who is not a full time IT person from playing around with systems which it is their job to support for the following reasons.

1. They would potentially need to update their own internal documentation about your system.
2. Should the update cause any issues in the future, they are potentially going to have to support the update, despite not necessarily knowing what it is or does. This could also include having to fix side effects from the update
3. If they have install McAfee under corporate account, and they don't have a individual login details for each customer, then handing out the password does represent a security risk.
4. Updates should not require AV (or security in general) to be disabled, as such they are right to question what that update is likely to do, since whilst the security systems are disabled, technically that update (which I suspect you have not verified against an MD5 hash before allowing it to do what it likes) could do anything. Even if the company which issued the update is on the level, with security disabled, a malicious person could sneak code into the update, without security (and without verification against an MD5) that update could do anything.

I understand the security issues and also the ramifications of being a "power user" and if I stuff the system up, well, that's what I'll be paying them for (probably able to fully option the new Audi ).

Unfortunately, the relationship between this IT company and us, was damaged beyond repair when their actions caused major data loss. Quite simply, I do not trust them.

We are stuck in a 12 month contract with seven months left to run.

 

[robd]

What kind of thing are you doing that would require disabling the AV?

I haven't dealt with McAfee for a long time. Some AV software does use an "inoculation" technique or similar which, I believe, tracks and possibly prevents the changing of "key" system files (by logging the signature of said files at a previous time when the system was "clean"). In more than half of cases, this doesn't stop the installation of software (mainly because there's no need to modify the core system - most are in Program Files) and other features like Windows Update are granted exclusive access. Of course, you can change the specifics of that feature to be a lot tighter, but in many cases that could be unrealistic (and unworkable).

Unless the AV was on a really draconian protective mode, there aren't many things I can think of that you cannot do without disabling the AV. Anything that requires disabling the AV would usually entail system changes.


I'm not sure about our IT support at work, but I haven't had trouble using my supplied computer with fairly standard activity. The only main times to contact IT support have been to maybe obtain a licence for specific software and maybe installing said software (because it needs to be connected to a licensing server).

File exclusions for our main accounting software.

 

[harvyk]

Unfortunately, the relationship between this IT company and us, was damaged beyond repair when their actions caused major data loss. Quite simply, I do not trust them.

What is the break costs like? Also if you strongly suspect that their less than stellar support was the root cause of your issue, I expect you could break contract with them. Of course this is now getting into consult a lawyer / have an independent IT person do an audit territory. Of course if they are as hopeless as you are making out dropping them and simply wearing the cost might be cheaper than having to start over on your business if your backups and servers fail again.

 

[anat0l]

File exclusions for our main accounting software.

I don't quite get it. Does the main accounting software do this task or do you have to directly manipulate the file system yourself?

Why does it do this?

When I read this, I'm thinking that the attributes of certain files (RASH, timestamps) are modified so that backup software can correctly perform differential backups or other software can synchronise files correctly. Not sure why that should necessarily arouse AV monitors to the point that it is prohibited, especially if the files in question are not critical system files.

Not to mention that the A flag and timestamps are easily triggered anyway by normal means; AV software would normally just scan the file in question, check for threats, and move on.

Not saying you don't know what you're doing, but I'm still finding this unusual.

 

[harvyk]

I don't quite get it. Does the main accounting software do this task or do you have to directly manipulate the file system yourself?

Why does it do this?

When I read this, I'm thinking that the attributes of certain files (RASH, timestamps) are modified so that backup software can correctly perform differential backups or other software can synchronise files correctly. Not sure why that should necessarily arouse AV monitors to the point that it is prohibited, especially if the files in question are not critical system files.

Not to mention that the A flag and timestamps are easily triggered anyway by normal means; AV software would normally just scan the file in question, check for threats, and move on.

Not saying you don't know what you're doing, but I'm still finding this unusual.

I have to admit, I'm still puzzled by this as well. I have never come across a legitimate piece of software which has required AV to be disabled to be installed. Even low level stuff which installs and modifies services can do things whilst AV is still running. A simple accounting package should have absolutely no reason to have anything which could trigger an AV program. If the AV program also doubles as a firewall and the update requires web access it might trigger a FW alert. But in that case an exception ( / rule) should be put in place to permit the installation to happen without disabling security.

 

[robd]

I don't quite get it. Does the main accounting software do this task or do you have to directly manipulate the file system yourself?

Why does it do this?

When I read this, I'm thinking that the attributes of certain files (RASH, timestamps) are modified so that backup software can correctly perform differential backups or other software can synchronise files correctly. Not sure why that should necessarily arouse AV monitors to the point that it is prohibited, especially if the files in question are not critical system files.

Not to mention that the A flag and timestamps are easily triggered anyway by normal means; AV software would normally just scan the file in question, check for threats, and move on.

Not saying you don't know what you're doing, but I'm still finding this unusual.

You're getting into the gobbledygook area here

 

[robd]

I have to admit, I'm still puzzled by this as well. I have never come across a legitimate piece of software which has required AV to be disabled to be installed. Even low level stuff which installs and modifies services can do things whilst AV is still running. A simple accounting package should have absolutely no reason to have anything which could trigger an AV program. If the AV program also doubles as a firewall and the update requires web access it might trigger a FW alert. But in that case an exception ( / rule) should be put in place to permit the installation to happen without disabling security.

Sorry, there was one thing that needed the AV disabled. I've kind of run on into non access to AV console for the file exclusions.

Don't go getting all geeky on me

 

[anat0l]

You're getting into the gobbledygook area here

Well, I guess what does file exclusions on the main accounting software achieve?

Another thought just came to me is that you can configure the AV scanner so that certain files are never scanned (risky, as this implies that you can guarantee they are always clean). Why you would necessarily need to do this on accounting software files (versus any other data files) is something I don't quite get.

If the AV software is slowing your system down such that you can't run the accounting software, then the solution is not file exclusions. If the AV software is interfering with the accounting software by preventing your accessing certain data files whilst both run at the same time, then file exclusions are again not necessarily the answer but this is very unusual.

 

[robd]

Well, I guess what does file exclusions on the main accounting software achieve?

Another thought just came to me is that you can configure the AV scanner so that certain files are never scanned (risky, as this implies that you can guarantee they are always clean). Why you would necessarily need to do this on accounting software files (versus any other data files) is something I don't quite get.

If the AV software is slowing your system down such that you can't run the accounting software, then the solution is not file exclusions. If the AV software is interfering with the accounting software by preventing your accessing certain data files whilst both run at the same time, then file exclusions are again not necessarily the answer but this is very unusual.

The layman answer is - we were having problems with the software and the advice from our software consultants was to enter the file exclusions into the AV software. I happily pay the annual support contract for these guys, by the way - great bunch of people.

 

[harvyk]

The layman answer is - we were having problems with the software and the advice from our software consultants was to enter the file exclusions into the AV software. I happily pay the annual support contract for these guys, by the way - great bunch of people.

OK, the answer you got there was the "what could stop our software from working" answer. I've given these sorts of answers myself since my interest is getting the software going, not the long term security and / or safety of the system. I'll typically get the person to talk to their own IT people with (I'll sometimes liaise with the companies own internal IT people, because as you so eloquently put it, that gobbledygook / geeky talk often goes over the heads of the customer, but the devil is always in the detail) since my end goal is getting our software working in the shortest amount of time, with the general IT people's job to take a big picture view.

 

[robd]

OK, the answer you got there was the "what could stop our software from working" answer. I've given these sorts of answers myself since my interest is getting the software going, not the long term security and / or safety of the system. I'll typically get the person to talk to their own IT people with (I'll sometimes liaise with the companies own internal IT people, because as you so eloquently put it, that gobbledygook / geeky talk often goes over the heads of the customer, but the devil is always in the detail) since my end goal is getting our software working in the shortest amount of time, with the general IT people's job to take a big picture view.

The initial entry of the file exclusions occurred back in October 2013 and was predominently handled between our software consultants and the IT company. It wasn't something that I instigated without referring to the IT company.

 

[anat0l]

The layman answer is - we were having problems with the software and the advice from our software consultants was to enter the file exclusions into the AV software. I happily pay the annual support contract for these guys, by the way - great bunch of people.

The initial entry of the file exclusions occurred back in October 2013 and was predominently handled between our software consultants and the IT company. It wasn't something that I instigated without referring to the IT company.

So the accounting software company and the IT support company have talked to each other and file exclusion was the answer they came up with?

Is there room on the rafters for a few more morons to be strung up by their ears?

That said, if it has been something done before, then both companies should have records of the problem and actions taken. The software company needs to really find out why their software can't operate normally when AV software (or McAfee) is also installed - is their software touching system files, registry settings or making internet calls beyond the firewall where no exclusions or rules have been set. The IT company should be finding out what the accounting software is trying to do which is suppressed by the AV software so they can pass that onto you to pass on to the software company - this shouldn't be exceptionally difficult since attempts blocked by the AV software should be logged so you can see which files are being affected.

 

[robd]

So the accounting software company and the IT support company have talked to each other and file exclusion was the answer they came up with?

Is there room on the rafters for a few more morons to be strung up by their ears?

That said, if it has been something done before, then both companies should have records of the problem and actions taken. The software company needs to really find out why their software can't operate normally when AV software (or McAfee) is also installed - is their software touching system files, registry settings or making internet calls beyond the firewall where no exclusions or rules have been set. The IT company should be finding out what the accounting software is trying to do which is suppressed by the AV software so they can pass that onto you to pass on to the software company - this shouldn't be exceptionally difficult since attempts blocked by the AV software should be logged so you can see which files are being affected.

I don't know how to respond to that one :shock:

I defer to their expertise, or the expertise that I assumed at that time.

 

[harvyk]

I don't know how to respond to that one :shock:

I defer to their expertise, or the expertise that I assumed at that time.

and that my friend is why the measure of a good IT person is not if they are a good person to deal with, or does the small stuff for free. The true measure is what they actually know, and how pro-active they are towards keeping your systems safe and secure.