Ask Slashdot: Dealing With an Unresponsive Manufacturer Who Doesn't Fix Bugs?

moofo writes: I've had huge problems with a security appliance since its installation. Specifically, the VPN SSL client is causing a problem for the majority of my remote clients. The company acknowledged the bug, but they are jerking me around, and no resolution is in sight. I tried third-party clients, but I'm wary of using them since they are not distributed by the manufacturer, and they require some maintenance to keep working properly.

I also talked to various executives at the company and besides giving me apologies, nothing good is coming my way. It's been more than two years (on a three-year subscription that I can't terminate early), and this is continually causing me trouble and aggravation. It also makes my internal customers unhappy. How do you deal with a manufacturer who doesn't fix bugs in a reasonable time frame?

Re:The name

[ShanghaiBill]

One way is to give the public the name!

This is a VERY good suggestion. Why is the company not being named? If the company sees their name being publicly dragged through the mud, they are likely to make customer service a higher priority. Public reviews and customer-to-customer communication facilitated by Amazon, eBay, etc. have done wonders for customer service.

The vendor seems to be Watchguard

[fuqqer]

According to OPs slashdot profile, his personal website is: http://www.moofo.com/ He has a posting on there about purchasing a watchguard in 2012, their buggy SSL client, and the ineptitude of Watchguard support. http://www.moofo.com/2014/07/1...

Re:The vendor seems to be Watchguard

[datapharmer]

I was thinking the same thing, but I'm not afraid to name names. I have reported bug after bug and all they ever did was use the bug report as a "support case" and count it against my support allotment then close the case with no resolution. Some issues have been solved after a year or more, but support is unresponsive at best. I can name quite a few known problems, some of which could be potentially exploited for buffer overflows or denial of service attacks.

Just to name a few problems and bugs:
-ssl-vpn prompts the user to upgrade when new software is loaded on the firewall but if a user clicks no it disconnects them. If they click yes it uninstalls the software and fails to rienstall due to permission issues with the teefer driver if the user does not have administrative rights. It cannot be upgraded easily through group policy or windows update local publishing. It is an exe container so group policy is out and publising via local update publisher causes the system to hang at shutdown due to problems related to the driver removal/installation.

-services that use certificate checking fail if dpi is enabled and there is no reasonable workaround (examples: webex, apple itunes and app store). Implementing a realtime host lookup would easily resolve this problem but they only offer a one time hostname lookup which adds the ip to the policy (problematic for just about everything.... yes let's unblock all of akamai, that makes sense!!!)

-sso manager has a memory leak uses huge amounts of resources and eventually stops updating the list of authenticated users until the service is restarted if you have more than 2 domain controllers. We had to schedule a restart of the service every morning to mitigate this and it still uses an insane amount of processor time.

-Version 11.9.1 broke multi-wan pptp so not only is ssl-vpn broken (don't get me started on their poor ipsec support) but now the less secure backup option won't connect...

-expiring or rejecting a ca certificate causes all sites reliant on that certificate to fail to load even if a new certificate is present if dpi is enabled

-email quarantine generates a certificate with the server's ip as the name but links send the user to the hostname thus causing a certificate warning

-a wan connection with a ping monitor will not resume functioning once ping is restored in a multi-wan overflow configuration causing a temporary loss of connectivity to become a permanent one.

-ssl-vpn will not connect over udp in a multi-wan environment

I could go on... but I'll end with a non-bug:
-They clearly run modified versions of open source software but fail to release their code changes to customers or distribute the gpl with their software. This is clear simply from the log files and debugging information and has been complained about as far back as 2005: http://lists.gpl-violations.or...

A man who defends himself has a fool for a client

[sjbe]

In a civil lawsuit, all the filing costs are paid by the plaintiff, not the defendant.

Filing costs maybe but not lawyers fees which always account for the bulk of the cost of any lawsuit aside from any adverse judgements. Filing costs are a rounding error.

If you know you spoke the truth, and you have solid evidence to back that up, then you really don't need a lawyer.

HAHAHAHAHAHA... If you believe that you are an idiot and have never been on the pointy end of an actual lawsuit. This isn't an episode of Judge Judy we are talking about here.

Re:Three year s ubscription...

[St.Creed]

That's exactly the right way where I live. You start with a complaint, then escalate with a letter giving them a last chance to fix the issues. You give them a reasonable term, such as 30 days. After that, you terminate the contract and ask for your money back due to breach of contract.

You'll be much better off if you let a lawyer handle this sort of thing, by the way. But that goes for signing the contract in the first place, too.