Waves central a complete bust!

[trimph1]

Waves is of the EVILZZZ!!!!!!!!

[Orbit-50]

Just suppose I'm an astronaut and my laptop floats off into space during the remote connection. What then?

[trimph1]

Actually, I had to do the remote thing a couple of times...both because I borked the Magma. And both times they worked me through the process with no problem.

[robotmonkey]

I am not fighting here, i am asking sincerely when i ask this.. is there any way to know for SURE that someone you haven't invited remotely to your machine, is not keylogging your password?

Because you are able to see absolutely everything that the tech support is doing. There's not a second where tech can do anything you are not able to stop. Waves is using the TeamViewer remote support client (I actually saw it just now when I went to check something out from a plugin manual) and it does not even run in admin mode so the tech would need your explicit approval to install anything. Also TeamViewer is the industry standard of remote support tools so you can be pretty sure that all the security concerns are thought through because this is used in a lot more security sensitive environments than your personal computer could ever dream of.

[simon.a.billington]

Better than asking the customer? I don't think so. Every problem I've had with waves plugins, I've sorted out myself. In fact, they even told me once that they'd put my solution to one problem on their own database (or whatever they call it). They DO NOT know better than the stupid customer 100% of the time.

I fix my own issues too.

But customers are not always 100% honest. What if the source of the trouble was some ripped software?!! That does happen too.

Then the fellow with the ripped program gets to deal with the issue. Good grief. We're really looking for something here.

Not looking for anything. Just stating the each computer is a UNIQUE environment. I'm also stating that customers CAN LIE, especially if they are afraid of what people may find.

Not saying that's what's happening here, but it is a DISTINCT POSSIBILITY. It's not a remote possibility. Companies like Waves are only making money from an average of 30% of the installs out there, that leaves about 70% of their software that is pirated according to an article I read about a year back on music software and piracy in general.

So it's a very distinct and very real possibility. People rip software and then they lie about it. Not reaching for anything there.

Then of course there are all my earlier arguments you would have to dismiss as well...

Fact is they can ONLY connect while you have the remote access app running.

You have control over the situation. You watch every move and you allow every action. There are no secrets, it's full disclosure.

Passwords can be changed and remote access software can be deleted once they are no longer required.

It's an increasingly more common practice to be doing in the software/hardware world. If plugin developers aren't all doing it, it's only a matter of time. It's the future of computer servicing.

It's no different than if you took your computer in for a tech to physically look at it. At least they don't go reformatting your system because they are to lazy to fix a problem.

It's no different than the trust you instill with a mechanic.

Companies like Waves have a reputation to protect, they're not about to stick some monkey on to the problem.

When the problem gets to the point they need to remote connect with you it's because it is a UNIQUE issue, not a common issue. It's not always clear what the unique issue is. Like a mechanic they need to be able to see the computer run, see what background processes there are, see if there are any other programs, apps, daemons, background processes that may be causing conflicts.

Checking these kind of issues offer require expert knowledge and specialised tools. If you can simply rattle off instructions they would. In fact that's what they do when you initially email/call them. It's only when they run out of ideas and options do they NEED to put eyes on the UNIQUE problem in a UNIQUE system.

Afraid they will mess up your system, then back it up, you should be doing that anyway. Hide any sensitive files, lock them in a password encrypted folder or ZIP.

The techs have a job to do, they don't really have time to root around in someone else's system anyway in the hope they will find that magic piece of information like credit card details. Seriously, they could spend hours doing that and still come up empty. Why?? So they can waste time doing that and not getting any real work done and risk losing their jobs??

For every user with problems they probably have 10 others lining up to remote connect with them. They want to get in, get out and solve the problem as quickly as possible with minimum of fuss. If it could take them 10mins to figure out they would rather than that than spend countless days going backwards and forwards with someone trying one random idea at a time and sacrifice the service they need to be offering their other customers who are no less important than you are.

They are not mind readers, they are not mystics. Out of a possible million things that could be happening on your system, they can't magically guess what the solution maybe.

This is not a unique way that Waves chooses to solve a problem. Many other software/hardware companies do it too, because it is the ONLY WAY to solve these type of issues, short of physically taking your computer in.

If they could simply rattle off a few instructions they would, that way they won't have to pay their techs fixing problems they don't need to fix. They save money by giving the customers simple solutions they can do themselves.

They are not working for the government, some enemy of the state. They're are not interested in spying on you or leaving malware on your system. To what end?? What would the purpose be?? Why would they risk their jobs??

You need to first identify what the problem actually is before you can begin to apply a solution. In these unique situations they need to first discover what the problem is. Again, it's something they cannot guess. They need eyes on the situations. Doctors take X-rays, scans, and do blood tests if they can't immediately identify a problem. Mechanics look under hoods, analyse exhaust fumes. When architects discover problems about particular builds they go down to the site to get an eye on it before they can draw up a solution.... This is all because no one can guess what a problem is, they need to get eyes on the situations for themselves. Doctors don't ask you to look at your own X-ray and get you to describe it to them or tell them what you think the problem might be.

The thing is the problem could be almost anything, take you're wildest guess. Unless you know what is unique about a particular system you can't even begin to diagnose a difficult problem. They would literally have to get the same machine, install the same software, same drivers, same files before they could even begin to take a guess. Even then there still,probably is something your missing. It could be that your disk has a corrupt file or a faulty sector, maybe it's a permission thing

If it's a permission thing they usually ask you to run a fix on that yourself even before the want to remote connect, because that is something people can attempt to fix themselves.

-------

There's heaps of arguments for, and the only arguments against seem to be based on some kind of false idea of what is required, or what they may do to a system.

Have the doctor look at the rash rash that is troubling you or don't, the choice is yours. From where I'm standing there's a lot more positives than negatives.

There's not really any point to debate it any further.

The choice is yours, but you can't automatically assume they offer a bad service if they want to get eyes on your unique problem so they can help you. It's a common way to solve these problems and will become increasingly more common as we go into the future.

[pc2000]

My products were activated using central, but I had to use the older V9.3- 1.2GB installer to get my products installed, so it's not an issue of not being able to use them. It's more an issue of not being able to try demo's or update my products since central is the only means offered to get the latest products and updates. Seems to me that Waves could offer a diagnostic tool for download which is what Native Instruments does, which helped with an issue I had with a Maschine 2 update. I suspect the central issue will be resolved by June when extended support for VS-2005 officially ends in May and it's no longer feasible for Waves to use a decade old product for development, if that's what they've been doing- that is!

Well there was this I stated earlier.
http://www.waves.com/downloads/soundgri ... e-required

Its a link to a Windows 7 Update (KB3033929) that installs needed ASIO frameworks, not to sure whether this will fix any issue.

I'm sure Waves is only using VS 2005 for backwards compatibility. It would be far to hard for them, to leverage or the later frameworks that other systems support if they were to do it themselves via VS 2015. Better memory management, multi-core support, graphic card support as examples.

Thanks for pointing that out- however... that's related to using the Soundgrid ASIO drivers and has nothing to do with the issue with central. FYI: I do have that update on my system which was installed on 6/8/2015.

[ghettosynth]

It's no different than if you took your computer in for a tech to physically look at it. At least they don't go reformatting your system because they are to lazy to fix a problem.

It's no different than the trust you instill with a mechanic.

As I've said, it's VERY different. I vet mechanics before they work on my car, with tech support you get whoever answers the phone.

Companies like Waves have a reputation to protect, they're not about to stick some monkey on to the problem.

They stick tech support people on the problem, and like any company, they're not going to pay more than necessary. This isn't a high level job, so I'm not blindly accepting that this person is capable of solving the problem in the best way possible.

When the problem gets to the point they need to remote connect with you it's because it is a UNIQUE issue, not a common issue. It's not always clear what the unique issue is.

How do you know? From what I've heard so far, it's a problem with their own software.

Like a mechanic they need to be able to see the computer run, see what background processes there are, see if there are any other programs, apps, daemons, background processes that may be causing conflicts.

All of which is easy to do, look, I'm not saying that everyone is up to this, but I would balk at the inflexibility of their approach.

Checking these kind of issues offer require expert knowledge and specialised tools.

Really? What specialized tools? Are they now going to install tools on my system? I don't think so. Sounds like you're talking run of the mill tools here.

If you can simply rattle off instructions they would.

Again, how do you know? I think that you're guessing.

Afraid they will mess up your system, then back it up, you should be doing that anyway. Hide any sensitive files, lock them in a password encrypted folder or ZIP.

Seriously, back it up? That is not an answer. I'm not going through a special case backup and restore process because Waves rushes software out of the door.

The techs have a job to do, they don't really have time to root around in someone else's system anyway in the hope they will find that magic piece of information like credit card details.

That's not a serious consideration here. What is a consideration is that you're allowing a third party to attach to your system remotely. Windows has had security flaws with RDP before. It's a potential attack vector and every time you do something like this, it's an increased risk.

For every user with problems they probably have 10 others lining up to remote connect with them.

If they have even 10 people who need this kind of service then they need to just improve their software. A moment ago it was a "UNIQUE" issue, now they have 10 people lining up with unique issues. If they have that many problems then their support must be tiered and the arguments regarding competence are absolutely valid. If it's not and their most technically competent people are on the case because it's a "UNIQUE" and special problem, then they're just being inconsiderate for being inflexible.

They want to get in, get out and solve the problem as quickly as possible with minimum of fuss.

Yes, we all get that, they want to be efficient and are inflexible because it costs them money. But it also makes customers uncomfortable.

They are not mind readers, they are not mystics. Out of a possible million things that could be happening on your system, they can't magically guess what the solution maybe.

Hyperbole. If they can't instantly rule it down to just a few ideas, then they're just not very good. Sorry, I've never worked that kind of support, but I've solved computer problems in a professional capacity for decades, I'm not buying your understanding of the situation at all.

This is not a unique way that Waves chooses to solve a problem. Many other software/hardware companies do it too, because it is the ONLY WAY to solve these type of issues, short of physically taking your computer in.

Nonsense.

There's heaps of arguments for, and the only arguments against seem to be based on some kind of false idea of what is required, or what they may do to a system.

No, that's not true, the idea isn't false at all, but nice try. It's not only about what they "may do" it's always risky to allow access to your computer from the outside. It's also about their competence. I have enough experience with tech support to just roll my eyes at that.

There's not really any point to debate it any further.

Agreed, it's good customer service to offer it, it's bad customer service to insist upon it.

[simon.a.billington]

Well I could go ahead and do a counter counter argument, but what's the point. It'll just fall in death ears.

...and I could debate it further too, it's a family trait!!

People have made up their minds, right or wrong, locked on to certain ideas like a crocodile with its prey trapped in its unforgiving jaws.

Honestly, I have much better things to do with my time than to foolishly try to help those who don't want to be helped.

Accept Waves help or don't, but they are not going to change just for you when so many others benefit from their remote service and are the happier for it.

What you guys do next is up to you. I really don't know why I bothered caring actually.

[robotmonkey]

That's not a serious consideration here. What is a consideration is that you're allowing a third party to attach to your system remotely. Windows has had security flaws with RDP before. It's a potential attack vector and every time you do something like this, it's an increased risk.

Just to point out one of the many fallacies in your argument. No one is using RDP for remote support. There's pretty much three options that are used: Team Viewer, and to a lesser extent VNC and LogMeIn. All of them are widely used in the corporate world in all kind of situations. Waves is using Team Viewer that is the industry standard of remote support tools. Team Viewer does not open anything in your computer to any external parties as it establishes its secure connection over common ports that are already open in your system anyway. You download a single client executable, run it yourself and it does not even install anything on your system. All it does is to open up a secure temporary session with randomly generated session id and password that you tell to support tech who can then use those to connect to your system and see your screen and take control of your mouse/keyboard. And the tech still does not have admin rights on your system. If you close the the client then the connection is stopped and no trace is left on your system.

[ghettosynth]

That's not a serious consideration here. What is a consideration is that you're allowing a third party to attach to your system remotely. Windows has had security flaws with RDP before. It's a potential attack vector and every time you do something like this, it's an increased risk.

Just to point out one of the many fallacies in your argument. No one is using RDP for remote support. There's pretty much three options that are used: Team Viewer, and to a lesser extent VNC and LogMeIn.

I was under the impression that TeamViewer used RDP, that's not correct, but that, by itself isn't an argument for implicit security. The same arguments in terms of potential vulnerabilities go for VNC, although it causes me less concern if I trust the other end. I'm not arguing that these protocols themselves are necessarily insecure, but your argument that they are implicitly secure is incorrect.

All of them are widely used in the corporate world in all kind of situations.

To be clear, I know this. I have used VNC myself in my work. That's not the same thing has allowing an untrusted entity to connect to a personal computer. That they're widely used is a statistical fallacy. You are applying an aggregate result to the individual case.

You download a single client executable, run it yourself and it does not even install anything on your system. All it does is to open up a secure temporary session with randomly generated session id and password that you tell to support tech who can then use those to connect to your system and see your screen and take control of your mouse/keyboard. And the tech still does not have admin rights on your system. If you close the the client then the connection is stopped and no trace is left on your system.

I understand this. It does not invalidate my argument in any way. It is a risk, it may not be a large risk, but it is a risk. In my opinion, it is an unnecessary risk.

The problem here is just bad software. It is crazy to me that for a plugin, remote connection is even necessary. I don't believe for a second that this represents UNIQUE challenging problems, I think that it's just easy for Waves. Which tells me that they will use it rapidly and not carefully.

Almost every time I've ever been forced to deal with Tech support I've dealt with incompetence. This isn't really surprising. Anyone who's really good is going to move to the upper echelons or out of tech support and as a customer, you always get dealt from the bottom of the deck. This has been true across the board from companies with bad reputations to companies with good reputations.

There is no reason to believe that somehow Waves chooses to hire better people, than say Apple, for their tech support.

It is a decision born of efficiency, no more, no less. I'm not going to make any changes to my machine until I know what those changes are. If I call tech support I expect them to be good enough to have a conversation about the problem. I can do this for things that I understand, so I expect others to be able to this as well.

[jens]

the question comes from if i have to enter my admin password to do something they want to do! Wasn't that obvious?

He (/she) can't even read it if you are typing it - and as has been mentioned, you could change it afterwards - but even if not: there is nothing he could do with it unless he has access to your machine -which he only has during the remote support while you are watching him. Remote support is not very different from him actually sitting at your machine with you together except:

- he has no idea where you physically are located

- he can't see the password you are typing

So the local Support guy could maybe see your password while you are typing it and could then perhaps access your machine while you are away from it. With the remote Support however there is not an ounce of a chance that this could possibly happen.

And why would he ever even want to? To risk his Job over nothing?

[robotmonkey]

TeamViewer is an application, not a protocol, it uses the RDP protocol. The same arguments in terms of potential vulnerabilities go for VNC, although it causes me less concern if I trust the other end. I'm not arguing that these protocols themselves are necessarily insecure, but your argument that they are implicitly secure is incorrect.

TeamViewer does not use RDP protocol but its own proprietary protocol. As far as security is concerned people should look at here, it's all publicly available material. http://www.teamviewer.com/en-us/security/

I'm sure if banks consider it secure enough then it's secure enough for people using DAW's.

[ghettosynth]

TeamViewer is an application, not a protocol, it uses the RDP protocol. The same arguments in terms of potential vulnerabilities go for VNC, although it causes me less concern if I trust the other end. I'm not arguing that these protocols themselves are necessarily insecure, but your argument that they are implicitly secure is incorrect.

TeamViewer does not use RDP protocol but its own proprietary protocol. As far as security is concerned people should look at here, it's all publicly available material. http://www.teamviewer.com/en-us/security/

I'm sure if banks consider it secure enough then it's secure enough for people using DAW's.

Yes, I just edited my post, I was under the impression that it did use RDP, it doesn't.

It doesn't change my perspective, in particular, because the protocol is proprietary. Again, you are making this aggregate argument, I don't care who trusts it. It is an unnecessary risk. Some people don't even want their DAWs on the net, let alone allow any form of remote connection.

This took seconds to find and it's from late last year.

http://betanews.com/2015/09/04/attacker ... erability/

You are trying to make the argument that it is necessarily secure, you cannot make that argument, it's fallacious on its face. It's secure enough for people who need to trust something to make their business work. I don't need to trust anything to keep my DAW going and there's no reason to take that risk. Do you know what's more secure than any remote connection protocol? No remote connection protocol.

As I said in the other thread, C/R plugins don't tend to make it across reinstalls. This goes for any plugin that has any installation issues. They just fall off of my radar.

Trying to argue that any network connection is necessarily secure is flawed, period. You should know that. Moreover, the real threat here is humans in the loop, not the protocol itself. I think that it's naive/arrogant to think that DAW customers are going to always be comfortable with this.

[ghettosynth]

Well I could go ahead and do a counter counter argument, but what's the point. It'll just fall in death ears.

...and I could debate it further too, it's a family trait!!

People have made up their minds, right or wrong, locked on to certain ideas like a crocodile with its prey trapped in its unforgiving jaws.

No, you simply haven't make any compelling argument. I'm not sure that you can, and I don't think that you really can know the things that you claim to know. Are you telling me that you have actual knowledge of the variety of tech support calls that Waves gets?

Do you actually know how diligent Waves internal network policies are? Please don't tell me that they have a reputation to protect, I've seen plenty of companies that have reputations to protect that are sloppy in some of their internal practices.

As a reminder for those of you accusing plugin users of having computers chock full of warez and gay porn. The BSA collected $22M in fines FROM COMPANIES for software piracy between 2005 and 2007.

http://arstechnica.com/tech-policy/2007 ... -snitches/

While we're there, it's not very hard to find stories like this.

http://www.gq.com/story/man-fired-for-w ... rn-at-work

Unless you work for Waves, you do not KNOW the degree to how much you can trust their network. If you do work for Waves you would most likely be prohibited from telling the public anything negative even if you did know.

Now, I don't trust the BSA either, but, please don't tell me that companies can necessarily be trusted to be responsible about security, I have seen sloppy practices firsthand myself.

[pc2000]

Here are some relevant points to consider... There are a lot of small developers that receive various complaints or bug reports about their software that rely mostly on user feedback. Think of How many times we've seen companies fix reported issues without remote connections! Now... think of how ludicrous you would think it was- if they wanted to remotely connect to your system for what is a bug or careless programming. Wouldn't happen would it?

Why is Waves seen any differently when they received a number of complaints like mines, yet they haven't done anything to address the complaints nor mentioned any possibilities of what may be wrong other than the typical install/uninstall/ delete routines? They also haven't bothered to offer an updated full installer for those that are having issues with central being able to download products. What excuse can anyone make on waves behave for not at least doing that? They're not doing all that they could do.

With small developers, you're dealing with the programmer directly,which means they get feedback and bug reports directly from users. They have a more personal relation with the customer, which means a quick turnaround on fixes. Most techs aren't programmers. I often get the feeling they aren't reporting critical details to the bakers, because they're not looking from a standpoint of their software possibly being buggy.

I can see some value in remote connection for Commercial music and film studios that need to get up and running ASAP... because time cost money. Also,they likely have established personal relationships as VIP's with Waves top level techs or upper level employees.

Some individuals are talking about pirated software and smut as being a possible basis for people not wanting remote tech service. What if you're a big name Music producer working on unreleased projects and you're obviously cautious about leaks or being compromised. Lets not forget what happened to Sony or even the IRS but you can take comfort in knowing Waves has far better security than those wimps.