Breaking news on Devil Mountain SoftwarePosted: February 21, 2010
Image of my system’s Task Manager, during a typical session with Outlook, several IE tabs and Windows Media Center (watching NASCAR via my Hauppauge card.)
Since my last post, the whirlpool that is Devil Mountain Software/XPSNet/Randall Kennedy has become more turbulent still. The other shoes have dropped furiously in true Iraqi fashion; President Bush was never so beleaguered.
Devil Mountain Software is a business Kennedy established that specializes in the analysis of Windows performance data. There is no Craig Barth, and Kennedy has stated that this fabrication was a misguided effort to separate himself (or more accurately, his InfoWorld blogger persona) from his Devil Mountain Software business.
Integrity and honesty are core to InfoWorld’s mission of service to IT professionals, and we view Kennedy’s actions as a serious breach of trust. As a result, he will no longer be a contributor to InfoWorld, and we have removed his blog from this site.
It’s the right thing to do. InfoWorld is polite enough to say that they appreciate his performance insights. I don’t. I can never trust him again. That leaves Bob Lewis as the only guy I can trust from that site.
ZDNet just pushed up an article originally scheduled for Monday publication, “Why We Don’t Trust Devil Mountain Software (And Neither Should You)”, due to Randall’s self-revelation. This article confirms a number of my suspicions.
On the software:
As for the software itself, the installer is not digitally signed. It installs two Windows services: Cfwtracker.exe and Cfwupload.exe. The tracker program adds information at regular intervals to a database (in Microsoft Access format) stored in the user profile of the currently logged-on user. The upload module periodically sends that data to a remote server.
I’d started analyzing the MSI downloadable, in which 7-Zip tells me there are two binaries. I had been about to run Orca, Microsoft’s install tool on the file when this story broke.
XPNet claims to use an SSL connection to send its data from clients. Not true:
We found this claim to be untrue. In our tests, using machines in widely separated geographic locations, the DMS software made simple (non-secure) HTTP connections on port 80, transmitting data to a server at IP address 188.8.131.52. The IP block at 66.115.28.* has DNS A records that point to devilmount.com, xpnet.com, and csaresearch.com. All of those companies are registered to Devil Mountain Software and include the name Randall C. Kennedy in the registration information.
When we attempted to use a browser to make a secure connection to https://xpnet.com, we received two certificate errors. The certificate associated with the site, originally issued by Equifax Secure Global eBusiness, had been issued to a different domain, csaresearch.com. In addition, the certificate had expired on September 7, 2009.
Performance data is uploaded to the exo.performance.network, where your most recent one week of data is stored for viewing and analysis. Performance data will be shared in aggregate only and never identified as linked to your individual account.
We saw how well that was honored.
Dignan’s article goes on to talk about Randall’s claims that his software was used at several large Wall Street firms, including Morgan Stanley and Credit Suisse. Why would they use a small third-party company to provide this service?
I should note that the only way for a user to get performance figures with ClarityNet is through the XPNet web site. There are no local gauges for the user to query. Firms like Morgan Stanley have large IT operations. They won’t rely on an outside website when Microsoft makes their performance data readily available to internal analysts. Morgan Stanley’s IT (or as it happens, IBM Global Services) is truly responsible for their client machines and they know it. They won’t knowingly enter into an agreement with XPNet. (With all of IBM’s resources, they will hire a two bit operation for analysis?)
If they have, Mr. Kennedy has many more problems than just being fired from InfoWorld. This isn’t over for him.
But hopefully, it’s over for me. I don’t want to make another pundit post again today.
UPDATE: It’s not over for Paul Thurrott. No doubt more people will weigh in on Monday, like Ed Bott and others.
The amazing aspect is, on Randall’s exo.blog, he’s been backpedaling in the comments, kissing up to Mr. Bright and claiming his data didn’t really show disk thrashing and so forth. Mr. Kennedy,
Stop digging that hole.
I hope those financial customers of his can afford counsel and seek it out. I would be delighted to see Randall get those cease-and-desist letters for once.