WSA suggestions thread

[darts]

A Gadget like almost every anti-virus on the Desktop so you can easily excess some futures.

Greats,

darts

[Dermot7]

Quote:

Originally Posted by PrevxHelp

We're in the process of supplying this - it currently isn't available anywhere. This will be part of a much larger project which expands upon the older Prevx 3.0 filenames pages to a much larger threat research center available publicly.

Just saw this...might be a new web page? Certainly something to look forward to. I won't ask "just when.." All will happen d.v. when the time comes.

http://www.webroot.com/En_US/sites/threat-center.html

Quote:

The Webroot Threat Research Center is currently under construction.
Stay tuned for its reopening.

[STV0726]

As a part of the threat center, I would HIGHLY recommend implementing a simple, separate page showing current number of people protected and roughly how many samples and sample variations are in the cloud with a little pie chart or something. Most cloud products, or even products that use cloud protection as a supplemental layer, have something like this, unless there was a specific reason you guys don't want to do this.

[Saint Satin Stain]

Webroot manages passwords for Internet Explorer and Firefox. I want it to manage passwords for SeaMonkey, Google Chrome, Opera, and I know a long shot, for K-Meleon too.
I administer my own, plus two others under a Webroot SecureAnywhere Complete license.

I want finer control from the online web site of Webroot over the agents on the other computers, such as the ability to upload samples of false positives, or the ability to designate files as false positives and they are excluded from detection as malware for all the computers covered by a license.

I want the Magic Briefcase installed on each computer by default at installation on each computer.

I want the online controls to be completed during my lifetime.
(snarly, snotty remark, I know. I realized you rushed development, a year not really enough time, but you got the basics right. So please hurry and fill in the missing, the finer controls on the web site.)

[fblais]

Don't know if it was suggested before, but add an option when right-clicking the tray icon to shut off the protection temporarily. (don't mind a CAPTCHA to confirm)

[Dermot7]

Quote:

Originally Posted by fblais

Don't know if it was suggested before, but add an option when right-clicking the tray icon to shut off the protection temporarily. (don't mind a CAPTCHA to confirm)

There is that option to "Shut down Webroot" there at present : http://www.webrootcloudav.com/advice...stem_tray_menu

But perhaps you'd like more options with this feature?

[fblais]

I had noticed that option, but I'm suggesting a temporary shutdown one.
While this option would be effective, the phrasing could change to "Turn back on protection" or whatever.
If one uses the actual option, the systray icon will disappear, no?
And you then have to go through the Programs menu to start WSA again?

[Critter2]

i just checked mine, it does not show that option

[Triple Helix]

Quote:

Originally Posted by Critter2

i just checked mine, it does not show that option

You must have this option checked!

TH

[Critter2]

you are correct
now i have to decide if it is a good idea to check it or not?

[Triple Helix]

Quote:

Originally Posted by Critter2

you are correct
now i have to decide if it is a good idea to check it or not?

Correct as I don't have checked!

TH

[Kees1958]

PREVX PLEASE PLEASE PLEASE

As you all know, I am very critical on CPU usage and disk I/O and highly demanding on offered security levels. Since the closed alpha I have WSA running on my wife's laptop. Quite a feat, since WSA in now in the top three of longest used security programs at our home.

I still have two wishes and I would like an answer on the plausibility of them being adapted (released) in future versions.

1. Monitored programs
In WSA I can set my internet facing programs to be monitored (the HIPS/intelligent behavioral part). My 'monitored' choice gets automatically turned into trusted after a while. I don't want that, I like the extra protection, since the HIPS protects system objects being tampered with from 'monitored' programs. So here is my question.

Question 1
Please add an option to 'GUARD' some programs in System/behavioral Guard.

This is a list of build in programs (so PrevX can guarantee compatibility), like e-mail programs, download managers, P2P programs, media players.
This list of programs, just start their life as MONITORED after a while they are not changed to TRUSTED, but GUARDED.

I have noticed that it does not have any performance drawbacks. It does not have any useability drawbacks. This will greatly enhance protection with very, very little program coding. It is a chance for open goal, please score It just adds an internal controlled list (user can switch off this option, but can't change this list for compatibility reasons), and adding a check before changing programs from monitored to trusted. This is less than a week codings work:

2. Safe Online
Safe Online has a build-in list of programs it monitors (the webbrowsers)
At the moment the Safe On Line part tells me which browsers it monitors.*

Question 2
Please add an option to SAFE GUARD webbrowsers in Safe Online Guard.

So the browser list is an existing mechanism. Why not add another allready available protection: the run sandboxed option.

In my testing with safe admin I can state that the security measurements (listed below) will prevent any nasty malware (MBR, Rootkit, Trojan) from really infecting the system: please 'down' the SAFE GUARD sandbox protection option to (a useable)
a) Normal LUA limitations
b) HKCU autorun keys (the ones of Microsoft's Autoruns)
c) Side by side memory protection (higher level IL can't be infect by lower level IL's, but same levels are allowed to misuse each other).

Now you (security experts) know IE does some tampering with IEframe, Chrome injects its cloned processes in Low rights. Besides these known memory intrusions, limit the rest. No browser should mess around with the HKCU autorun entries.

From a marketing point of view it is a great bonus to buy WSA complete over WSA antivirus because I get a (safeguard) sandbox with it The internal list allready exists, the internal sandbox allready exists, the knowledge of these intrusions is allready available and are allready implemented in the behavioral guard (these intrusions are normal), so again a maximum of one week coding by one software enginer. Why wait


3. The lowest ambition option
When you are not into the two options above, then my final plead with the least amount of work involved. We have two lists: one in the System/Behavioral Guard which shows trusted and monitored, one in the Safe Onlie which shows Monitored also. I would opt for adding a new status being GUARDED. These are the programs from the build-in Safe-On-Lie list, which are trusted but have the same limitations (messing around with system objects, etc) as monitored programs. From a software architecture point of view this is a quality improvement (one integrated state showing trust is better than two). It is really involves adding one new state and adding a column in the system tools display. It enhances the synergy between Safe Online and Secure Antivirus and gives a plus for buying the WSA complete.


Please answer

[Techfox1976]

Quote:

Originally Posted by Kees1958

1. Monitored programs
In WSA I can set my internet facing programs to be monitored (the HIPS/intelligent behavioral part). My 'monitored' choice gets automatically turned into trusted after a while. I don't want that, I like the extra protection, since the HIPS protects system objects being tampered with from 'monitored' programs. So here is my question.

Minor note on this specifically:
Any process that is "Allowed" will still be monitored if something unknown gets into it. So you can have the performance increase of having something that is known-safe be Allowed, yet still have the security of it being monitored anytime it is influenced from the outside (Like by DLL injection for example). I can't address any of the rest of it though.

[Kees1958]

Yes, but untrusted processes have more 'harder' restrictions, so no chance of wrong evaluation.

[PrevxHelp]

Thanks for the suggestions, Kees I agree that these would be valuable to add in, and I'll be sure that they're added into the ever-growing list

Regarding programs changing from Monitored to Trusted - this is by-design but I'll look into having the user selection of Monitor override any future trusting when they make it manually.

Thanks again!

[Kees1958]

Quote:

Originally Posted by PrevxHelp

Thanks for the suggestions, Kees I agree that these would be valuable to add in, and I'll be sure that they're added into the ever-growing list

Regarding programs changing from Monitored to Trusted - this is by-design but I'll look into having the user selection of Monitor override any future trusting when they make it manually.

Thanks again!

That would be great enhancement of the effectiveness of behavior and core system shield

[Kees1958]

Another wish AIM Adaptive Intelligent Monitoring

1. All heuristics start with default values.

2. Depending on behavior change USB and Internet heuristics
a) few program installs ==> increase age heuristics
b) many program install ==> increase popularity heuristics

3. After infection
a) increase advanced heuristics and popularity heuristics
b) decrease age heuristics


With off course an option to set it manually (like my wife who never installs software, who just browses internet, e-mail and social media)

[Triple Helix]

Quote:

Originally Posted by Kees1958

Another wish AIM Adaptive Intelligent Monitoring

1. All heuristics start with default values.

2. Depending on behavior change USB and Internet heuristics
a) few program installs ==> increase age heuristics
b) many program install ==> increase popularity heuristics

3. After infection
a) increase advanced heuristics and popularity heuristics
b) decrease age heuristics


With off course an option to set it manually

IMO default works well for non tech savvy users which is 99% of Webroot users as for myself I have all heuristics set to Max without issues!

TH

[Kees1958]

Quote:

Originally Posted by Triple Helix

IMO default works well for non tech savvy users which is 99% of Webroot users as for myself I have all heuristics set to Max without issues!

TH

Exactly

- why offer options to people who don't know how use it (99%). Why offer this huge amount of options in WSA when the majority of your users won't use it. It will only increase the idea that one needs technical skills to install it or the usage might be complex. Either way all these options and settings might let to confusion. Clean up the interface and only offer them as 'under the hood options' for nerds.

- why offer different levels when higher levels seem to work as well as the defaults, as you and me have found out (1%), why not max them out from the start?

[STV0726]

Totally new but important suggestion following a thread in the "Other AV" section... (Click here to read)

I hope Webroot NEVER implements a FORCED automatic malware remediation system like an alarming number of AVs are doing now. This "trend" (for lack of a better term) seems to be growing, and I HATE IT!

Microsoft Security Essentials 4 (hopefully soon to be released out of beta phase) will remove the currently available "default actions" settings, leaving your files at Microsoft's mercy with no way to configure or disable the automatic remediation.

Norton's SONAR (which apparently has a lot of false positives for some) will also automatically delete stuff it detects without any option to stop this behavior, except adding an exclusion, which is kinda hard when its already gone. And with Norton, the support's great (sarcasm). Enjoy multiple email conversations just to get them to consider making a change. (I didn't make that up; see a user's testimonial in the thread I mentioned above)

Most AVs these days have a way you can set it up so that malware will be dealt with automatically, requiring no user input. This is a great security function, and in my opinion, should be the default, as for a home user product, it will suite most people well. Also, "shooting first and asking questions later" is probably the way to get the most out of any antivirus program, because it eliminates the error-prone human element. (MechBgon's words)

BUT, if you take away the option to turn automatic remediation off, you are, in my opinion, violating the rights of users' control over their own PC, and you make yourself almost like a virus; deleting data without asking.

So in summary: Automatic malware remediation is GOOD. Having it set that way by default is even BETTER. Removing the option to turn automatic remediation off is A VERY BAD THING!

I hope Webroot never takes that direction. If I am not mistaken, Webroot SecureAnywhere has a couple options on this currently. It allows you to by default have it automatically block stuff without prompting; it allows you to have it remember block actions; and it lets you even automatically have it perform the recommended action for the behavior shield suspicious detections. I have it fully automatic, but I have much comfort in the options being available.

UPDATE: Before I finish editing and polishing off this post, Joe already responds and reassures me it will always be there. This is what really makes a security vendor great. People that truly care. Not a picture on a website of a large company that gives you the impression they care. Nope, here at Webroot, it's really top notch customer care. Thanks, Joe!

[PrevxHelp]

Don't worry, the options will always be there

[STV0726]

Quote:

Originally Posted by PrevxHelp

Don't worry, the options will always be there

Wow that was fast! Thanks Joe!

Do you have any comments on why other AVs seem to be going this direction? I know Microsoft's beloved MCCs and MVPs on Answers defended it saying that stupid users need to be protected and offering them settings means they can be stupid and downgrade their protection by randomly clicking stuff off.

I came back and essentially said in summary: make your product good with massive, proactive engine upgrades, not removal of useful settings that'll cause your entire power user base to abandon the product.

They came back and essentially in summary said: We don't care about power users.

My closing argument was: No? So Windows Defender will replace MSE in Windows 8? And it will replace it not just for the Home Premium but for the Professional and Enterprise versions? You don't care about power users? Are you going to remove the control panel too?

On a different note...

How exactly does the automatic settings work in Webroot? If I remember, I have always had it configured to automatic mode, and for the EICAR test file it quarantined it without giving me options which is what I wanted, but for another detection in the past it still gave me the whole removal process thing, but as a standard user I could not change the action it was taking on it, which is good.

[dawmdt]

Small cosmetic suggestion - the Start Menu folder for Webroot SecureAnywhere gets recreated every time it starts up. I like to organise and keep my Start Menu tidy, not have everything just sitting in the root of it...!

[STV0726]

I am not going to argue with the defaults as I already mentioned that and you guys seem to have your mind made, but please consider adding some of this...

1. Adding the options to exclude (or include; either way) license key, quarantine, and detection configuration within exported configuration files. The problem: the way it currently functions causes potential issues when trying to copy settings over to other PCs not on the same license but where you want the same settings. Also, it would be nice to be able to make a "template" of recommended settings and make it available to less tech-savvy family members. (EDIT: I am changing my recommendation slightly. I can see why Detection Configuration is included into the saved configuration, so that is a lower priority from my viewpoint. However, there's another thing that probably should not be transferred when importing/exporting configuration -- scan statistics. This is computer-specific, again, and really doesn't apply to multiple computers.)

2. If I am not mistaken, the current build still does not allow non-administrators to change from the default System Cleaner settings if that access control is in effect. Since you expressed these are not universal (they are independent for each user), the access protection should not stop them from altering these settings. (UPDATE: Version 8.0.1.143 still does not fix this potential issue.)

3. An option somewhere (probably in Basic Configuration) to hide/show all messages. The message displayed that tells users the unnecessary aspect of running full scans seems to only appear once, while the prompt warning of the ineffectiveness of Submit File shows each time.

4. While this may be more based on other factors that which I am not aware; why not combine the effectiveness of the support inbox with the Submit File, so users can just do this conveniently from within the program, and get a quick response?

[BoerenkoolMetWorst]

Change the program update mechanism to not update when the Identity shield is protecting the browser so it doesn't update during online banking or other important stuff.