Question and Suggestions

Question:

What does one need to help translate SpywareBlaster?

Suggestion 1:

My web browser of choice is Chromium, because it simply allows me to work the way I want, which is to use different profiles for different tasks. For example, for most of my random browsing, I simply use a profile where I got no javascript, java and plugins enabled.
Chromium already is a safer browser due to its own internal sandbox, but having these features disabled, hardens it even further.

Unfortunately, with Internet Explorer I don't have the same experience. Sure, one can disable this and that, by tweaking the security zones, but it is not the same, and it will/it does cripple user experience. It simply is not the same as creating different profiles for the different situations.
So, I would like to suggest for SpywareBlaster to be able to do let the users create sort of different profiles for Internet Explorer.
It could be achieved by letting users choose what they would like to allow/deny IE to let websites make use of.

Options could be like:

- allowing/blocking plugins
- allowing/blocking referrer
- allowing/blocking javascript
- allowing/blocking java
- allowing/blocking flash (I know this is a plugin, but it could be considered a special plugin, and be a separated option, so that users could allow it for certain portions of a website, rather than the whole site. Where flash-based content would be, there would be an indication saying that flash content is being blocked by SpywareBlaster, and users could simply choose to right-click it and choose to allow it for that portion.)
- allowing/blocking cookies (first-party, third-party)

It would allow users to have different profiles for different tasks. And, it would be a lot easier than tweaking IE, which would always cripple some website from working properly, even if adding it to the Trusted zone.

Suggestion 2:

SpywareBlaster, as the name suggests, well... it's an antispyware, which we could/can include keyloggers as a sub-category. So, why not adding a virtual keyboard to SpywareBlaster to prevent key strokes from being logged by spyware? (This is more of a rethorical question. )


SpywareBlaster already is a great asset for those using IE (I have family members who do! Pretty much all of them!), but the protection it offers could vary a lot more, and allowing to have different IE profiles and implementing a virtual keyboard to fight keyloggers, would make it a even greater assent, and to be honest, it seems the natural evolution.
Of course, I could suggest other implementations, but I'm suggesting what I think, from experience, would be easy to deal with by most users.


SpywareBlaster could even suggest the user to automatically create different profiles (Unless the user opts not to, like more experienced users) based on the best security settings for the different browsing.

One profile could be named "Banking Profile" or similar, and with this one, the virtual keyboard be automatically on. This profile would allow everything.

One other profile where cookies, plugins and flash would be blocked, for accessing websites requiring no user login. In this profile users could opt to create a white list of websites, that, despite users not wanting to login, still, perhaps abusingly, demanding to store cookies. I know at least one site that does it. I guess they just guess that every visitor will be creating an user account. Flash content would be allowed partially allowed.

One other profile where javascript, java, plugins, flash, referrers, cookies would be blocked. This could be named "Safer Profile" or similar.

 

No answers Not everyone is an English speaker or properly understands English, therefore you'd increase your user base by providing SpywareBlaster in other languages.

 

Interesting not to see any interest in having SpywareBlaster provided in more languages?

 

Sorry, I just saw this thread. +1 for spanish translation!
By the way, it's odd indeed that not even Javacool's mod has dropped by this one.

 

Hi,

Many thanks for the suggestions - we'll take a look for a future release.

(As mentioned in another thread, Google Chrome / Chromium support is on our to-do list.)

Also, we'd very much like to have translations, but the framework to support them is not yet in place in the application. Although we don't have anything to announce on this front, this is something we're very aware of the interest in.

Best regards,

-Javacool

 

Thanks for the feedback.

Only now I noticed, but I meant SpywareGuard! LOL What I suggested would totally kill what SpywareBlaster is.

So, to clarify it, I wish that SpywareGuard could be redesigned and allow the user to have these sort of tweaks at their disposal.

I didn't mention it, but obviously for such tweakings to be achieved, SpywareGuard would need to place the loaded settings for each IE profile to a virtualized space (AFAIK, all IE settings are applied in registry?). This would be the best approach to have different profiles (with different settings) for IE, running at the same time, I believe?

These sort of protections obviously make sense in SpywareGuard, because it would run in real-time as well, and not SpywareBlaster.

 

I have some concerns about "flash cookies" and would like to know if Spywareblaster will have a feature to deal with them.

 

What you ask for in Suggestion 1 would be covered a lot more safely if you use SeaMonkey (or even Firefox) with the NoScript extension. And you could dump those dangerous multiple profiles with global allows as well. It is WAY too easy to be doing some banking function, then remember you needed to do something on some other site, get distracted by a phone call, then go visit some other site and end up doing it using "the wrong profile"... why even open up that wormcan? Just permit the scripts or whatever for the specific sites that need them but not on a global, nor even "zoned", basis. Even the various combinations of "whatever" could be different for each site without regard to any confusing "zones" or fiddling about turning things on or off. One profile per user would be all anyone really needs, with a lot less confusion for everyone.

As for the right click on a specific blocked Flash object to see it while keeping them otherwise disabled, NoScript users have enjoyed that gem for several years now.

But yes, these do allow you to have the multiple profiles too if you still really want them. And newer versions of SeaMonkey (and Firefox too) do have an optional sandbox like setting where temporarily used plugins, scripts, cookies, history, etc would be "lost" at the end of the session.

The reason I suggest SeaMonkey over Firefox is that it has a built in Cookie Manager. For those who prefer Firefox, there are several cookie management extensions available to choose from, although I find the one builtin to SeaMonkey more useful than any of them. It lets users choose to allow or block cookies first or third party, or by site policy, or session vs persistent cookies, all on a site by site basis or asking for unknown sites, depending on user settings.

Get them here:
http://www.seamonkey-project.org/
or
http://www.mozilla.com/en-US/firefox/all.html
and
http://noscript.net/

Yeah, I know it's not for IE. Oh well. But since you already use an alternate browser anyway so as to not be "crippled" by IE as you put it, why not get more of what you came for?

As for Suggestion 2, you seem to have the notion that adding a virtual keyboard would be somehow more secure. Not so! It has long since been done, and indeed proven to be a major additional attack target. It is NOT a coincidence that the increasing problem of malware installed keyloggers has grown over precisely the same time period that Microsoft has been distributing this capability in newer OSs and various versions of MS Office. Simply look at all the problems with infected versions of "ctfmon.exe" for just one example, there are probably many more I can't think of right now.