Crystal Security - Discussion

Maybe this will help ?

http://codesigning.ksoftware.net ( "1 Year - $95.00/yr" )

"K Software is a Comodo Strategic Partner" (http://www.comodo.com/partners/strategic-partners.php)

PS : I didn't test it ..

 

Nice catch, Abdallah!

 

Hi,

It looks good. Thank you!

Regards,
Kardo

 

Hi,

Some new preview screenshots of notification (next BETA cycle):

1. Safe (clean)



2. Unsafe (malware)



Please tell me your thoughts.

Regards,
Kardo

 

Great

 

Yeah....looks great!

 

View attachment 242913

I am from the IT stone age, when we programmed in 16kb assembler overlays, created data bases based on pointering and data organization within 4KB pages, defined own communication skeletons, coded your own frameworks so Cobol/PL1 programmers only needed to use DB (Data Base) and TP (Transaction Processing) modules with easy API's, the GUI/UX design principles remain valid.

So here are my comments

1. When you ask a user confirmation with a visual (e.g. a button), the user tends to ignore everything what comes after (so put your text based interaction before it)

2. Choose the user's point of view, not the programming logic. A skip would be an implicit allow, without remembering (?), don't understand this choice. Coloring code of the recommended action (green button) and text (for color blind people).

See picture


Question: Kardo are you practicing user interfaces or are developing functionality. I notice with every functionality increase, you release a new GUI. While I would first develop the new functionality, prototype a user interface, ask feedback from beta testers and then finish the GUI based on actual user experience

TIP: when the auto-decide rules work properly the time spend on the GUI building rules becomes a non-issue. Why don't you put your time and effort to add a re-check of the grey zone or unknown, see explanation:

Auto decide ALLOW = no user interface pop-up
Auto decide BLOCK = no user interface pop-up

Grey zone & unknown = POP-UP, think of a reschedule check, e,g, options would be

ALLOW - BLOCK and instead of creating (remembering a rule), add the option to RE-CHECK later (set the time limit in auto decide rules, when grey or unknown check at VT after xx hours)


Regards Kees

 

Hi Kees and Kardo,

1- I think Kardo's current design is correct just because of what you explained; users (mostly non-tech savvy ones) ignore what follows visual confirmations. This kind of users are better off with the default (recommended) settings. Any user going past that will be either reading pop-ups carefully or will have enough know-how to check whether there is a remember setting if they need.

2-I agree on this point with you. Allow without remembering and skip this file options looks like they do the same thing. (Unless skip this file also blocks the execution, if that is the case there probably should be an explanation text).

I like the recheck at later date, and have offered something similar before. I would also suggest automatically rechecking the blacklist and white-list longer but regular intervals (like every three days as default).

 

Hi Kees and Kardo,

'Auto decide BLOCK = no user interface pop-up'

This is OK until it starts to block legit programmes and files and could cause havoc with any false positives.

As you said the auto decide rules MUST work properly if this method is used. I personally would prefer some user interaction at this stage.

 

Hi, Everyone!

@ichito @siketa

Thanks!

@Windows_Security

Notification updated based on your suggestion.

Answer: The new design will remain long. Yeah, agree with you about functionality priorities!

Re-check options will be added under Settings section.

@phalanaxus

Correct! Skip this file = no action.

Re-check for unknown files is already available in latest versions but just without visible options for users.

Great suggestion. Thanks!

@ghodgson

Yeah, it is possible to configure it for your needs. e.g. Unsafe action = user intervention (popup)

@everyone: Thanks for all the advice and feedback!

Regards,
Kardo

 

Kardo, when I click on your link at the bottom for your website it does not work, I am using Chrome.

 

Hi,

Thank you for the information.
Everything should be fine now.

Regards,
Kardo

 

Hi Kardo,
I'm coming again with another problem. For the past 10 days or so I've been getting a .NET error again which is baffling me and I hoped you could throw some light on it. I've delayed reporting this error because last time it was my firewall creating the problem, this time I don't know.
Anyway I'm getting a 'Value cannot be null' error. See screenshot. Any ideas ?

Thanks and regards
Gordon

 

Hi Gordon,

Thank you for your report!
I think I found the cause of the error.

Regards,
Kardo

 

Hi Kardo,
Glad to be of help.

Regards
Gordon

 

Hello,

Crystal Security 3.2.0.85 Released

Changelog:

Updated

¤ Internal database
¤ Tray menu

Fixed

¤ File verification (reported by Gordon)

Download: http://www.crystalsecurity.eu/downloads/Crystal Security 3.2.0.85.zip

Regards,
Kardo

 

Thanks Kardo,
Downloaded and already set up. Will let you know how it goes.

 

Hi Kardo,

So what does CS have in its internal database ? Windows files, well known applications, or anything you can think of ?

 

Hi,

@ghodgson

Thanks Gordon! Please let me know how this version works.

@phalanaxus

Contains information about latest malware (threats) from two different public database - Malc0de and VX Vault.

Manual and automatic updates (optional feature) for internal database will be added into next beta version.
Internal database is useful for offline checkup (e.g. no internet connection).

Regards,
Kardo

 

Hi Kardo,
I've been running CS 3.2.0.85 for 5 days now, and so far no problems and no further .Net runtime errors.

Regards
Gordon

 

Hi Gordon,

Thank you for the feedback!

Regards,
Kardo

 

And in Spanish?

 

Files are not blocked while Crystal Security shows the alert. I mean they're still running.

Imagine that you have a backdoor, Crystal Security detects it, the alert is shown, but the file is running in the memory and your application doesn't stop it (it detects it, but the user didn't choose an action, so the malware is still running in the memory). The backdoor can connect to its C&C server and the attacker can control the computer while the notification is displayed. It can even kill Crystal Security...

You shouldn't allow to open a file until the user selected an option.

BTW, you should make a submission form for the internal database.

 

Hello,

Thank you for your interest.

Spanish language is available, however, it has not updated a long time ago.

Regards,
Kardo

 

Hi,

Thank you for your feedback.

I see your point.. and I agree with you in that the files are allowed to run.. but please note that Crystal Security is a second-opinion anti-malware tool (not anti-executable) and it is recommended to use it with some other AV suite.

Yeah, if user decides to allow malicious file then it does not end well.. but if auto-decision is enabled then malicious files will be suspended immediately. I have to admit that it is somewhat useless against already started ransomware but when a file is checked before launching it will be blocked before it can start.

Regards,
Kardo