AppDefend Wishlist / New Features / Suggestions

Discussion in 'Ghost Security Suite (GSS)' started by gottadoit, Nov 19, 2005.

  1. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    There are bound to be requests so they might as well have a home, so I might as well start the ball rolling in this thread
    Firstly I have to say that I like the program, very useable even in this early stage of development

    Feature request

    #1 A method to blacklist certain executables & deal with them if they are already executing

    That way individual users or enterprising anti-malware techs can create a list to distribute that will stop processes from running and also deal with running processes by stopping them in their tracks. It could potentially make dealing with some infections a little easier
     
  2. Disciple

    Disciple Registered Member

    Joined:
    Nov 14, 2002
    Posts:
    292
    Location:
    Ellijay, Georgia - USA
    I would like to see the AppDefend Alert dialog take on the same Color Theme as the GSS GUI. The current Alert color scheme makes it a bit difficult to see where the Allow/Block button edges are. Also my tired old senior eyes are having a bit of trouble reading some of the text.
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    Hi Disciple

    Colors may need some tweaking, but the objective was to make the Appdefend, and Regdefend very different in color so you would notice the difference.

    Pete
     
  4. Disciple

    Disciple Registered Member

    Joined:
    Nov 14, 2002
    Posts:
    292
    Location:
    Ellijay, Georgia - USA
    Hi Pete

    To me the Alerts are different enough to recognize which one you are seeing. But color tweaking would be good.

    Thanks.
     
  5. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Using standard Windows UI elements would be better IMHO (even if only as an option). As well as allowing customisation via standard methods (i.e. Control Panel/Display) it would also provide compatibility with theming software like WindowBlinds or XP's own themes.
     
  6. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,086
    I agree. Both AppDefend and RegDefend are very powerful but I am not keen on the UI for the products.

    I understand this customised look helps to give the products an distinct identity, but feel they are not conducive to usability.
     
  7. alley

    alley Registered Member

    Joined:
    Sep 8, 2005
    Posts:
    18
    Here's some things I'd like to have in AppDefend/

    1. Exclude certain directories from "execution protection" (i.e. Visual Studio Projects folder)
    2. I'd like to be able to save the configuration files in a different folder
    3. Exclude certain RegDefend rules from appearing on Alerts Tab (like AppDefend)
    4. If logging is to be enhanced, I would surely love being able to start every session with a clean log (like it is now)
    5. If you bring back balloon alerts, I want to be able to turn them off, for both AppDefend and RegDefend

    I've been using this for 2 days now, and I'm very pleased with it. No problems up till now. Excellent... :)
     
  8. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Some things after a quick thinking :

    1 - add a new protection, disabled by default, to warn about programs enumerating the running proccesses (like the task manager). It may be malicious, like it may be legitimate. Anyway I _really_ like to know what happens on my system, and this is a kind of protection/warning I really love :)

    2 - add a rootkit detection, not about rootkit installation protection as it is already implemented, but to detect already installed rootkits (viewable in kernel mode but hidden in user mode).

    3 - add to the icon taskbar a right click menu, with every GSS component showing, each one with a sub menu.

    4 - add the possibility to hide/show the right panel in the main GUI

    5 - add a right click menu on the application items on the main GUI (remove app, etc...)

    6 - add a column in the main GUI, with an additional icon for the applications allowed to access the network. Ok it is already written on the right pannel if the app is allowed or not to access the network, but we have to check them one by one to see which one is allowed to do it. Viewing at first glance such a vital information would be very nice (like I do in ProcX when a process is accessing the network). Same could be applied for the other information, adding a column for them, and being able to hide/show the right pannel.

    7 - may be that the "start application" block/allow could be extended to either block or allow particular applications ? (instead of blocking or allowing all).

    8 - In the maintenance area, I didn't find a button to "erase all not existing apps". It shows apps which does not exists anymore on the HDD, but it seems that actually we have to remove them manually.

    9 - extend the network control ? I do not want AD becoming a firewall, but may at least allowing or blocking protocols ? (eg : allow UDP but block ICMP and TCP for this process)

    10 - in the area "add new application" offers to add already running processes


    I may come later with other suggestion, but it is done for now ;)
     
  9. Reve_Etrange

    Reve_Etrange Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    108
    Offer a rebate to licensed PG and Regdefend users.

    -RE
     
    Last edited: Nov 21, 2005
  10. Disciple

    Disciple Registered Member

    Joined:
    Nov 14, 2002
    Posts:
    292
    Location:
    Ellijay, Georgia - USA
  11. Reve_Etrange

    Reve_Etrange Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    108
    No, hadn't seen that page, TY for the link.
    Offering a rebate to users who already paid for a competiting product is common practice. So is offering a rebate to your loyal users.

    -RE
     
  12. berng

    berng Registered Member

    Joined:
    Sep 11, 2005
    Posts:
    246
    Location:
    NJ, USA
    How do you verify ownership for the rebate? For a product like PG, would you send him your license? Considering the low cost of his products, I wonder if its cost effective for him to set up rebates for competing products.
     
  13. Reve_Etrange

    Reve_Etrange Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    108
    If I already bought a similar product that covers 90% of the competitor's features, it does not make sense to buy the new product -- unless the conditions are so attractive that I go into what-the-heck mode. Whatever the price, we know that:
    1) a new customer is worth more than the price of the product (look, I bought regdefend and now I would be willing to move to appdefend, who knows what else I'm gonna buy from ghostsecurity), and
    2) when you pay again for something that was supposed to be already covered, you admit you made a not-so-wise buy, either with the old product or the new one. A rebate is basically a sweetener.
    And no, I'm not a tightwad, I don't even precisely remember what these things cost (but I know that my PC software budget is not unlimited).
    Just my 2 cents,

    -RE
     
    Last edited: Nov 22, 2005
  14. Reve_Etrange

    Reve_Etrange Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    108
    As mentionned in another thread, an annoyance common to both PG and AD is that software/"platform" comprised of many exe require a lot of clicking to make it learn that everything is legit. Cygwin or gimp are 2 examples. What could help:
    1) explorer integration, to select a group of exe and add a rule in AD to allow execution/update the SHA signature db.
    2) learning mode, everything is allowed and added to db during a limited period of time. Going several times to learning mode should not erase the previous db. The learning mode could be restricted to a given exe's children: eg. allow all children of this process (until I quit learning mode).

    -RE
     
  15. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    I would not want a learning mode ... at least I hope to have the opportunity to switch it off when I install AD. (I do not like it in pg either btw)

    what I would like is to have the possibility to scroll down the programs,
    the possibility to right click on the systray and go from there.
    right click on the main screen and to have the options.
    better control of child and parent processes.

    but it all has been said before I guess...

    Thanx anyway
     
  16. Reve_Etrange

    Reve_Etrange Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    108
    Propose sth else if you don't want it (and you don't say why you don't want it).

    -RE
     
  17. [suave]

    [suave] Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    218
    I agree. This is one thing I dislike about PG as well.
     
  18. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    well, I proposed at least 4 different suggestions. (mostly allready covered though)

    why I don't want learning mode...it's too easy and I want to give permissions myself to the programs.

    when I install PG I immediately reboot. when my pc boots back up, I switch Learning mode off and install my programs. the popups will tell me if some program needs permission. the rest won't...like services and drivers issue, rundll32.exe ... ... you know the drill I hope ;)

    Take care

    Inf.
     
  19. Reve_Etrange

    Reve_Etrange Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    108
    You perhaps missed my point. cygwin is a *nix layer on top of windows, comprised of hundreds of .exe, like, sh, sed, cat, and so on. If you don't have a way to automate rule creation, you'll get that many alerts, and that's a pain I can tell you. Go and see for yourself, www.cygwin.com.
    The Gimp is a free photoshop-like tool, and many tools and filters are small .exe. When you install or upgrade it, again you got a lot of alerts, which you will all accept anyway.
    Whatever it's called, and however it's done, I would like something to avoid these situations.
    Cheers,

    -RE
     
  20. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    Thanx Strange Dream ;) for clearing that up and you were right: I missed your point. In your case a limited Learning mode only for the parent process (cygwin.exe - which I don't know btw) could be usefull I guess. cause a global learning mode I find this a bit dangerous as well...

    I would disable it immediately and only use it when I encounter such a program...that's why I proposed to disable it or give an option at the end of installing AD (enable learning mode at reboot, enable automatic updates, enable/disable protection sections (mainly for RD - if you have allready covered let's say drivers/rootkit protection with pg for example ... now I'm repeating myself hehe :D

    cheers
     
  21. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,086
    Can you make AD do asynchronous processing of requests when launching apps, so that it's possible to launch other apps if an AD confirmation dialog is currently displayed.
     
  22. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Wouldn't a better method be to have an option to update checksums for existing entries? You could then use this after any upgrade to allow AD to pick up on altered programs (perhaps with it presenting a list of changed programs first for you to check).
     
  23. Reve_Etrange

    Reve_Etrange Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    108
    Sure, you could turn a switch to let AD update his sig db without asking questions, till you switch it off. You still have the pb at the 1st install, though. A list would be fine, but that means AD would have to scan your disk seeking new/modified files. I'd rather select those files on my own with explorer and add all the sigs into the db at one fell swoop.

    -RE
     
  24. Tatersalad

    Tatersalad Registered Member

    Joined:
    Mar 24, 2004
    Posts:
    76
    I would like a quick way to disable both programs for installations. Right click menus on everything even if they’re redundant it’s nice to have several ways to do the same thing. A link to the windows properties of a file or app. A link to a process library or at least an easy way to google it from the right click menu. The tray icon should change appearance to show the state of your protection. The ability to disable logging for individual apps. I have Wintask 5 and it polls the registry often filling up the alerts tab quickly. Clear the alerts tab without restarting. The alert window should steal back focus every few seconds when it blocks something. That’s all I can think of now sorry if I’ve repeated something.

    Thank’s :)
     
  25. tonyjl

    tonyjl Registered Member

    Joined:
    May 25, 2004
    Posts:
    287
    I would like some sort of comments box with the appz,so if you configure something to be allowed once,when you get the popup,you'll see your comments and know not to change it to allow always (something i do often). One gripe i have with PG,is the alerts you get for allow once appz are no differant to normal NEW alerts and it's difficult to keep track of those types of appz,my list of allow once appz is about 15-20 long,and i can never remember them all off the top of head.
    Also can you make the tray icon change colour when either app is disabled so we can see at a glance.
    And can you make the list stay in alphabetical order if we choose.

    Thanks
     
    Last edited: Nov 28, 2005