Crystal Security - Discussion

Discussion in 'other anti-malware software' started by kardokristal, Jan 29, 2012.

  1. Abdallah

    Abdallah Registered Member

    Joined:
    Oct 28, 2013
    Posts:
    124
    Location:
    N/A
  2. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    Nice catch, Abdallah!
     
  3. kardokristal

    kardokristal Developer

    Joined:
    Jan 6, 2012
    Posts:
    1,091
    Location:
    Estonia
  4. kardokristal

    kardokristal Developer

    Joined:
    Jan 6, 2012
    Posts:
    1,091
    Location:
    Estonia
    Hi,

    Some new preview screenshots of notification (next BETA cycle):

    1. Safe (clean)

    [​IMG]

    2. Unsafe (malware)

    [​IMG]

    Please tell me your thoughts.

    Regards,
    Kardo
     

    Attached Files:

  5. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,973
    Location:
    Poland - Cracow
  6. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    Yeah....looks great! :thumb:
     
  7. Untitled.png View attachment 242913

    I am from the IT stone age, when we programmed in 16kb assembler overlays, created data bases based on pointering and data organization within 4KB pages, defined own communication skeletons, coded your own frameworks so Cobol/PL1 programmers only needed to use DB (Data Base) and TP (Transaction Processing) modules with easy API's, the GUI/UX design principles remain valid.

    So here are my comments

    1. When you ask a user confirmation with a visual (e.g. a button), the user tends to ignore everything what comes after (so put your text based interaction before it)

    2. Choose the user's point of view, not the programming logic. A skip would be an implicit allow, without remembering (?), don't understand this choice. Coloring code of the recommended action (green button) and text (for color blind people).

    See picture


    Question: Kardo are you practicing user interfaces or are developing functionality. I notice with every functionality increase, you release a new GUI. While I would first develop the new functionality, prototype a user interface, ask feedback from beta testers and then finish the GUI based on actual user experience

    TIP: when the auto-decide rules work properly the time spend on the GUI building rules becomes a non-issue. Why don't you put your time and effort to add a re-check of the grey zone or unknown, see explanation:

    Auto decide ALLOW = no user interface pop-up
    Auto decide BLOCK = no user interface pop-up

    Grey zone & unknown = POP-UP, think of a reschedule check, e,g, options would be

    ALLOW - BLOCK and instead of creating (remembering a rule), add the option to RE-CHECK later (set the time limit in auto decide rules, when grey or unknown check at VT after xx hours)


    Regards Kees
     
    Last edited by a moderator: May 29, 2014
  8. phalanaxus

    phalanaxus Registered Member

    Joined:
    Jan 19, 2011
    Posts:
    509
    Hi Kees and Kardo,

    1- I think Kardo's current design is correct just because of what you explained; users (mostly non-tech savvy ones) ignore what follows visual confirmations. This kind of users are better off with the default (recommended) settings. Any user going past that will be either reading pop-ups carefully or will have enough know-how to check whether there is a remember setting if they need.

    2-I agree on this point with you. Allow without remembering and skip this file options looks like they do the same thing. (Unless skip this file also blocks the execution, if that is the case there probably should be an explanation text).

    I like the recheck at later date, and have offered something similar before. I would also suggest automatically rechecking the blacklist and white-list longer but regular intervals (like every three days as default).
     
  9. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    835
    Location:
    UK
    Hi Kees and Kardo,

    'Auto decide BLOCK = no user interface pop-up'

    This is OK until it starts to block legit programmes and files and could cause havoc with any false positives.

    As you said the auto decide rules MUST work properly if this method is used. I personally would prefer some user interaction at this stage.
     
    Last edited: May 29, 2014
  10. kardokristal

    kardokristal Developer

    Joined:
    Jan 6, 2012
    Posts:
    1,091
    Location:
    Estonia
    Hi, Everyone!

    @ichito @siketa

    Thanks! :)

    @Windows_Security

    Notification updated based on your suggestion.

    Notification-Safe.png

    Answer: The new design will remain long. ;) Yeah, agree with you about functionality priorities!

    Re-check options will be added under Settings section.

    @phalanaxus

    Correct! Skip this file = no action.

    Re-check for unknown files is already available in latest versions but just without visible options for users.

    Great suggestion. Thanks!

    @ghodgson

    Yeah, it is possible to configure it for your needs. e.g. Unsafe action = user intervention (popup)

    @everyone: Thanks for all the advice and feedback! :thumb:

    Regards,
    Kardo
     
  11. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    943
    Location:
    Canada
    Kardo, when I click on your link at the bottom for your website it does not work, I am using Chrome.
     
  12. kardokristal

    kardokristal Developer

    Joined:
    Jan 6, 2012
    Posts:
    1,091
    Location:
    Estonia
    Hi,

    Thank you for the information.
    Everything should be fine now. :)

    Regards,
    Kardo
     
  13. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    835
    Location:
    UK
    Hi Kardo,
    I'm coming again with another problem. For the past 10 days or so I've been getting a .NET error again which is baffling me and I hoped you could throw some light on it. I've delayed reporting this error because last time it was my firewall creating the problem, this time I don't know.
    Anyway I'm getting a 'Value cannot be null' error. See screenshot. Any ideas ?

    Thanks and regards
    Gordon
     

    Attached Files:

  14. kardokristal

    kardokristal Developer

    Joined:
    Jan 6, 2012
    Posts:
    1,091
    Location:
    Estonia
    Hi Gordon,

    Thank you for your report!
    I think I found the cause of the error.

    Regards,
    Kardo
     
    Last edited: Jun 2, 2014
  15. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    835
    Location:
    UK
    Hi Kardo,
    Glad to be of help.

    Regards
    Gordon
     
  16. kardokristal

    kardokristal Developer

    Joined:
    Jan 6, 2012
    Posts:
    1,091
    Location:
    Estonia
  17. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    835
    Location:
    UK
    Thanks Kardo,
    Downloaded and already set up. Will let you know how it goes.
     
  18. phalanaxus

    phalanaxus Registered Member

    Joined:
    Jan 19, 2011
    Posts:
    509
    Hi Kardo,

    So what does CS have in its internal database ? Windows files, well known applications, or anything you can think of ?
     
  19. kardokristal

    kardokristal Developer

    Joined:
    Jan 6, 2012
    Posts:
    1,091
    Location:
    Estonia
    Hi,

    @ghodgson

    Thanks Gordon! Please let me know how this version works. :)

    @phalanaxus

    Contains information about latest malware (threats) from two different public database - Malc0de and VX Vault.

    Manual and automatic updates (optional feature) for internal database will be added into next beta version.
    Internal database is useful for offline checkup (e.g. no internet connection).

    Regards,
    Kardo
     
  20. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    835
    Location:
    UK
    Hi Kardo,
    I've been running CS 3.2.0.85 for 5 days now, and so far no problems and no further .Net runtime errors.

    Regards
    Gordon
     
  21. kardokristal

    kardokristal Developer

    Joined:
    Jan 6, 2012
    Posts:
    1,091
    Location:
    Estonia
    Hi Gordon,

    Thank you for the feedback! :)

    Regards,
    Kardo
     
  22. minegroasprilla

    minegroasprilla Registered Member

    Joined:
    Oct 14, 2013
    Posts:
    17
    Location:
    caracas

    And in Spanish?
     
  23. malware1

    malware1 Registered Member

    Joined:
    May 26, 2014
    Posts:
    133
    Files are not blocked while Crystal Security shows the alert. I mean they're still running.

    Imagine that you have a backdoor, Crystal Security detects it, the alert is shown, but the file is running in the memory and your application doesn't stop it (it detects it, but the user didn't choose an action, so the malware is still running in the memory). The backdoor can connect to its C&C server and the attacker can control the computer while the notification is displayed. It can even kill Crystal Security...

    You shouldn't allow to open a file until the user selected an option.

    BTW, you should make a submission form for the internal database.
     
  24. kardokristal

    kardokristal Developer

    Joined:
    Jan 6, 2012
    Posts:
    1,091
    Location:
    Estonia
    Hello,

    Thank you for your interest.

    Spanish language is available, however, it has not updated a long time ago.

    Regards,
    Kardo
     
  25. kardokristal

    kardokristal Developer

    Joined:
    Jan 6, 2012
    Posts:
    1,091
    Location:
    Estonia
    Hi,

    Thank you for your feedback.

    I see your point.. and I agree with you in that the files are allowed to run.. but please note that Crystal Security is a second-opinion anti-malware tool (not anti-executable) and it is recommended to use it with some other AV suite.

    Yeah, if user decides to allow malicious file then it does not end well.. but if auto-decision is enabled then malicious files will be suspended immediately. I have to admit that it is somewhat useless against already started ransomware but when a file is checked before launching it will be blocked before it can start.

    Regards,
    Kardo
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.