Developing security applications

Just a question to others here. Regarding development of security applications, I noticed many people are wanting applications to develop quite often, for example, on a weekly basis.

I'm not taking a dig at users on this board, as I like to see new features, especially those I want/need. But at the end of the day, if there are no blue screens, no lagging, and the program is doing exactly what it's supposed to do, I should be happy, shouldn't I?

For example, in the previous prevx thread, people were wanting to try out betas every few days, and once a stable release was issued, users would ask if a new version was available (not that there's anything wrong with asking). If I had my way, I would keep prevx just as it was when the new version was released here a year ago.

Same thing with programs like Shadow Defender, users may ask why a new version isn't available, even though the current version, being a number of months old, works exactly as described.

And with sandboxie for example, I think if the the program wasn't updated from many many editions ago, it'd still be one solid and effective application that I'd recommend to everyone.

With DefenseWall(just thinking of applications that come to mind), if the application never implemented any other significant new changes (firewall etc), as long as it is stable, I'd be content to use the application for years to come.

Then with ThreatFire for example, if it weren't for users here continually pushing for a deny feature, this new version wouldn't be as great as it is, and lighter, and I'm sure the developers would agree.

My question is:

• 
  1. If a program is stable, how often do you reasonably expect new program features and upgrades? (Weekly/monthly/quarterly/yearly basis/doesn't matter as long as the product works and is stable and updated against any new security threats)?

• 2. If you could choose one over the other, do you prefer new features or stability-compatibility?

I'm certain the developers appreciate our feedback, as a lot of the time they develop new features that might not have been planned. But on the other hand, if I were a developer, I think I would feel the pressure to continually update a program that is already working well, and these new updates might create me more problems than planned (compatibility issues, many more hours invested, and so on).

 

1. doesn't matter as long as the product works and is stable (if I had to choose a second, I'd go with yearly)
2. stability-compatibility

 

1. It doesn't matter for me, as you said, as long as the product works stable, also as long as will be discovered new threat which could bypass this app.
2. stability/compatibility.

 

Good stuff Creer, that's what I meant with a product plugging any security holes as needed versus implementing new features, but you put it in better words. The first question is now updated.

Regarding prevx, I appreciate Joe's support and the program, and he'll most likely read this. I like the new feature they brought with SafeOnline, but as I'm a simple dude I thought they could have squeezed version 3 for longer - just keep on doing well in tests, lowering fps, and so on. That's what most important to me, so if a new version is released, it's not really a new version on the features side, but a more stable and secure version.

 

I would go for 2.

I like the old release calendar like Avast is using. I do not want new features in X.X9 releases, just bug fixes and minor usability/functionality improvements. New features and big usability/functionality/performance improvements in x.9 releases. Major functionality changes and internal architectural overhauls in 9. releases.

Regards Kees

 

Kees, thanks for mentioning Avast, a good example of a program which has focussed on ironing out all bugs long before bringing out a new version.

Yeah the interface is old and boring, but instead of new features they focus on as you said 'just bug fixes and minor usability/functionality improvements'. It keeps on working right out of the box. Hopefully they adopt the same approach to the new version. And besides, I like knowing where all the settings are, year after year, whenever someone else is using Avast.

 

Well, I can answer basing my own experience- it's very important to have security software up to date. But it's not really matter in case of photo viewers, for instance.

 

Software should be updated when it needs it, (bug fixes, etc) not on a schedule or at regular intervals. Frequency of updates is a very poor way to evaluate security software that doesn't depend on up to date definitions.

 

Necessary updates for security products should be maintained on an as-required basis,whether that be monthly,weekly or whatever.Of course there are many cases where paid vendors justify a yearly subscription by chucking in a fancy new GUI and a heap of bloat whether or not it's needed.If you compare the likes of McAfee/Norton and Avira/Avast for example,as sure as night follows day the former 2 will throw up an "all new and improved" product same time every year without fail,whereas Avira/Avast update their products as and when they deem it necessary.

 

Good questions with no one correct answers, ie. it all depends....

Allow me to pick Shadow Defender as an example. For question 1, ShadowUser Pro is stable and the developer stops updating it and then comes
Shadow Defender with its new features, ie. password restrict, enter into frozen mode without reboot, etc. which is welcome by all.

As for question 2, it also depends... Shadow Defender will soon be supporting x64 windows systems, something which Sandboxie(tzuk) will never do. And if Shadow Defender were to offer exit from frozen mode (new feature)
at the expense of some stability/compatibility, I would say, GO FOR IT !

 

Great input. I was thinking this because I can only imagine how hard guys like Ilya work and Joe from prevx in wanting to improve their product, but at the same time, keep everyone happy (including those wanting new features all the time).

Right on brother! Highlighted your words in bold.

And andyman, you make a lot of sense with all your posts. But if you delved into sales ($$) verse a new GUI and features that could be termed as bloat, I can bet there would be some correlation between the two. That is a new fancy GUI + bloat would most likely retain existing customers who 'think' they're getting something new, while potential customers are longing for the slick GUI and the long list of features. I commend Avira and Avast for keeping their programs rock-solid.

Nanana1, you're also right in that there is no one answer. New features are always welcomed, but hopefully it doesn't come at the cost of 'too much' stability. If it does, developers might look into offering the customers/users two versions. Always offering a stripped down version, and an enhanced version. Seems to be what works for some companies, the simple AV, and the full package.

Anyway, I still think programs should aim for more stability, it's something that could be promoted more often, for example. 'Customers won't experience blue screens with our software', 'Our program keeps on working when others are crashing', 'Compatible with all your existing software' etc etc.

 

also it is important to see an improvement of a software maybe adding stuff i need so you dont buy additional softwares for example knowing that Defensewall has a firewall protection i will save couple of bucks

 

Very true jmonge. But if Ilya adds that, do you think users will be content on DefenseWall + firewall for a long while, or will they then demand more features, and more from him?

What I'm saying, DefenseWall is great right now! We should be content with how great it works now, but many never are! lol

 

i heard ya

 

For me I prefer no updates/changes at all.

Otherwise you spend time keeping software up to date instead of using it.

I guess I have to update my browser but even that I try and keep
to only fixing the major exploits.

 

I always say - before you start using any software or application - do some researches and learn how it works.
If you don't do this - you can be dissapointed how mentioned app works or worse - you can fall into trouble eg. you click allow when you should press deny/block button, etc.
On the real world the true is that many people don't do that and when they meet the problem then they blame app. which they are currently using.
Others trying to use app but when they see that smth doesn't works - they just dump software and change it to another position on their app list without asking for help/explanation developer of this product.

 

I prefer to get software that is updated to fix bugs and useability issues. I don't need flashy new tricks from the programs I use, but prefer they give me something that is really useful.

If the software I use isn't rock solid, why would I use it or buy it.
I need to be able to rely on my protection, not sit there and hope that it works properly.

If Sandboxie and DW eventually go 64 bit that would be great.
For now I'm staying with 32 bit for a number of reasons.
I'll probably make the change in a year or two. It would be nice if some of my favorite software were able to work on 64 bit.
But if I make the move and my usual stuff isn't there waiting for me then I'll find software that will do what I want. Or I'll damn well shoot my pc.
Hugger

 

I'm with you on keeping Prevx the same. But I realize that there could very well be some good reasons for the changes, and I might have missed them, hence the thread, Is SafeOnline an improvement?
As for your questions, I'd always opt for stability over new features... and it follows that I wouldn't be opposed to new features that were also stable, but not new features that were redundant with other software I am running or new features that make the program more cumbersome.

 

I think it goes without saying that most developers want to release bug fix versions, which likely includes stability issues.

For me the bigger question lies in new features. Implementing a new feature can be a daunting task depending on how hard it is to implement. Some programs that may always wish to introduce new features to stay 'fresh' are not always on my list of important. Other features, like a new scanning techinique in an AV are more likely to give me cause to update.

New features are not always recieved by faithful followers as welcome. How many programs have you used version X, and liked the layout or performance, then version Y comes along, maybe with some good features, but significantly changed in other ways. Stable or not, some features break the reason some liked the program in the first place.

It must be hard to balance the requests of some faction versus other faction when it comes to radical changes, especially with a paid product.

Sul.

 

With app development, customers and updates a lot of it is psychological if they are getting a new version even if it's a trivial feature/fix then it's "new" and they feel they are getting their moneys worth. Also it helps reinforce the product isn't abandonware, and the author cares about the product.

Also many new customers get put off by changelogs that have been stagnant for 12+ months, i've known of a few companies who have lost substancial sales simply because another similar product was more "actively maintained".

So it's probably in an authors best interest to release an update every 6 months or so, even if it's just optimizing the code to run faster and reduce the footprint or something minor. Also yes there's the flip-side, new features that are negative and drives existing customers away.

Me, if it has no bugs and does the job it's designed i'm happy. There is only 2 programs i make a habit of checking and hoping for newer versions.

 

The biggest issue I have with this yearly major release philosophy is that if for example Norton develops a new showstopping technology that greatly increases the security offered,in say March of 2010,you can guarantee that this will only see the light of day in time for Norton 2011,denying the current subscribers the benefit of that technology for months.On the other hand if Avira develop a hugely improved product,it'll be introduced to the customers as soon as it's available because there's no year on year mentality with them.

 

I do agree some sort of change-log that's active (thanks 1boss1), even for the most minor fix, shows users the developer is still alive and kicking. Even if it's just a minor bug fix, you feel your money is well spent.

Interesting thread by the way Page42. I know companies can't actively maintain several versions of a product, but I still think offering the basic stripped down version, and an enhanced version is the way to go. For example, prevx as just a real-time scanner and malware removal tool (basic version), and prevx + A+B+C (enhanced).

And I agree with Joeythedude, if you're spending time updating your browser, plus all your other programs, it all gets a little too much to keep track of. And if you're running a virtual system (returnil/shadow defender) and some programs try to update automatically and download a new version, you know you'll lose the updates anyway when you reboot. You might even be annoyed those programs will try to re-install all over again!

Hugger, agree with you as well, stick to being rock-solid and working properly, not let users hope it works properly.

And Sully, I agree if it's a feature which most users will benefit from, such as new scanning technology, that's a given users should update. For example, if Shadow Defender implements exiting shadow mode without rebooting, or allowing programs to be installed across reboot, I don't think users would choose the current version over the improved feature version.

Just as another example. I noticed Hitman Pro is going through some changes. See thread here. Mostly improving stability, which is a good thing. The addition of right-click scanning was a massive 'feature' to me I feel it had to have, so that update was important.

I'm cool with this, as it's a new version, a new product and loman x 2 are working hard. And most importantly, the changes are slight and unnoticeable.

But if the interface started to change significantly, and it started to scan/behave differently, started to 'update' whenever it wanted to, the alerts were different and so on, I can see how a user would be uneasy with this.

Using it (HMP) as an example, as long as they keep plugging away, once it hits its peak hopefully they keep it there for awhile. Let word get around how stable the product is. Don't need any major changes. And if they do decide to offer real-time scanning, they offer it as a separate download, for those users that want this feature, and keep the on-demand program for those users that like the simple approach it has.

And andyman, when companies withhold technology that would make a product better, all for the sake of making more money, that is a tough one. I do appreciate companies thoroughly testing new technology, but it's great when a company gives it to users at the earliest possible convenience. That's another reason why Avira is such a good product.