Security Suites sub forum

I've written a rather long reply to this which I'll post in its entirety below. However, I wanted to point out that MrBrian's reply is closest to my own thoughts on this.

To me, it's not how the components are packaged that matters, but, the knowledge / expertise needed to reply to questions about specific components. "Firewalls" remains the best example, as I describe in detail below, because of the very specific expertise needed to reply intelligently to complex firewalling questions.

However...

Sandboxing and virtualization are very different technologies from all the rest. That section was only just created recent as a split out from other software & services, which many members wanted. Why lose all the sandboxing threads when merged into an already very busy subforum that has countless other subjects posted in it?

Anyway, here is the long reply which covers most of the things asked about and will show you my perspective and why things are done as they are here.



Many of you put a lot into this, so, I'll be verbose in explaining my thoughts...

About combining multiple subforums down to one, that's problematic because of the posting volume levels. Other anti-malware software is one of the busiest sections and other anti-virus is no slouch either. AM keeps a full page of threads active over a two day period, or so. AV runs at about 3-4 days depending on what's being released. That's still rather busy. Combining them would be too much activity in one section. On forums, generally you look for high volume topics and give them their own section, first to spread out the volume, so no one section is too busy, and, second, so those interested in the certain subject matter know where to find it without having to read topics they're not interested in.

In the past, the common requests I've had was to split sections out, not to combine them back in. The section called "Software, Hardware and General Services" was originally just the other software & services forum. People asked repeatedly to split off hardware, then *nix, and more recently, virtualization/sandboxing and backup/imaging products. Now, with the current separation, it's much easier to find what you are looking for down there.

People have also asked that I further break out other anti-malware as there are different discussions in there that really aren't that directly related. You've got general products like MBAM, Emsisoft, Hitman Pro, and so on, but, you also have HIPS, behavior blockers, anti-keyloggers, removal tools, ad blockers, unhackers, key scramblers and more.

But, more importantly to how the forum runs, there is also a very differing mindset at work when looking at the main posters in AV vs AM. You have the people who say "AVs are dead - move on people" vs those that believe "a good AV is the cornerstone of computing security." Many of those that have whichever view tend to post most frequently in the subforum that better aligns with that view. There is certainly no reason to force the Pro-AV and the AV-R-Dead people into a single forum section, where each side would have to skip over the threads they aren't interested in (or fight tooth and nail on a daily basis.)

We also notice that threads can proceed quite differently depending upon which anti-whatever section they are posted in. It's the key posters in a section that determines how threads proceed. And while many forum regulars post in both, a lot of people tend to one or the other more exclusively. Even the arguments tend to differ a lot depending on which of the two sections you are in. The no "A vs B" rule was made mostly because of how threads usually proceed in the other anti-virus section, which is different from nearly all other subforums.

Anyway, on to the main question - making a separate section for suites. I'm afraid that I am against that idea. In my opinion, it's heading in the opposite direction of whatever changing or refocusing we need to consider.

It's my view that sections exist for the similarity of the questions being asked within them and the expertise needed to answer them. For those who think "firewalls" could just be combined in with a general "anti-whatever" section, well, that's not a good idea...

Knowledge of firewalling, and network communications in general, is a very complex study. Those who understand it very well, can practically name their own salary in the corporate world. The few firewall experts that frequent here, tend to mainly participate in the other firewalls section. They have no interest in the latest avast beta, the new features in MBAM, or which anti-keylogger is on top of the tests. They want to post about network routing, packet transmission, rules development, ARP poisoning and all like that.

If we said that a person should post in a suites section because they are using the firewall in a suite, but, their question is specifically a complex one about rule configuration, they'd be extremely lucky if one of the firewall experts found the question there mixed in with all other suite related topics. In my view, the exact package you use is far less important than the specifics of the question you are asking. If you have xPW (someone's personal firewall) or xIS (same someone's internet suite) but you have a firewalling specific question, it should always go into the firewall section, not in the suite section for the guy using xIS. How a functionality is packaged is less important then the knowledge required to answer the question.

To highlight why I think this way, let's look at the questions a suite like NIS can yield from users seeking help:

1. I have this file I'm trying to access, which I know is okay, but, NIS keeps blocking my access. It says the file is malicious. I can't get the exclude option to work. Can anyone tell me how to get around this and access the file?

2. NIS is constantly alerting me about a "Possible ARP Attack" I'm just on a home network with two PCs behind a router. How can I find out what is causing the ARP attacks? Is there a new rule I need or one I should remove?

3. Since this mornings update to NIS, it's HIPS keeps saying that some DLL is being injected into all running processes in memory. Programs have started hanging and I can't even kill them with task manager. How can I find if its malware or just a problem with the update? (There are probably better examples of a HIPS related question, that differs even more than this does from item 1 above, but, this was the best I could come up with at this moment.)

These are very different questions, each requiring different knowledge to reply helpfully, (beyond some basic product level user saying to just disable the protection or whatever). I mean an expert answer, for each question, definitely requires specialized knowledge. Why lump the questions all into a single section just because Marketing people figured out that selling suites makes the company more money.

We actually face the above problem today in the Eset section. Eset wanted a section for NOD32 and a section for ESS. NOD32 is simply a subset of functions, the full set of which are contained in ESS. We end up with identical questions asked about core functions (functions available in both products) in each section, just by different members. The answers are always the same and even the screenshots shown and options to check are completely identical. It's kinda silly actually.

A better layout there might be "core functionality" vs "extended suite functionality" but, that'd be far too geeky a separation for most customers, I think. It's simply easier to tell people to post in the section for the product they own, and we'll work out any overlap and duplication issues.

"other anti-virus software" is really for the core functionality of AV products, which is mostly the old file scanning approach. Whether on-access or on-demand, these products still make heavy use of that scan a file approach to security. Sure, they've all added a lot more protection techniques now, but, they still use that old core. Related to that are all those topics about product testing which are posted in that section. AV-Test, AV-Comparatives, etc.

"other anti-malware software" products tend to have a different core protection approach, but, also lots of extra techniques, as well. Whether that is mostly HIPS, behavior analysis, or policy based sandboxing, its still a different approach, as the "AV are dead" people talk about quite frequently.

The two sections have distinct purposes, but, I think people are hung up on the section names. "anti-virus" sounds narrow today because the buzz moved on to "anti-malware" or "anti-spyware". But, the topics that go on in there are well located and separate from the types of topics in the anti-malware section. Maybe giving each section a better/different name, one that focused more on the technological approaches rather than product name would be better.

To summarize:

1. There will always be a separate "firewalls" sub-forum. There's no question on that.

2. Making a section for suites goes against the direction we should be heading in - i.e. the focusing on the subject matter and knowledge needed to reply to the questions asked. It's the technology not the packaging that matters.

3. When the volume of posting gets large enough on any subject matter, that subject will likely be split out to its own sub-forum.

4. Busy subforums are never combined together.

P.S. "other anti-trojan software" is simply an old legacy section, maintained mostly for historical reasons. There are still posts made about Trojan Hunter, and one or two other old ATs. SAS often gets posted in there because it is a natural successor to the old standalone anti-trojan products, which positioned themselves as companion products, meant to run along side your main AV protection. That's really what that section was about.

Actually, I think it might make sense to expand that section to include all those standalone tools - rootkit finders, specialty cleaners and repair products. Moving those from other anti-malware would thin that section out, and make the AT section more valuable to people looking to get help with those standalone specialty tools. Of course, again it's name is a problem. If it had a tools or companion-product related name instead, that might help.




other anti-virus: file scanning and detection technology?
other anti-trojan: companion products and specialty tools?
other anti-malware: HIPS, behavior blockers, policy based sandboxes, and the like?

We could use better names that accurately describe what is discussed in these sections, so that people won't be confused over the titles "anti-virus" vs "anti-malware".