Why Not A Scanner Instead of Learning Mode?

Learning mode can be confusing and tricky for new users and from some posts I've read even a turn off. Anyone who's used Norton Internet Security or even Black Defender's application protection feature knows that as soon as it installs it 'scans' a users PC for programs to add to the 'allow' list with the user having the option to keep, add or remove all or some of the recommended additions. This method is definitely much easier and I see no reason why PG can't employ a scanner to create a list of programs to add to it's default programs instead of doing it all manually.

I really hope DCS will give serious consideration to emplying this type of 'learning' mode because it is much quicker and achieves the same results basically. A user can still add or remove programs they want or don't want so I see no reason why this learning mode can't be automated. Also upgrading or/and re-installing PG would be much easier and faster.

If Black Defender and Norton can do it I don't see why DCS users have to do it all manually when we have the technology to make it automated.

Dave

 

Please input your ideas because I'm sure that there a a lot of users who would prefer such a scanner instead of having to do it all manually.

Dave

 

Hi Dave, This has already been suggested in the wish list.
If it could be done easily and without bloat it may well be a good idea but I would like to see Jason's arguments for the methods that are currently used and not the methods used by other developers.
We have not received many reports of users finding Learning Mode that tricky or confusing as yet though time will tell.
ProcessGuard is using relatively new concepts which can be hard to grasp for many users, each iteration, so far, of ProcessGuard has increased it's user friendliness.
I know that DCS do takes notice of their users wishes and will do all they can in future builds to enhance the product in terms of ease of use.

Cheers. Pilli

 

I can see this feature being useful to new users - but it should be optional to allow the hard-heads to do everything manually also. Perhaps have a PG Install wizard offer a choice of automatic configuration of existing applications, learning mode or manual setup?

 

I think this step is the awkward one for most. Consider how many programs that can be run with just a basic Windows installation. Going through all those would be time-consuming at the least and also unnecessary - the only programs that need Protection entries to run are those that modify protected programs or install a driver, hook or service which is going to be a small minority. Of course, you would want to add security programs and anything given Internet access also, but these are not necessary for the programs to function.

As for the scan, a simple check for program files shouldn't take more than a couple of minutes. Abtrusion Protector does scan every DLL file also which may explain its scan time - Norton is, well, probably just behaving like any other Symantec application.

 

I've scanned with NIS and it only took a few minutes and beats hands down having to open and close almost every application. It's just far easier and simpler as far as I'm concerned especially for those who prefer a 'set it & forget it' option instead of going through all their applications.

Some users may like to open & close their applications but I don't and I think that there is a better way of doing this which is a scanner. I personally think that having to open and close applications is a very silly and impractical chore which isn't necessary because the technology exists to do it automatically. It is a very antiquated method of setting up a program in these days of rocket science. It's the convenience too of having it done automatically instead of having to do it manually. I've used Black Ice application protection too and it only took a few minutes and was much more convenient than opening and closing dozens of windows.

If you have a lot of applications it's going to take much more than 5-6 minutes opening and closing programs. With a scanner you can do it in the same time or close with only 1 click instead of a 100.

Dave

 

It's a 'horse & buggy' technique alongside 'cutting-edge' technology - totally ridiculous and completely unnecessary. When we have the tools to automate the process why not avail ourselves of it? A scanner only needs to scan a couple of folders not the entire hard drive/drives.

Dave

 

Keep in mind that when doing a scan in NIS, all it is looking for is programs that have Internet access capability. In the case of PG having similar scanner capability, PG would have to carry with it the knowledge of each program's need to have additional privileges such as Install Drivers/Services, Install Global Hooks, Terminate Protected Applications, Access Physical Memory. This would be one heckuva knowledge base that DCS would have to build into PG.

 

All PG has to know is the needs of OS files. The rest can be the same defaults that PG uses for any program. The user can give extra privileges as needed. The inital set up is just to get the ball rolling without having to click all over the place. I've only had to give extra privileges above the basic to very few programs if at all.

Dave

 

Not really - most applications don't need additional privileges at all. The ones that do would be some core Windows components (already there), security programs (to allow them to modify/terminate anything), mouse/keyboard/touchpad drivers (a few entries per manufacturer perhaps) and various low-level Windows utilities (quite a few here - but anyone with the technical knowledge to be running these should find configuring PG a piece of cake).

You'd probably find larger databases in most firewalls for rules presets.

 

A scanner, hmm ...

Firstly, this would require a (constantly updated) list of "known good" programs - antivirus, firewalls, etc. Needless to say, there's a lot of security software out there so this would be a big undertaking - as would be maintaining it ...

Secondly, filename testing alone isn't sufficient. Unless there were comprehensive signature tests done on each file you'd be opening up potential security issues by allowing trojans to run as filenames of known good applications (ie. a trojan could run as tds-3.exe).

So, it's a bit iffy ...

 

I can see why some people would prefer a scanner. But to have one instead of--rather than in addition to--learning mode? I hope not.

I used BlackICE for awhile. The scanner is the reason I dumped it. It made me nuts. Having to rescan after each software installation is insane and inefficient, and makes me insane and inefficient. (Granted, I'm teetering on the edge normally anyway.)

Another thing is that I don't want every executable added to ProcessGuard. Many applications never normally get run, so why have them added to the list? I'd rather keep learning mode enabled for days than have that.

 

Hi Wayne!

If it's not secure then better not risk it, I agree. I was just exploring to see if there were alternative ways to automating the learning mode because it does take some setting up for new users. I was thinking along the lines that instead of having to open and close each application then PG could just scan for example the 'My Programs' folder because the installed programs are what most users would be opening and closing.

The idea here is to make it as 'simple' as possible for new users so that those who are trying it out will just install it and then watch it work. If those trying out PG have to go through a tedious set up to get the program working I think that many might just not be bothered resulting in a loss of sales. So there is a fine line between user-friendliness to increase sales and ensuring that unsecure files are not given permission but even with PG installed a program TDS3.exe could be a trojan and try and run and would the user know any difference? He would probably allow it any way thinking that it was the real version so it's really up to the user to make sure their machine is clean BEFORE installing PG.

Dave