Why Not A Scanner Instead of Learning Mode?

Discussion in 'ProcessGuard' started by worldcitizen, Nov 13, 2004.

Thread Status:
Not open for further replies.
  1. worldcitizen

    worldcitizen Registered Member

    Joined:
    May 15, 2003
    Posts:
    530
    Learning mode can be confusing and tricky for new users and from some posts I've read even a turn off. Anyone who's used Norton Internet Security or even Black Defender's application protection feature knows that as soon as it installs it 'scans' a users PC for programs to add to the 'allow' list with the user having the option to keep, add or remove all or some of the recommended additions. This method is definitely much easier and I see no reason why PG can't employ a scanner to create a list of programs to add to it's default programs instead of doing it all manually.

    I really hope DCS will give serious consideration to emplying this type of 'learning' mode because it is much quicker and achieves the same results basically. A user can still add or remove programs they want or don't want so I see no reason why this learning mode can't be automated. Also upgrading or/and re-installing PG would be much easier and faster.

    If Black Defender and Norton can do it I don't see why DCS users have to do it all manually when we have the technology to make it automated.

    Dave
     
  2. worldcitizen

    worldcitizen Registered Member

    Joined:
    May 15, 2003
    Posts:
    530
    Please input your ideas because I'm sure that there a a lot of users who would prefer such a scanner instead of having to do it all manually.

    Dave
     
  3. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Dave, This has already been suggested in the wish list.
    If it could be done easily and without bloat it may well be a good idea but I would like to see Jason's arguments for the methods that are currently used and not the methods used by other developers.
    We have not received many reports of users finding Learning Mode that tricky or confusing as yet though time will tell.
    ProcessGuard is using relatively new concepts which can be hard to grasp for many users, each iteration, so far, of ProcessGuard has increased it's user friendliness.
    I know that DCS do takes notice of their users wishes and will do all they can in future builds to enhance the product in terms of ease of use.

    Cheers. Pilli
     
  4. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    I can see this feature being useful to new users - but it should be optional to allow the hard-heads to do everything manually also. :) Perhaps have a PG Install wizard offer a choice of automatic configuration of existing applications, learning mode or manual setup?
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,048
    Hi Guys

    I don't see it as easier nor faster. Granted I've done it a "few" times but doing a clean install, that is not saving setting, once PG is installed I can run thru all my programs in 5 to 6 minutes and let learning mode pick them up. As I have stated elsewhere when I installed Abtrusion Protector it did the kind of scan you are talking about, and it took 35 to 45 minutes. I installed Norton NIS2004 the other day to see if it would run on my machine and it's intial scan, not a complete scan, took close to 25 minutes. So I sure don't see the scan approach is quicker.

    As for easier, this one frustrates me. How difficult is it for someone to follow these instructions:

    1. Install and read the help file
    2. Reboot
    3. Just simply start and then stop every program you have.
    4. Reboot and use the computer for a short period.
    5. Reboot.

    I always shortened 4 to reboot due a 1 minute check and reboot.

    Most of the problems people have seems to stem from not following these instructions.
     
  6. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    I think this step is the awkward one for most. Consider how many programs that can be run with just a basic Windows installation. Going through all those would be time-consuming at the least and also unnecessary - the only programs that need Protection entries to run are those that modify protected programs or install a driver, hook or service which is going to be a small minority. Of course, you would want to add security programs and anything given Internet access also, but these are not necessary for the programs to function.

    As for the scan, a simple check for program files shouldn't take more than a couple of minutes. Abtrusion Protector does scan every DLL file also which may explain its scan time - Norton is, well, probably just behaving like any other Symantec application.
     
  7. worldcitizen

    worldcitizen Registered Member

    Joined:
    May 15, 2003
    Posts:
    530
    I've scanned with NIS and it only took a few minutes and beats hands down having to open and close almost every application. It's just far easier and simpler as far as I'm concerned especially for those who prefer a 'set it & forget it' option instead of going through all their applications.

    Some users may like to open & close their applications but I don't and I think that there is a better way of doing this which is a scanner. I personally think that having to open and close applications is a very silly and impractical chore which isn't necessary because the technology exists to do it automatically. It is a very antiquated method of setting up a program in these days of rocket science. It's the convenience too of having it done automatically instead of having to do it manually. I've used Black Ice application protection too and it only took a few minutes and was much more convenient than opening and closing dozens of windows.

    If you have a lot of applications it's going to take much more than 5-6 minutes opening and closing programs. With a scanner you can do it in the same time or close with only 1 click instead of a 100.

    Dave
     
  8. worldcitizen

    worldcitizen Registered Member

    Joined:
    May 15, 2003
    Posts:
    530
    It's a 'horse & buggy' technique alongside 'cutting-edge' technology - totally ridiculous and completely unnecessary. When we have the tools to automate the process why not avail ourselves of it? A scanner only needs to scan a couple of folders not the entire hard drive/drives.

    Dave
     
    Last edited: Nov 13, 2004
  9. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    Keep in mind that when doing a scan in NIS, all it is looking for is programs that have Internet access capability. In the case of PG having similar scanner capability, PG would have to carry with it the knowledge of each program's need to have additional privileges such as Install Drivers/Services, Install Global Hooks, Terminate Protected Applications, Access Physical Memory. This would be one heckuva knowledge base that DCS would have to build into PG.
     
  10. worldcitizen

    worldcitizen Registered Member

    Joined:
    May 15, 2003
    Posts:
    530
    All PG has to know is the needs of OS files. The rest can be the same defaults that PG uses for any program. The user can give extra privileges as needed. The inital set up is just to get the ball rolling without having to click all over the place. I've only had to give extra privileges above the basic to very few programs if at all.

    Dave
     
  11. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Not really - most applications don't need additional privileges at all. The ones that do would be some core Windows components (already there), security programs (to allow them to modify/terminate anything), mouse/keyboard/touchpad drivers (a few entries per manufacturer perhaps) and various low-level Windows utilities (quite a few here - but anyone with the technical knowledge to be running these should find configuring PG a piece of cake).

    You'd probably find larger databases in most firewalls for rules presets.
     
  12. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,048
    First in terms of the time it takes to run thru all my programs when I install, I just counted and it's 36 programs, and it just takes 5 or 6 minutes. Asking for preconfiguring for windows just doesn't make sense to me. When I do the install and first reboot. By the time my system is up they are already there now. I do it the way I do now, and the 5 or 6 minutes is great considering before I had to do it manually and that took time.

    Note also although I am not particularily a semantic fan, I don't think the time that the virus scan it did was abnormally lengthy, I just takes time to scan thru thousands of files.

    Then you have the issue of if you do an automatic scan how does something distinguish between what makes sense to add and what doesn't.

    Then there is the issue of size. PG's download was under 1meg until the help file grew in complexity. There are very few programs that tight and small. WHen I downloaded NIS2004 to test it, the download was 35Meg.

    In terms of the corporate environment, I wonder. THoses guys like to do perimeter defense and tend not to worry about individual computers. How many PC's in a large corporate environment have individual firewalls. Last time there was a major outbreak, I believe IBM got infected cause they don't protect indvidual computers.

    Finally I have to give Jason credit for coming up with one heck of a protective program. If one can do that, I suspect he has probably given some thought to many of these issues and chosen the approach he did for a reason.
     
  13. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    A scanner, hmm ... :)

    Firstly, this would require a (constantly updated) list of "known good" programs - antivirus, firewalls, etc. Needless to say, there's a lot of security software out there so this would be a big undertaking - as would be maintaining it ...

    Secondly, filename testing alone isn't sufficient. Unless there were comprehensive signature tests done on each file you'd be opening up potential security issues by allowing trojans to run as filenames of known good applications (ie. a trojan could run as tds-3.exe).

    So, it's a bit iffy ...
     
  14. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    I can see why some people would prefer a scanner. But to have one instead of--rather than in addition to--learning mode? I hope not.

    I used BlackICE for awhile. The scanner is the reason I dumped it. It made me nuts. Having to rescan after each software installation is insane and inefficient, and makes me insane and inefficient. (Granted, I'm teetering on the edge normally anyway.)

    Another thing is that I don't want every executable added to ProcessGuard. Many applications never normally get run, so why have them added to the list? I'd rather keep learning mode enabled for days than have that.
     
  15. worldcitizen

    worldcitizen Registered Member

    Joined:
    May 15, 2003
    Posts:
    530
    Hi Wayne!

    If it's not secure then better not risk it, I agree. I was just exploring to see if there were alternative ways to automating the learning mode because it does take some setting up for new users. I was thinking along the lines that instead of having to open and close each application then PG could just scan for example the 'My Programs' folder because the installed programs are what most users would be opening and closing.

    The idea here is to make it as 'simple' as possible for new users so that those who are trying it out will just install it and then watch it work. If those trying out PG have to go through a tedious set up to get the program working I think that many might just not be bothered resulting in a loss of sales. So there is a fine line between user-friendliness to increase sales and ensuring that unsecure files are not given permission but even with PG installed a program TDS3.exe could be a trojan and try and run and would the user know any difference? He would probably allow it any way thinking that it was the real version so it's really up to the user to make sure their machine is clean BEFORE installing PG.

    Dave
     
  16. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,048
    Hi Dave

    Granted I've had practice installing PG with the beta testing, but I do try and think like a newbie on these issues. Given the basic procedure we've outlined many times, I have to ask.... Do you know a firewall that is easier to setup than ProcessGuard. Excluding those folks who still think the CD tray is a coffee cup holder, if someone has been able to get a firewall running PG as it now stands shouldn't be a problem. Of course the problem can be the same all software makers face, not reading the instructions.

    Pete


    PS as a humorous aside, I love what one program did. It automatically dumped you into the help file like PG does, but if you just clicked the exit, it would popup and say you can't read that fast, please read it. :D
     
Thread Status:
Not open for further replies.