Are D+ alerts (over)complicated for you?

Let’s compare AV and Firewall alerts and D+ alerts using averege user logic.

AV alerts: if you see AV alert saying that a file is a then about 90% of the time it really is, so you delete it. If it says Suspecious or Heur. something, then it only acts like a virus but maybe isn’t, so you can chack it on virustotal or start it at your own risk…

Firewall alerts: when FW tells you that a program want to connect to the internet, you generaly have at least some idea about why it would want to, so you allow it. If you can’t think of any reasons why it would need to do that - you deny it. If you’re REALLY unsure you could deny it and if after that your internet stops working…then you have a big clue that that last thing you denied internet access for wasn’t probably right thing to do.

Now for D+ alerts… Let’s say I have a lot of games that aren’t recognised and thus bug me with wierd alerts such as file want to load file dximput8.dll … or something. I don’t really know if it should do that or not… Now you can do what you do with firewall alerts (deny if unsure and if it stops working - allow it) but here’s the problem … program could work just fine after you denied a bunch of requests, but after a week or so you’ll be wondering why the heck doesn’t want to save changed options … or something. You could also add it as trusted, but what’s the point in D+ if you just add stuff that doesn’t work as trusted. There are some description of the alert, but it covers only few types of programs that usually do the stuff mentioned in alert.

What do you guys think?

For Average Users, I find the alerts complicated.

AV Alerts - Default Visible Action is Clean which deletes the file. I think the default visible action should be recommended action quarantine.

FW Alerts - FW alerts are not complicated coz its just 1 type of alerts for FW i.e trying to connect, so its fairly simple & almost same for all the FW’s.

D+ Alerts - I find D+ alerts the most complicated alerts for average users. I mean alerts explanation like, HKLM/xxxx/yyyy, dfjyc.exe is trying to do this, djhsy.dll is trying to do that, etc doesn’t means anything for average users. The alerts are fine for experts. So I think basic popup layout should have simple explanation & it would be very helpful if instead of weird file names & entries, program names would be there in the popup. Like instead of HKLM/xxxx/, edhf.exe, dhdg.dll, the program name of which these files & entries are mentioned in the popup. Simple Popup explanation for average user in the basic popup layout with program name like ccleaner is trying to run, etc would be good.

Thanxx
Naren

I agree.

The system is great and security looks OK but understanding all the pop ups with strange strings telling in a foren languish what “maybe” is going on… I do not understand them at all.

So for a simple PC user we can not act on this pop-ups. That means that there are maybe questions that need to be answered to keep the system running fine that are not and so the system breaks down.

See my problems here
http://tinyurl.com/6dshhtc

Could you goes tell here how the pop ups should look like to so that comodo can get a hint how to improve? each d+ pop up does say what action to take.

I am saying this because it doesn’t help to say that something needs to improve if you can’t constructive feedback how to improve by telling make the decision/recommended action bigger or different color. I hope you get the idea :).

Thanks

Regards,
Valentin N

I know at least 3 under-average users (including me :)) that have never been troubled by Comodo alerts.

I get that and if I get one again I will try to post it.

For my other 25 computers over the world where other people work on I can’t because I’m not there if it happens and they really do not understand any Comodo pop-up and stopped trying to understand them and just click it away without looking.

Thats what we get if something is to hard to understand.

Thats why I have Windows FW & MSE on my family’s XP laptop. This may not be the strongest setup but not bad either. Very good & easy protection for average users. To use CIS, you need to know more than basics, you need to learn how it works. If you are ready to learn than CIS is the best for you otherwise go with free Basic FW & AV & WOT in my opinion. Its still good protection for average users. Malwares are increasing every second but its not that the system will get infected every now & then. Malware infection are rare cases. Just go with basics & see if the system get infected or not & act accordingly i.e try other products & good if you are ready to learn.

I too am currenlty running Windows FW & MSE & WOT & its being 3 months with no malware infection. Atleast no for any HIPS product for now. Will see later if I need any.

Thanxx
Naren

So you mean to say average users know what those strings, weird file names in the popup means. And “if this is your everyday apps you may allow it” this sentence you think makes it easy for average users to reply the popup?? A popup with weird strings & files name & with the word “unrecognized” for many safe apps & ending the explanation with “everyday apps you may allow it” doesn’t makes anything easier for average users.

Thanxx
Naren

The user must his intelligence to make the right decisions and know what he/she uses very day.

Any idea or suggest what comodo should write instead so that we can help them.

Why the program/apps names related to files/keys are not mentioned on the popups? Dont you think program names on the popup may be a little help for average users. If they dont identify what to do with the concerned popups related to unrecognized files/keys, atleast program names on the popup may help a little. Wot say?

Thanxx
Naren

IMHO
there must be no choice for the user, Comodo must know how to handle with the questions. Or there must be a mode that Comodo takes the best guess for the question because we the user will do less because we don’t know either.

they can also do like this the FP is quarantined, tells the user that it will be sent to the labs, they check it and if it’s FP the user will know by CIS checking what’s in the quarantine and telling the user to remove it from them (and how to do it). Good idea?

Regards,
Valentin N

Sorry its late but what is an FP

FP = False Positive