~ WHAT IS THIS? ~
CHARRETTE:
A charrette (pronounced [shuh-ret], often Anglicized to charette and sometimes called a design charrette) consists of an intense period of design activity. The word charrette may refer to any collaborative session in which a group of designers drafts a solution to a design problem.
PURPOSE:
This is one of a series of charrette threads that I will be making to try and create an inclusive, consistent, and polished prototype for future versions of Comodo Internet Security. I am here to fulfill your wishes! - and some of mine - in the form of jpgs and pngs - to eventually be submitted in the secret (gasp!) usability sub-forum for review by developers.
YOUR ROLE: BE CRITICAL
I’ll be looking over the wishlist for features and suggestions to incorporate in our designs, but don’t hesitate to suggest ideas here. In fact, I encourage you to suggest ideas here - otherwise it’s not a charrette. Sometimes I have specific questions. To see them scroll down to the “Current Dilemmas” section. I also encourage you to check out the related threads listed below and support our resident wishers. Just make sure that, if your suggestion warrants its own thread, that you do make a thread for it. I am not replacing the wish list.
[b]~ APPLICATION SYSTEM ACTIVITY CONTROL ~[/b] Login to view the image.
GENERAL GUI ENHANCEMENTS:
- The Help button is now located correctly and space-efficiently.
- The Application Path field can be edited on the fly.
- The user now has the option to Copy From - a feature in the firewall that has been around for ages but never made it to Defense+.
- Export/ Import buttons allow users to export/import modular configuration files, with the ability to overwrite or append. (This allows users a more granular means to updating/restoring their configurations)
- Modularity is now spread across inuitive in-window elements (tabs and expandable lists), rather than across several disjointed windows.
- Sandbox Rules, Groups, and Access Rights are now much more fluidly manageable.
- Granularity is stepped across in-window elements to allow for novice comfort through expert control.
- Basic switches allow novice users to abstractly tune their Application Activity Controls.
- Drop Downs (in the Access Type lists) allow intermediate and expert users to quickly change the behavior of Defense+.
- Expandable lists allow advanced users to create custom rules (Adv.Rues), in a format consistent with firewall rules, openning the GUI to more advanced operations than simply allowing and blocking access to a certain file.
- The lists now have both a search and filter function by which to quickly find specific rules or simplify the view.
- The Adv. Rules fields show as follows [ # of enabled block rules / total # of block rules : # of enabled allow rules / total # of allow rules ]. They do not count the Basic Action nor the Advanced Default Action.
- A link at the bottom left allows the user to jump to the Network Access Control window for the application.
- An Apply button is now included so the user can save his/her work without closing the window.
- Element size, spacing, and visuals are polished.
BASIC SWITCHES:
- This tab shows by default. It is for novice users and basic application-wide changes.
- It explains concisely what the difference is between Access Rights and Protection Settings.
- The linked policy type under Sandbox Settings takes the user to the Sandbox tab.
BASIC ACTION VS DEFAULT ACTION:
- Default Actions (now “Adv. Default” and “Advanced Default Behavior Handling”) are rules that fire after Advanced Rules are fired, such that, if there is not already a specific policy for the access, the Default Action will be followed. This is currently how Defense+ is implemented.
- Basic Actions fire before Advanced Rules, and thus override every rule that follows, included the Default Action. This allows a user to quickly allow or block all acccess attempts. This switch is integral for novice users not concerned with fine tuning Application Activity Controls.
- Upon applying no Basic Action, the Default Action will be force activated.
TREE STYLE RULE MANAGEMENT:
- It is important for advanced users to see the guts. The tree style list, with sequential rulesets, provides a place for change made in the drop-downs and basic switches to logically manifest. As an example, if I change the Default Action to Block, then if I look at the explicit ruleset, I should see a Block-All rule at the bottom. Transparency is key.
- Using a sequential ruleset allows the user the same power as sequential rulesets common to firewall policies. The rules higher in the list are given higher priority.
- Using verbal (“Block file x”), rather than group (Adding file x to a blocked files group), style rulesets, the GUI is opened up to providing more advanced variables. By example, “{ Block } access to files in path { x } if those files { have no digital signature }”
- The list can now be sorted by clicking on the appropriate table headers. This obviously doesn’t sort rulesets, just access types by the selected manner.
- To expand or compress the entire tree, use the expand/compress toggle in the header.
- Checkboxes allow users to quickly enable/disable rules.
- Changes to Basic Action and Adv. Default via drop down can be applied to multiple Access Types simultaneously by highlighting several Access Types and then using one of the drop downs in one of the highlighted Types. (Both shift and ctrl style selection should be possible you Comodo devs.)
- The tree contains a second set of headers to sort the list within each access type.
QUICK TOGGLES:
The Advanced Ruleset list contains three quick toggles and one priority marker. Quick toggles allow the user to quickly change basic settings for a particular rule (or set of rules if multiple are selected). They are used simply with a single left click.
The priority marker lets the user know the priority of the rule even if the list is sorted in such a way that the rules are not in priority sequence. The Basic Rule is always rank 00. The Advanced Default is always rank ZZ. This naming convention allows over 1200 rules.
The first quick toggle enables or disables the rule. It is the check mark.
The second quick toggle cycles through Allow-Ask-Block and controls whether the rule allows, asks, or blocks.
The final quick toggle activates/ deactivates logging.
RIGHT-CLICK & SPECIAL MENUS:
- Right clicking on a table header will give you the following options: Sort 0-Z, Sort Z-0, Do not Sort, Columns >
- The Columns sub menu allows users to show or hide certain columns. (In this window the only column that can be hidden is the Adv. Rules column)
- Right clicking on the toggle-all tree toggle will give you the following options: Expand all, Compress all.
- Right clicking on a specific Access Type will give you the following options: Add a new rule, Remove all rules, Move up, Move down, Purge invalid rules, Log all rules, Enable/Disable all rules.
- Right clicking on a specific rule will give you the following options: Add a new rule, Edit this rule, Remove this rule, Move up, Move down, Purge this rule (only shows if the rule is invalid), Log this rule, Enable/Disable this rule.
- The Select menu, next to the Application Path field, contains an additional option to manage file groups under Select > File Groups > Edit/ New…
- The Select menu, next to the Application Path field, contains two additional options: to add folders recursively and non-recursively. This functionality can also be achieved by manually text-editing the path, following it with “(recursive)” or “(non-recursive)” neither of which are case sensitive.
- The Predefined Policy drop-down, next to the Predefined Policy radio selection, contains an additional option to manage Predefined Policies at the bottom of the list called “Edit/ New…”
- The Copy From menu, next to the Custom Policy radio selection, contains an additional options to manage Predefined Policies under Copy From > Predefined Security Policies > Edit/ New…
ADVANCED OPERATIONS FOR RULES:
- The following rule is possible with this kind of rule creation system: “Block and log shellcode injections into file [*\config.cfg] if the target file is located in path(s) [C:\Programs*][C:\System*]”
- See the attached image: Adv.RuleSet.Operation.[number].png for a map of potential advanced rule operations.
- See the attached image: Adv.RuleSet.Example.[number].png for the example rule in a more object-oriented form.
[b]~ ADDING RULES ~[/b] Login to view the image.
GENERAL GUI NOTES:
- Coming Soon…
[b]CURRENT DILEMMAS:[/b]
- How do I maintain quick access to the sandbox (preferably via the tab) without locking sandbox settings to predefined policies? My tentative solution is as follows: For the predefined policy window (essentially identical to the windows shown), there will be a checkbox item under Basic Switches, under Sandbox Settings, as well as on the sandbox tab, that reads, “save sandbox preferences with the predefined policy.” This still, however, presents a problem of manifesting those options to the user in other windows such as the Defense+ Rules window.
[b]WISHES PENDING:[/b]
- Add a “never sandbox this file” option.
[b]RELATED THREADS:[/b]
[attachment deleted by admin]