The register thing is not important
A nice thing with “defaults” is that is is not possible to satisfy everybody at the same time nor even general users alone.
There are different options to begin with because users have different needs and if a general user is supposed to “not be able to” reach the necessary options and change them some general users will complain anyway…
…and ask to change the defaults to their linking because they are general users and are not supposed to change any option.
CIS4 is supposed to used by novice people now or even beginners. i would want to see CIS4 have no popup and have it decide everything for the user, IE for beginners and would be nice and quite.
BUT for the people who like tweaking, maybe they can listen to you guys and change the defaults on the Proactive config. and leave what i said above on the Internet Security Config.
first they need to improve more on the quite ness, they have dont great so far but more can come. i think…
That’s ture!
And that’s why the “defaults” should be more oriented to beginners because it is more easily for advance users to change the settings themselves.
i rather see the internet security config make every choice for the user for beginners. but for advanced users can always change settings.
The difference between the default and the proactive mode its only 4 or 5 popups from unstrusted apps trying to connect to internet but the default is quite unsafe.
How about including a configuration wizard for CIS v4.0 which would allow easily to setup the program before its first run. Many applications have those these days including in it some security suites. Of course it would have to be more ambitious than that ‘online installer’.
Indeed a wizard could achieve what “defaults” cannot to the point it would be able to address even beginners who wish for seemingly opposite configurations like “Normal firewall” and “Allow all”
CIS already has mechanism which make it easier for beginners to use firewall keeping them safe at the same time:
- Firewall’s Safe Mode;
- Safe List (white-listed applications);
- Trusted Software Vendors.
But in order this to work it requires large and kept up-to-date safe applications database with what Comodo obviously has problems. I’m not saying that the ‘defaults’ shouldn’t be more novice friendly, but practically removing one layer of security is not a way to go. For years we’ve been told by Melih and many others that CIS achieve that great success because of layered approach to security, but now it seems that they stripping it down to please the masses.
Well, I have no problem with that if the decision is wise. Letting unknown / untrusted application green light for the internet access is not one of them.
Nullifying a security layer like outbound filtering is not an viable option for me (like many many other members of these forums) as well but what about users at large?
In the end those who wish for a layered security with outbound filtering can achieve that as well if they are self-motivated to do so.
And perhaps they have the chance to shed the slough of beginners and breach the stereotype that they often got forced upon.
Everybody starts as a beginner but that is not supposed to be a permanent condition to the point “defaults” appear to be an unsurmountable issue.
I don’t think you have much experiences with those novice/beginner PC users as most of them will never growth up to advance PC users particularly in firewall configurations.
On the other hand, I don’t think we have much disagreement as I do agree default blocking of unsafe applications for internet access in my first reply. By the way, a simple wizard is a even better suggestion.
Glad you did not claim you have experience with novice/beginners or I would have assumed you encouraged them to fit such description. 
Perhaps some novices might actually discover how trivial are some things they are not supposed to know…
…but it is not that they would willingly comply with a “default” that enable outbound filtering if they are not motivated to do so (Defaults cannot achieve such feat).
A simple wizard would be a way to have settings fit the needs of different (but not unlimited) categories of users regardless if they are deemed to fit the beginner stereotype or not.
Sorry, I forgot some words: I meant: " a firewall and an HIPS "
Default allowing outbound and letting whatever software decide for you what is safe or not is definitely not an acceptable security policy.
It even might be quite dangerous due to the existence of a safe zone; what does the beginner if he does not want to be annoyed with some application he wants to use? He doesn’t ask himself if his behavior is safe or not, he puts the said application in the trusted zone, period.
The danger with such a policy is to let think the said beginner, often using, precisely because he does not have a wide security knowledge, security threats as p2p and instant messenging, that he is safe because he installed CIS in such a default configuration, whereas it is definitely not true.
If the default behavior of CIS was to ask, at least the beginner would have no excuse for not having learned by trial and error, and could not pretend that whatever firewall is able to do its job without ever alerting you about what it actually does.
It is strange that people will assume that “default setting should be oriented to novice/beginners” is equivalent to “Default allowing outbound for all applications”.
They are difference. At least, I would like to allowing only trusted applications for them.
I have many experiences with novice/beginners. So that is not stereotype, it is observation.
I wonder why anybody should ever think that defaults are NOT there for them to change regardless the stereotype they’re forced upon whereas in many cases there is actually a definite effort to restrict configuration rights (Windows group policies, CIS parental control etc.)
It didn’t look anybody has to ‘growth up to advance PC users particularly in firewall configurations’ to enable a layered security with outbound filtering:
It would appear reasonable to assume that those self-motivated to do so would take such a trivial effort to delete an “All applications” rule or switch the configuration (if they did not install specifically the firewall alone) though I agree that a simple wizard could be a reasonable solution and it doesn’t even endorse whatsoever observation or assumption…
…and while asking if they wish to be alerted about any application, only unrecognized or none at all it would even be possible to assert the merits/drawbacks of outbound filtering (regardless if they initially wished to go for that or not).
My point is that default should be oriented for novice/beginners. Advance users can easily change the setting to suit their preferences. So are you suggesting that it should be the other way round? Default should oriented for advance users and novice/beginners to change the default settings!!!
I really don’t see your point here ??? ??? ??? You like go on and on arguing …
As I said, I don’t get your point. Happy to know that we are some what in agreement of using a simple wizard. ;D ;D
Glad you are not continuing to argue. Whereas it was polite to reply, I had no urge to discuss (nor share) such point with you. 