Installation White List

D+ pop-ulp too much while most of the known software.
Of course it remind the user, and force them to think about allow to act or not.
But could they stored in the white list DB, and decrease the pop-up?

For example: I install Malwarebyte, and it comes lots of pop-up.
Of course D+ provide alternative selection for “installation mode”, but consider the usability to non-tech people, it is good for creating white list DB for the well known software installation.

Hello WinBMY.
I too wish that comodo focused more on the whitelist as I think it’s one of the best ways to improve usability. Unfortunatly though, Te whitelist updates do not seem to be very frequent or in a large enough quantity.

I hope our wish is heard.

Hi, Kyle,

Hmmmm, CIS version 3.9 beta does not handle installation white list while I test it yesterday.

they just need to add alot more default vendors to the 2trusted software vendors" list.

No they don’t… That list should be up to the user to decide who goes there. Any additions to the trusted vendor list should be approved by the user. Nothing should be added by default.

I agree. See this post for a suggestion on how the user can select what goes on the trusted vendor list.

Yes, I’ve read that. Notice that I commented right after that post saying that would work nicely. I still think that is a fantastic idea.

Well if the vendor is a trusted vendor by comodo then there should be nothing to worry about. And if you don’t want the vendor on your list then you can remove it. I just this its better for novice users that don’t want to spend a lot of of time going through there executables on there Pc adding them to the list and this will also stop pop ups when new software is installed.

Agree to have “Trust Vendor” list added in to “Installation white list”.
And it should be agreed by users before they added.

To avoid some baddies by using those “installation white list” temp file name to do suspicious behavior, they should be observed and monitored by the D+. Because most of the software installation will create some temp file during instatllation. If they are in the white list, then baddy will imitate the same temp file name for distribute virus, trojan, worm…

Why should a program be allowed to install on my machine just because Comodo says it’s OK? It’s my machine, I am the one who decides what I install on it! If I don’t know and trust a vendor, I don’t want CIS giving the vendor blanket approval to install all their products just because it’s digitally signed and someone in the community submitted the certificate…

I’m well aware that you can remove them. It’s just a complete pain to have to go through and trim the list after every update. As it stands, you can only remove one at a time which is a pain even with a shortish list. Not to mention the current bug that if you remove any of them, CIS wants to update and updating will give you the original list back…

And as to whether or not a large default trusted vendor list is a good idea remains to be seen… We’ve already had posts saying things like, “Why are there all these vendors in my trusted vendor list? I didn’t add them, but they say they are added be USER. Am I being hacked?”, and “CIS allowed -insert product name here- to install while I was away from my machine!!”.

This tells me that it will in fact not make operation easier for many users…

You can already disable the use of My Trusted Vendors under Defense + settings.

And as to whether or not a large default trusted vendor list is a good idea remains to be seen... We've already had posts saying things like, "Why are there all these vendors in my trusted vendor list? I didn't add them, but they say they are added be USER. Am I being hacked?", and "CIS allowed -insert product name here- to install while I was away from my machine!!".

This tells me that it will in fact not make operation easier for many users…

What do you think about Whoop’s suggestion? You didn’t take that into consideration.

Yes, I’m aware of that. The trusted vendors list makes sense for vendors such as Microsoft, (I am using their OS after all, so it seems a bit silly to say I don’t trust them…) so I don’t want to disable it. I just want control over who/what gets added to the list. Simply adding buttloads of vendors to the users list (and making it appear that the user added these…) by default is poor design.

Actually, I think Whoop’s suggestion is great. I said as much in the thread that he/she linked to. I was responding to MetalShaun who thinks adding more vendors to the list would make it easier for novices. I was merely pointing out that this does not appear to be the case with the list as it stands now, so how will adding more to it improve things?

You are still missing the picture, HeffeD. Using the Trusted Vendors whitelist does not automatically say any program they offer will be installed on your system. You will always have the final say on what is installed on your computer. Nobody will ever take that away from you.
What the trusted vendors whitelist does is to eliminate or minimize the popups otherwise produced by software from that vendor should you choose to install something from a vendor in that list. (No extra work on your part).
This is a convenience feature that is great for newbies, and if you don’t want it, simply remove it.

No John, I see the picture, I promise.

I guess you missed the post from the user that had Netwaiting install itself on his machine. You’re right though, No popups asking if it was OK because Microsoft is on the trusted vendor list, so that does make it an easier install for newbies… 88)

So basically, In this instance Microsoft had the final say as to what was installed on this users system instead of the user, contrary to what you say. The trusted vendor list allowed this to happen without warning the user.

Granted, not every vendor has the access to your machine that Microsoft does and this was obviously due to the users automatic update settings, but the simple fact that such a thing can happen while using CIS sounds like cause for concern to me.

I’m surprised this doesn’t seem to concern more people…

Edit: And again, I’m not against the trusted vendor list, I’m just against vendors being put there that I don’t trust. So as I’ve mentioned, the advice to just turn it off is inappropriate.

Just to follow through, (I did see the thread) Windows automatic update settings, in your example, are user controlled. So this user did have the final say, as he wished windows to update automatically.
CIS worked as expected. Saying it was wrong to allow the update is contrary to the user’s update settings.
This user can just as easily disable Windows Updates to prevent them from being installed without user confirmation, or disable it completely to prevent any and all updates from Microsoft.

I’m not saying CIS did anything wrong in this instance. We’re talking possibilities here. I’m merely pointing out what is possible with anything on the trusted vendor list.

Yes, as I said, it was obviously automatic updates. Yes, the user has control over those settings. Whether or not the user realized this fact is more or less irrelevant. So we must also add, Yes, CIS allowed software to be installed without the user knowing.

I seriously don’t know what the big deal is about simply asking the user which vendors they would like added to the list instead of just dropping a list on them…

Not a big deal, HeffeD. Don’t get me wrong, I think it is a good idea. I just wanted to stress software installation is always user choice what they want, not software-governed.
(As long as any security and installation policies in effect are taken into account, and even these can be changed)