(:AGY) Still waiting for this… :-TD
So we’ll ask again.
Will you please add keyboard shortcuts on the alert dialogs so they can be dismissed/dispositioned more quickly with keyboard shortcut keys?
C’mon, give me the source and I’ll add them for you! What’s the problem? All that hard heuristic coding, and you can’t do the easy stuff?
V
(this post is a revision of a previous post which was off-topic in the thread it was in. Copied/revised here where it is relevant)
Since the argument that keyboard shortcuts make virus work easier has been tossed around in ignorance by several on this board, I offer the following preemptive rebuttal for this thread.
Automation of application windows and controls in Windows has always (since Windows 1.0) been as easy as using SendInput(), SendMessage()/PostMessage() (and, in NT/XP, PostThreadMessage()) and other native functions to send mouse OR keyboard input to any window in the system.
On the Comodo FW alerts, run SPY++ from Windows Platform SDK or .NET tools, and you will see that the alert is just a standard “#32770 (Dialog)” class dialog, and all the controls inside it are just standard windows which are children of it. The “OK” button is just a standard button of class “Button” with a text caption “OK”. You could easily write a VBA script that would change the text or click that button every time it shows up. Yes, I’ve done that from VBA, VB, C, C++, C# and Python.
I have tested automation of CFP alerts with automated mouse clicks, and it works fine.
So, I will reiterate that the “keyboard shortcuts are a security risk” argument that keeps being shot from the hip out here is complete bunk. If keystrokes are a security risk, THEN so are mouse clicks, because they can all be sent as simple messages through PostMessage() by sending clicks using WM_LBUTTONDOWN/WM_LBUTTONUP at the (x,y) somewhere in the button.
Let’s have some keyboard shortcuts! Version after version, this has been requested, and ignorantly left out with each subsequent release.
-:Viper:-
I really don’t think the COMODO developers were purposely leaving this out. They were working on CIS for a while and now they are very busy working on bug fixes. I’m sure it’s on their “to do” list, just not as high of a priority.
This was in the case in CFP 3.0x… Or am I wrong? Where users on the GUI could use arrows to “go” between buttons, etc.
Anyway… certain things have priorities. As you can see in the bug thread.
Josh
They Would have to increase their key logger protection if you would have this wish added onto CIS/CFP and Other Comodo Products
I would say, leave as it is…
Off Topic: Are we getting lazi-er by the days?
CG
Well, disable the mouse interface, too, then, because you can automate mouse actions easier than keyboard.
I would say, leave as it is...
Why would you rather force people to have to use their secondary input and use the lazy button to disposition the alerts, rather than using the keyboard (which their fingers are already on at the time)?
One of the major design violations of software now is the complete ignorance to making the software work without a mouse. One of the chief design criteria for Windows applications is to be able to use any application completely free of the mouse.
What would you tell the user who doesn’t use a mouse on their PC? (Yes, they are out there – and they will be able to use MY software products, because keyboard shortcuts are designed into my automated QA procedures, and apps DO NOT PASS for release if their keyboard interaction fails in any area of the app – but they won’t be able to use Comodo products!!!).
Off Topic: Are we getting lazi-er by the days?
Yep, that’s why there are mice. Mice are for lazy people who won’t bother to learn the accelerator keys built into mainstream applications, so they fall back and use the blasted mouse. Who’s lazy? The ones who learn the accelerator keys and shortcut key mappings, or the ones who won’t be bothered to learn them, and just do everything visually?
I’ve been developing software for PCs since the Commodore 64, and I worked for Microsoft – on software and device drivers on Windows 3.0/3.1, 95/OSR2, 98/SE/ME, NT 3.0/3.1,4.0, Windows CE 1.0, 2.0/2.1, Windows 2000, Windows XP, Windows Mobile/PocketPC and Windows XP Embedded – over 14 years. Part of the time I worked SPECIFICALLY on application Q&A in the area of making sure Microsoft products passed usage with NO MOUSE! Yes, Microsoft products operate completely free of the need for a MOUSE! Windows ITSELF doesn’t require you to have a mouse to use it.
What’s your computer background that gives license to trash-talking on software developers?
There are many advantages and disadvantages of using Keyboard
For Example, I’m typing some text in hmm… notepad =) And at that moment CIS window appears. But I saw this too late and had pushed Enter or Space - doesn’t matter.
At this moment I can see a situation, when I answered on CIS quiestion without wanting it.
So, critical answers shouldn’t be easy clicked.
Also - ability of application to work fine with only keyboard - it is great. But some movements really faster to do with mouse =) Even if you know ALL shortcuts on keyboard.
So my opinion - CIS Alert window should be able to be operated without a mouse, but it should be strong against often-use keys or combinations (Space, Enter, Ctrl+Enter, Ctrl+Space, etc) Also Alert Window should NOT be focused inside on any botton such Ok or Cancel and shouldn’t accept key input like Ok or Cancel without focusing on that botton.
IMHO, Yes there should be hotkeys on comodo alerts ( yep, I voted for “they make or break the software for me” ) and yes those hotkeys should not be common ( no ESC, ENTER, CTRL+ESC etc. and no autofocus ). And I realize it would take some effort to code some additional interface protection, but well… as someone somewhere said before security by obscurity is no security at all .
i voted “Really need them!”
at least there should be an option somewhere for those who “dare” to use hotkeys. it would make comodo much more user friendly.
This is probably a easyway to bypass CIS popups, I vote no no no no, unnecessary there is a so great reduction in popups now anyway with the new beta.
Also :Viper:- attacking the window with mouse clicks require some more work than using keyboard commands beacouse with the keyboard approach you that simply can send the command anywhere, into space. While a mouse click approach would need two coordinates (x, y) somehow, and to do this well it need to have screen resolution and comodo popup placement.
Also the mouse approach is a buggy one, since it needs to somehow monitor when a popup comes, and click and if by accident somehow comodo popups, popup behind something (you run a full screen application) then the click will miss, or will keep trying to click making the user suspicious.
And as far as I know, there is no way to send a WM_LBUTTONDOWN/WM_LBUTTONUP command without the mouse moving (of course you can make it go back to its former place fast, but still it will be a buggy approach since that command will make any click with the right mouse button go away, coursing suspicion.
And the same goes if Iam moving something, DRAGGING it, ex a file, if you tries to quick left click on a window the dragged file will get dropped to were ever you are hovering it. Making this way to attack less useful.
Let me just first mention that you can actually use the keyboard/keystrokes to close the alert windows NOW. You just have to set the input focus to the alert window using FindWindow()/SetForegroundWindow(), then send it a few TAB keys, and a SPACE key. The alerts do not come up with the input focus on them (to prevent you from actually dismissing them by accident), and you have to click them with the mouse before you can tab around in them and dismiss them with the keyboard.
The problem right now is that you can’t even ALT+TAB over to the alerts, and even if you could, it takes a convoluted TAB/SHIFT+TAB and then SPACE to get the focus to the OK button and press it (with SPACE).
What we need for advanced users is keyboard short cuts that can be turned on, and when they’re turned on, make a way to get the alert window to have the input focus, and let the user clear them with defined accelerator keys.
As for your argument that mouse is buggy and keyboard would open up big hole in security, let me calm your fears and assure you that either mouse or keyboard are equally easy to implement for your most ignorant, snot-nosed script kiddie hacker-wanna-be (and any actual programmers with malicious intent).
And, programs can send keys to the alerts to clear them RIGHT NOW. Users just can’t use the keyboard to clear them. Quite a paradox, eh?
Using mouse events, a hack program will have to use FindWindow() to find the OK button, and send that individual window (button class) events. I know, I have a program that does that. As I mentioned in my original message on this thread:
On the Comodo FW alerts, run SPY++ from Windows Platform SDK or .NET tools, and you will see that the alert is just a standard "#32770 (Dialog)" class dialog, and all the controls inside it are just standard windows which are children of it. The "OK" button is just a standard button of class "Button" with a text caption "OK". You could easily write a VBA script that would change the text or click that button every time it shows up. Yes, I've done that from VBA, VB, C, C++, C# and Python.
The following assertion is absolutely FALSE and ignorant:
the mouse approach is a buggy one, since it needs to somehow monitor when a popup comes, and click and if by accident somehow comodo popups, popup behind something (you run a full screen application) then the click will miss, or will keep trying to click making the user suspicious."
The window can be found with a simple FindWindow() on a timer watching for it (there are other controls on the dialog that can be used to tell it’s the alert dialog") to get the window handle of the OK button to which to send mouse messages.
FURTHER, sending mouse click messages to a button does NOT move the visible mouse cursor on the screen.
As for using key events, if accelerators (shortcuts) were implemented, a hack program will have to use FindWindow() to find the OK button, give it’s parent focus with SetForegroundWindow(), then send the accelerator key combinations to that window (the “#32770 (Dialog)” class window that the alert is) using messages or SendInput(). It could do similar things, as I mentioned above, with sending TAB and SPACE to the window today.
Either way, piece of cake. Mouse is actually easier… and you don’t need to know where the window is, the screen resolution or anything, you just need to find “#32770 (Dialog)”, then find it’s child, “button” class windows, find the one that is “ok”.
There are actually ways to prevent a program from being tricked by either programmatic mouse OR keyboard input. Let’s hope that Comodo adds keyboard shortcuts and those defense measures. Today, PROGRAMS can already automate the alerts with mouse AND keyboard, but you and I can’t use the keyboard to clear them ourselves.
A silly, annoying, perplexing paradox.
Oh, and ZoneAlarm has had keyboard shortcuts on alerts for a decade…