The current way in which CIS has chosen to organize it’s system protection and sandbox components is opaque, less intuitive than it can be, and snubs those of us who prefer using “HIPS” outside the sandbox.
Problems…
- HIPS functionality by itself has been buried.
- Even when HIPS is disabled, it is running as part of the sandbox.
- HIPS is an opaque acronym, yet it is best described, concisely, as a behavior blocker.
- The sandbox is not a behavior blocker, especially in light of HIPS being exactly that. The sandbox is a vritual-izer.
- The behavior blocker, under advanced settings, is represented as a component separate from the sandbox and HIPS, when it is actually comprised of both.
- Defense+ is represented as being comprised of HIPS, Behavior Blocker, and Sandbox, in the advanced settings window, yet it is the Behavior Blocker that gets precedent on the main GUI.
Solution…
- Rebrand HIPS as the Behavior Blocker.
- Rebrand the sandbox as the Behavior Virtualizer.
- Represent both as independent and equally prominent components of CIS in both the main GUI and advanced settings.
So, after some discussion of HIPS vs Behavior blocker, I feel compelled to make the follow points…
- Some have made the case that the distinction is that: A HIPS allows for more granular control than a Behavior Blocker.
Well. Ok. It’s right there in the sentence. This doesn’t justify splitting them into separate components. It creates a demand for a more versatile implementation of controls for a single component. Allow the HIPS to function at varying levels of granularity.
- Some have made the case that the distinction is that: A HIPS is for more advanced users than a Behavior Blocker.
This is a side effect of being more granular. Allow the HIPS to function at varying levels of granularity and you allow the HIPS to be accessible to both novice and advanced users.
- Some have made the case that the distinction is that: A HIPS is less automated than a Behavior Blocker.
Another side effect of granularity, and something solved, in part, by allowing varying levels of granularity. Good design for settings, alerts, and complementary services like File Ratings solve the rest of that issue.
- Some have made the case that the distinction is that: A HIPS blocks specific behavior where as a Behavior Blocker blocks an entire application.
Broken record. Granularity. But seriously. Look at that sentence. Which one blocks specific behavior? The Behavior Blocker ofcour- oh wait.
- Some have made the case that the distinction is that: A HIPS relies on the user to determine whether an application is good or bad where as a Behavior Blocker determines this for the user according to specific combinations of behaviors.
So… you could have two separate components, blocking the same program from performing the same behaviors, one that’s naggy and one that’s smart. Or… have one component and allow for the ability to tailor just how smart or naggy it will be.
- This juxtaposition I just love: “The biggest downside to behavior blocking is that it requires higher level of experience on the part of the user, who must individually make decisions about what is - or is not - allowed,” where as,“While HIPS […] is best suited for experienced users who have both the knowledge and the patience to answer the prompts and make the proper configuration choices. […] behavior blockers help with much of the decision making. [ Behavior Blockers ] can be far simpler [ than HIPS ] for users to understand.”
Complete 180 between two articles both linked to from this thread. Behavior blockers are hard! No wait! They’re easy! HIPS is hard! 88)
Have I missed any key distinctions that supposedly justify keeping these components separate?
A footnote in this absurdity: Let’s call one component… a firewall. This will be more granular, naggy, and just for advanced users. Let’s call this other component… a connection blocker. It will block whole programs from the internet with little to no user input. Now, since these two components actually do the same job, let’s recommend that only one be active at a time. Genius idea right? (… end scene.)
Login to view the mockups…
- Apply button.
- Removal of double negative style check boxes.
- “Behavior Blocker” refers to HIPS, and contains all appropriate settings.
- Groups section for quick access to file, registry, com, zone, and port groups.
- Apply button.
- Removal of double negative style check boxes.
- “Behavior Virtualizer” refers to the sandbox, and contains all appropriate settings.
- Application list and shared spaces are separated into two panels.
[attachment deleted by admin]