Situations where ThreatCast fails...

This is the reason why many users think ThreatCast should be moderated somehow.
This message appeard when some trojan downloader (looks like Sality infection) tried to download junk onto computer.
2 users already selected ALLOW, and since 2 are majority here, everyone else will just follow this pattern, allowing malware to do its stuff. I hope something will be improved since it’s advising wrong thing to the end users.

I also have the sample (it appears to be a variant of Sality), but since this file was part of what this one tried to download, it’s very random and different files may show up each time.


Question is, how quickly can an example like this be “taken care of”?

It also raises the question of how quickly an incorrect ThreatCast rating can be rectified. I"d like to hear input from Comodo on this.

Ewen :slight_smile:

Maybe add an option (tickbox) to specify the type of user you are before allowing/blocking (i.e. I.T person or casual user). That way, if casual user is shown (rather than IT person), I think you would be more cautious before making a choice.


This opens up the “Of course I know what I’m doing!!” box. :wink:

Maybe there should be no Threatcast ratings if the quantity of replies is below a critical point.

Another idea I’ve just had - include a CIMA rating alongside the Threatcast rating.

I’ll keep thinking on this - it’s a very interesting angle.

Ewen :slight_smile:

Interesting idea, but how about these two options:
(1) “I am uncertain and I rely on the TC rating”
(2) “I know exactly what I am doing”

Excellent ideas, both of them. :-TU

I might be way off here, but wouldn’t that option just cause the same problem that rejzor had but without allowing him to block it?
Thats just how i read it. Sry if i misinterpreted something.

The way I understand Threatcast, it is supposed to show how others have elected to use a particular program, to give the user some idea how others have responded. It is still up to the user to determine which way to go with their decision. (There is no right or wrong in the displayed information.)
LA, Ewen and RejZoR, I would argue you in that you are suggesting change the results of TC only because it may not suite you, when it is in fact displaying exactly what it was designed to display.
If you don’t agree with the results, your choice would be to not allow the action being displayed/asked.
Maybe Jeremy’s suggestion of a D+ danger meter would come into play here to give additional information that could help someone inexperienced.
And before you can say anything,

If 10 people jumped off of the CN Tower, and you see this, are you going to say “Maybe I should jump also?” If you think it is questionable, you elect to do something different: take the elevator down to ground level. But it does not change the fact 10 people jumped.

I thought of something like that :stuck_out_tongue: (and I patented it too. ;D Just kidding):

and for Usability Study members:

That is very solid reasoning and a good example of why ThreatCast should not be changed. Including another input reading, such as the CIMA rating suggested by Panic, would compliment and enhance ThreatCast to give more informative, valuable feedback to the CIS user.

I was rather brainstorming, but I guess my point was that such an option could provide a provisional result in TC, to be further reviewed by Comodo. Just some thoughts. :slight_smile: :-La

I agree with you to some extent. However, as much as it’s up to each and every user, they may be inclinced to make a bad decision based on peer pressure… so whatever RejZor means with moderation, I think it’s worth considering. Now, if I remember correctly, TC is somehow monitored by Comodo. I just don’t know how.

Not the best example I have to say, because it’s much more obvious what jumping from a building can cause, compared to allowing some obscure process which is “green” according to TC. :slight_smile:

No. Clicking ALLOW button is one thing, jumping off tower is another. And chance of users clicking ALLOW for actual malware is like 10^500 higher than someone jumping of tower just because someone else did.
If users even disable antivirus because it’s alerting (annoying) them of malware, how hard it is to click ALLOW then?

Besides, what good it is ThreatCast if it’s still pure lottery?
In case of ALLOW/DENY, there is 50/50 chance for wrong or correct answer. However in example like mine with ThreatCast, i’d say all users would pick ALLOW. On a malware sample.
I know regular users behavior good enough that i can say this with great certanty.

From Re-design of CFP Alerts

“Too cluttered” would be my answer to this dialog…

+1… the thought is nice but I don’t think it improves usability.

Thanks for pointing this out RejZoR… Threathcast is not fail-safe and could be misleading…
I always thought this in my back mind that the risk is there but never bothered pointing it out.

I really hope people don’t see threatcast as a total reliable source.
If they do then they are probably still safer than clicking “yes yes” however… :smiley:

Iam not a fan however that I either sees a TC rating or the security consideration… :-
Both are good in seperate ways and helps users make a good choice.

I hope the new GUI presents both of them simultaneously.
Something I bet it will… =)

Normally i dont like RejZor’s posts/comments because they are one line critical statements with little or no effect on the workings of cis (atleeast from my point of view), but this one’s an exception, and a serious one at that…

1.Let me explain by way of examples. You are in a new country. Driving. See RED will you go … hell no. See Green will you go, if you saw 2 others going you would go. No the ALLOWED button is green in color whereas DENY is red. And those 2 people are like the other drivers. There is a SERIOUS chance that you’ll click allow. I know i might, coz humans have a follow the herd mentalitly (and this is non-debatale. studies spannning 5000yrs of history have shown this to be true…grin). Thats 1.

  1. Probability. 1/2=50% ie either allow or deny. Now 1 guy clicks allow so its 2/3=6% that you’ll click allow as 1 is allow. 1 is deny and 1 is follow that guy (this is a new decision coz you aint thinking yourself you are following). Lets say another guy comes along then you have 1st choice=allow. 2nd=deny. 3=follow the 1st guy. 4=follow the 2nd guy (whose allow too) or 5=follow both guys (they are both alllow) so the chance you clicking allow 4/5=80. More the number of people who choose allow the higher the probability that you’ll click allow.

1.whoever said its upto the user to decide (buchanan?) … why use threatcast?
2.its your decision in the end… again why use threatcast? and no its not ‘herding’ is at play.
3.redsign the dialog? hell yeah…
4.include cima? … for a user you might click allow based on x unknow people clicking allow… you expect him to understand that xyz.exe is createing svchostz.exe in c:\windows\system32…or process modifieie HKLM\etc etc without any clue as to if this is good or bad… workable for US(coz we know) but not for them. grin
5. not suggested… use ‘experts’ and use their rating. - last time i trusted experts (2000+ of them) i got sasser… ;D

I don’t know if english in the first language of many here… but if the dialog color’s are changed to neutral like black/black or white/white then thats the frist step. Second is change the wording.

x<10 people clicked allow. = “ONLY 2 people clicked allow” or 'Only 6 people clicked allow" - the word only is going to do the trick of creating doubt in the users mind.

10<x<100 = “15/24/66/83 people clicked allow” I am assuming >10 is a good chance that its harmless

x>100 “100/120/300 etc thought this executable is safe” again >100 assuming safe.

ps1. havent included DENY numbers(which would complicate matters) but this is a theoretical debate. grin

ps2. i seriously doubt comodo’s gonna do anything about this. so this is all for our fun. :smiley:

ps3. i dont use threatcast.

ps4. nice topic. have a nice day.

That’s a good idea. A minimum of 10 replies aren’t bad at all.