I am currently using the latest version of Comodo PFW on my PC, and it is stable and working smoothly with all of my programs.
Since Threatcast will be a new feature, and the database has not yet been established until people use it enough, will it be a feature that will be incorporated into the next stable version of Comodo and permanently on, or an optional feature that can be turned off until it is proven that the database is accurate and quite comprehensive?
Like a previous reviewer stated, I would be more content if there was a known security recommendation concerning a program coming from a Comodo security expert combined with what action people took with the program.
Not everyone is familiar with different programs, and some might accidentally accept the alert action when they should have rejected the program. I would hate to see that because 5 people said yes, and 2 said no, that the recommendation would be to accept the program by Comodo PFW when in fact the program was malicious or some type of trojan.
I agree with you. I like to be alerted as well but my concern is with the quality of the alert.
I do not think most people like to be interrupted incessantly with pop-up messages unless it is something critical but the premise here is for the user to make an informed decision, and the question is whether most users are competent enough from a security standpoint to make the right decision concerning a particular program’s access rights or permissions.
I am honestly NOT a security expert, so I appreciate it when the firewall that I am using provides a recommendation that I know came from a trusted source.
On the other hand, will Comodo experts filter the data supplied? In other words, are there mechanisms in place that will determine whether people made the proper decisions before it is entered into the database?
I hope this is an option you can activate or disactivate. And also I think that at least at first there should be some filtering by Comodo but it does not looked to be designed for this. The snap shots just show how many alerts CFP has detected and the ratio/number of users who have chosen each option Allow/Block.
No I don’t think most users can be trusted to make the correct decision Nut we will have to see how this works out.
and you do not have to be a lemming ifyou chose not to be one.
I believe it is a GREAT idea for newbie CFP users. But Personally i like the pop ups it makes me feel secure to know that my firewall is truly doing what it is meant to do. I’d honestly feel that my computer is Vulnerable if i didn’t have those pop ups (L)
I want to thank all of you who have replied to my posting so far but I wish to clarify my topic.
I did not wish to imply that pop-up alerts should be disabled. By all means they should be enabled unless the user does not wish to receive them.
My topic has to do with having an option to disable Threatcast at this time. Since this is a new service, and the database needs to be built, I would be more content if CPFW provided a pop-up, an alert that also contained a recommendation as to whether I should accept or deny/block a program based on a recommendation by a Comodo security expert.
To indicate how many times individuals accepted or denied a program is like playing with fire. Not all of us are security experts, and not all of us are familiar with every type of threat out there. Some people may just accept a program so as to stop receiving alerts when in fact they should have denied it. So to provide a statistic as to how many said yes, and how many said no is not enough information to help make an informed decision. It would not be enough for me at least.
The question that needs to be asked is can we trust the source. I think before Threatcast is roled out as a permanent feature in CPFW, it should be made an option. Once, and if Comodo can determine that most people made the right decision, then it should be permanently implemented or always on.
Another way might be to just compile statistics of what people did, analyze the validity of their decisions, and then incorporate that to support or reinforce the security recommendation that the firewall makes in regards to what should programs should be blacklisted or whitelisted.
I also like the idea. It should be a permanent option, It will be great for Newbie users of CFP 3. I also like the alerts, But I don’t get alert much since I am with “Train with safe mode” in Defense+, and its already learned my programs in past 2 weeks
I understand your concerns…
But the ThreatCast statistic is not the only thing you should rely on when answering an alert. Popups still contain the information that they did before TC also with the recommendation. It can be found under Security Considerations tab on the popup. TC is only there to help you decide if you are not sure. But it is not a guarantee.
This thread seems to hit on such a good idea, that, given your attention to user needs, I suspect you guys must have already thought of it…
Here’s the idea that I see emerging, that the threatcast statistics are valuable, even if based only on the user information that it embodies. However, it is an EXCELLENT idea that the Comodo experts monitor responses. You guys are very likely to spot the errors that users might make when things are not so obvious.
So for the unsophisticated user, trusting the majority of users would be reassuring and reliable.
But, for the “average” user, there are certain to be a few cases where mistaken action is a majority choice, or at least many people might go astray.
And in the case of some “tricky” alerts, and in the case of spyware, and other malware, even sophisticated users might make mistakes.
In that latter case it would be highly desirable for Comodo experts to review action and communicate to users, perhaps through a periodic report on the threatcast statistics pubished by email or on the website or as a threatcast feature.
“Agreeing with me doesn’t make me right. Disagreeing with me doesn’t make me wrong” I think using the raw statistics could cause some interesting conflicts between user classes, since understanding of “why” is missing.
You can stratify the response of the threadcast i.e. based on their competency. In this example you can define several group during the threadcast registration. When they register they may put their status as example group 1 are expert user, group 2 are programmers, group 3 are common users etc. You can define that group to the most suitable group from Comodo perspective. Then we can see the statistic, don’t forget to put the overall group result.
One thing I could suggest would be to not display TC stats until the stats for a particular app had reached a certain level.
For example, if I’m the first person to get a zero day malware and I accidentally allow it, others would then get a postive response from TC that may lead them to also accept it. This could then escalate ad infinitum. If, however, there had to be X number of responses recevied by the TC servers before it displayed stats (in this case the Security Considerations tab would be bought to the front), users would not get a TC response and would need to rely on the Security Considerations info, which would hopefully indicate it was malware.
Well, I think this has potential, but I do agree with Ewen.
I have put this Beta on my wife’s Vista. She complains a lot about “all these windows pop up, and I don’t know how to answer them…can’t you just make them go away?” Putting CFP in Clean mode has helped her some, maybe this will help her make decisions on the few windows that still pop up.
I think that is a good idea especially when you get alerts like this one I though if you want to run Msconfig you have to allow it access to the service control manager or maybe not.
Dennis
A “send or not to send option” i think this is something that needs to be added.If you block something deliberately even though you know its a safe application,could be miscontrued.
A tick box asking if you would like this answer to be considered.
