Unified Application Control

Notice: If you endorse these designs, please make sure to keep the topic up with a post as well. Let me know if there’s something you’d change.

Ultimately, we are controlling applications. Why then, do we have to jump from component to component to manage one application?

I propose a unified application control, whereby the user can control how every component of CIS handles the application. The following design combines the “Application System Activity Control” window, it’s child windows for “exclusions” and “customize policy,” and the “Application Network Access Control” window.

The design also adds functionality for advanced users, and convenience, hopefully, for everyone.


Login to view the prototype…

  • Quick access to advanced rules via tabs for more experienced users.
  • An overview for any user to quickly determine how CIS’s various components handle the file.
  • The ability to see a program name, not just its file name. I think this is especially important for novice users, and something that windows task manager has been doing for years.
  • Apply button. Seriously.
  • Quick toggles for more novice users.
  • Ability to export/ import configuration for an individual application.
  • Unification of workflow into a single drop down menu.
  • Sort, search, and edit in line.
  • Quick toggle on upper left mirroring the one on the summary tab.
  • Slide out and in-line edit buttons hidden.
  • Quick access to Network Zones and Port Sets via “Groups” button.
  • Ability to export/ import configuration for an individual rule.
  • Options button that brings the user to a window where they can change: whether or not the slide out buttons are always shown, whether or not the in-line edit buttons are always shown, what columns should be shown on the table.
  • Slide out and in-line edit buttons shown.
  • It should go without saying that everything you can do via button you can do via right click context menu.
  • In-Line edit buttons hidden when fields are not being hovered over by the cursor.
  • Fields can be customized via right click menus to be shown or hidden.
  • This is an example showing only Priority, Name, and Description - akin to the classic UI. I’d also like to note just how opaque this list format is in comparison to the true table above.
  • Sort, search, and edit in line.
  • Quick toggle mirroring Basic Controls.
  • Quick access to Registry/ File/ COM groups via “Groups” button.
  • Tree style view for quick access to Exceptions.
  • Ability to export/ import configuration for an individual rule.
  • Slide-out buttons (like v6) with check-box to toggle buttons always-on.

[attachment deleted by admin]

Update round 2: I tried to make it more space-efficient and restore the classic, separate for each component, policy style.

For reference, I’ve attached the original to this post.

And to the lovely fellow… who voted that they dislike the whole thing, without comment as to how even one of the ideas is misdirected, and considering the hard-to-fathom idea that this person is technically voting against having the ability to search or sort their rule-sets… you’re being a tad impolite.

[attachment deleted by admin]

I just have to ask, this is not an alert but rather when you go into CIS and decide to change the rules for an application manually, right?

That is correct. It’s combining the Application System Activity Control window, it’s child windows for exclusions and “customize policy,” and the Application Network Access Control window. It’s adding some functionality on top of that and making the usability more consistent.

Update Round 3: I’ve tried to make the main screen less intimidating and limit the variety of interface controls. I’ve now completely sequestered various classic options within the drop down menu - I think logically so.

I’ve attached the previous iteration for reference.

[attachment deleted by admin]

Update Round 4: I’ve restored the slide-out buttons available in version 6, but added a way to keep it always-on.

Very nice Glifford.

I really wish that the Usability group listened to these ideas.
These designs echo just what Comodo needs to appeal to the multitude of users (tech, non tech, geek, novice etc…)

Now as I understand the Application System Activity Control Charette on Comodo Forum gets integrated into this except for the ADDING RULES which would remain as is.

Again APPLICATION NETWORK ACTIVITY CONTROL charette on https://forums.comodo.com/wishlist-cis/cis-charrette-application-network-activity-control-t66314.0.html gets integrated into this except for NETWORK ACTIVITY CONTROL RULE (CREATION) which would remain as is.

Last Firewall Alert on Comodo Forum continue as is. Thus allowing catering to different user competencies.

Based on this what should be done is in the main CIS interface, a show advanced settings checkbox on the Settings window would control display of tabs. Wherein all tabs other than Basic would be hidden.

Another small thing perhaps its my preference, rename the Network Rights to - Network / Firewall Rights

Regards

Thank you :slight_smile:

While I won’t be so smug to suppose that I’m the reason for certain design choices in CIS6, there is at least one change that mirrors the main thrust of the Application System Activity Control Charette: putting the “access rights” and “protection settings” onto the window with policy and path selection. Regardless of whether it’s because they saw me do it, they are making some good changes.

As far as the charettes go, you’re understanding the relationship correctly, though I have plans to supersede the alert and rule creation windows as well.

Regarding the check box to show advanced settings. In earlier designs I had employed something like this and eventually decided it essentially does the job of a tab, but at the cost of impeding exploration. Perhaps one user’s workflow involves the use of one “advanced” tweak on a frequent basis, but no other. Tabs, on the other hand, allow more on-demand freedom, with - so far - little impact on the use of chrome.

Where an advanced toggle trumps tabs is when there is an option to put both simple and advanced things together on the screen at once. The button slide-out sort of operates on this principle. Beyond merely the obstacle that the vocabulary poses, I think the network rights tab is much less intimidating when the buttons are out of the way.

I agree that my naming scheme needs some work. It doesn’t jive with Comodo’s branding of “HIPS” and “behavior blocking” either. I’d considered calling it firewall rights, but thought it odd since, while the firewall grants rights, it’s granting the application rights to the network. That said, I think you’re right that I need to work the word “firewall” into the naming scheme.

Gah… I’ve written a book. This is why I draw pictures :stuck_out_tongue:

Update!

I’ve added some place-holder icons and changes the names slightly on the basic controls window.

Previous iteration attached for reference.

[attachment deleted by admin]

Please if its not asking too much could a Mod sticky this post ? It will be much appreciated.

I don’t want the sticky section to get too crowded. But it’s up to the moderators’ discretion.

i like the idea especially the apply, sort, search and combining it into one

honestly i like round 3 and or 2 but not so sure about the treeview

though i guess it looks hard for other user but if it is using the same theme as cis 6 it may resolve some of the overwhelming look to the user,

by theme i mean using link like combobox instead of actual combobox and it seems the current cis 6 application rules and firewall rules seems easier for the majority

also thought if the textbox in basic was labels instead but it would be bad if the description is to long

for the alert i do like how online armors arlerts look
i do think the user need to see the if its in/out, protocols and from where and to where for firewalls at least

and with this i vote i like most of it

Personally I don’t see the need for any of this. I’m perfectly content with letting the program handle these things with no interaction required.

The key word being “personally,” I suppose. As cars have yet to acquire the ability to change their own oil or diagnose their own odd sounds, so security suites have yet to have no need of human interaction. For those of us inclined to take advantage of the capabilities that Comodo has already provided, I seek to improve the experience.

As much as time is money and as much as time spent doing one thing cannot be spent doing all other things, your treatment of my suggestions as an either-or proposition - that my suggestions preclude your fantasy - is grossly myopic and unrealistic. While our ideals are at odds, they do not preclude one another. While I did not set out with this thread to further a notion that your ideal experience be threatened, you have set out in your comment to further a notion that threatens mine, and I feel unjustly so. That is the source of the animosity you may be detecting at the moment.

I hope, and I hope you start to hope as well, that as CIS continues to move forward, it can improve both our experiences: the experience of those who wish for more extensive automation, and the experience of those who wish to easily delve into the more granular workings of their system. There’s the olive branch.

Otherwise, you aught to get busy making your wishlist threads about all the windows and options you’d like to see removed from the program.

There is no fantasy involved and there actually are no options I’d like to see removed. I don’t see a reason for any animosity and consider it unwarranted. I just don’t see any reason for the amount of program control that was presented.

How is it hard to fathom? Some people don’t want any rule sets other than what may be needed to restrict unknown things until they either become known and trusted or are determined to be bad and get blocked. After either determination is made, any created rules can then be deleted. For known safe things, why bother?

I have been using v6 for a while now and I have no rules of any kind except the default ones. A little more tolerance for other views would be nice.

Do not confuse my critique of conduct or rationale (or lack thereof) as a critique of the view that CIS aught to remain (or become more) automated. Do not construe my offense at thoughtlessness or undue entitlement as offense at an end user experience that would satisfy you. You are doing so in err.

Maybe I shoulder some of the blame for not making a poll-option whereby you (and others) could declare, “this is not important to me,” but there is an ocean of difference between dislike and indifference. To vote the former without so much as an inkling as to why - to declare a dislike of the entirety of a person’s efforts without any indication as to the grounds - is unduly callous.

And yes, it is hard to fathom the idea that should someone be given a table with information, that they would not merely find it unimportant to be able to sort and search that information, but actually dislike having the ability to do so.

Suggesting that my aforementioned incredulity and offense are derivative of an intolerance for your views is snide and ridiculous, that is, unless the view to which you’re referring is not for a better user experience for both of us, but rather the adversarial view seeping through your comments that the user experience aught not to be improved for those of us who don’t use the program as you do.

The fantasy to which I refer is that which your comments beg, by analogy, of the car that maintains itself. That you 1) comment that you are content to let the program handle what the user is already empowered to tweak, 2) under the context that improvement to the experience would be unnecessary, suggests that 1) the user experience of fine tuning rules aught not to be improved, and 2) the ideal nature of a security suite, as one which can manage itself, renders improvement to fine tuning (even fine tuning itself) obsolescent.

But allow me to entertain the notion that you actually draw a blank as to even a single reason for my suggestions. Currently, should one want to make changes to the way CIS handles a single program across its multiple components, the user must jump across numerous windows. Here, I’ve suggested the convenience of being able to manage a single application in a single window. This, even the idea in itself, is something to dislike - something so unnecessary that it should not be available? Is there not any reason there? Shall I continue?

Lastly, I’d like to point your attention to the poll. I do believe I’ve made it possible to change one’s vote, and I’ve now added the ability to claim indifference as oppose to merely like and dislike. I trust, as in alignment with your attempts to temper what you’ve said, you’ll choose the option which better suits your genuine feelings toward the ideas presented in the original post.

Thank you.

honestly i like round 3 and or 2 but not so sure about the treeview

I feel similarly about the tree view. I’m not ready to give up on it just yet though.

though i guess it looks hard for other user but if it is using the same theme as cis 6 it may resolve some of the overwhelming look to the user, by theme i mean using link like combobox instead of actual combobox and it seems the current cis 6 application rules and firewall rules seems easier for the majority

I am an ardent supporter of buttons that look like buttons, drop downs that look like drop downs, etc. I prefer linked text to only ever open a new window, as oppose to masquerading as a number of ui widget types.

and it seems the current cis 6 application rules and firewall rules seems easier for the majority

I think what I’m proposing is actually easier, but you are right that it doesn’t seem easier. There is still too much clutter. I think hiding the in-table buttons until the field is moused-over would help.

also thought if the textbox in basic was labels instead but it would be bad if the description is to long

I’ll experiment with removing the text box and making the description more like a label.

for the alert i do like how online armors arlerts look i do think the user need to see the if its in/out, protocols and from where and to where for firewalls at least

None of these windows are alerts, to be clear. Are you talking about the alert in my old CIS Charrette thread?

You are correct that if the option in the poll that now exists was there when I voted ( I was the second vote for dislike btw, not the first who gave no reasons) I would have chosen that. I would change my vote now but I don’t see the option to anywhere.

As far as the self maintaining car, I never said or meant that. I just want something that only controls possible threats and lets the safe stuff do whatever it needs to in order to function correctly without me having to allow it to. Only warn of possible problems like the gauges and/or warning lights in your car do.

It’s alright then.

As far as the self maintaining car, I never said or meant that. I just want something that only controls possible threats and lets the safe stuff do whatever it needs to in order to function correctly without me having to allow it to. Only warn of possible problems like the gauges and/or warning lights in your car do.

For emphasis, none of what I propose requires that you intervene where previously you had not. To stretch the analogy, I’m trying to give those who’d prefer to be the mechanic, a jack instead of a stump of wood.

And I still take issue with what has to be exaggeration on your part: your self-admitted complete lack of a clue as to what reason there might be for any of these improvements in concept or the proposed implementation. Your implicit insistence, on these grounds, that they ideas be forgone is grating.