I’m a some time user of Comodo Firewall Pro 2, 3 beta and today 3, and it is my preferred choice as of today. Tankyoo.
As a web developer, I feel that Comodo make good user interfaces.
Even so I still see a few minor things - default settings - that could be pointed out to improve the user experience. If you don’t mind.
I just did my firewall upgrade at this machine today. And it reminded me of some points I’ve noticed.
I know I’m too wordy, so here’s the short version:
1 - Users will look up an application twice if they think it’s been blocked.
2 - Users will not intuitively find the Trusted Applications, or where to unblock a Blocked Application.
3 - Popups timing out - bad. Scary, stressful, renders the user feel helpless. Bad usability!
4 - Blocking the users software? Then tell him.
5 - Version handling should be different from handling new applications.
6 - Rookies cannot recognize windows core services, so HIPS need to.
And so onto the explanations… Thank you for trying to understand the usercases before rejecting.
1 - Firewall Events is a good, resizable popup. It needs to be sortable though.
However, this is a natural use flow:
a) user discovers that email/IM/browser does not work.
b) user confirms that internet access is still working.
c) user thinks ‘probably the firewall’.
d) user opens Comodo Firewall, clicks “Firewall”, “View Firewall Events”.
e) user confirms that there is a log entry, the application has been blocked.
Now the user should be able to either click on an icon - maybe (x) Blocked - or right click on the application. When he does, he should be able to change the status from Blocked to Trusted application.
Instead the user must close the popup, and “start over” looking for how to deal with the problem. It’s not far to “Define a New Trusted Application” but once there, he has to use the (rather good and simple) interface to find the application he already looked up once, all over again. That’s quite a few extra moves you have to do (and understand) when you already located the application at the very top of the Event list. You could have skipped a lot of steps if you could jump straight to “Define a New Trusted Application” with the application pre-selected, from the logs.
2 - Different user, different but as natural use flow:
a) User has a program. He wonders if it is blocked in the firewall.
b) He looks for the list of blocked applications. But he can only find “Define a New Blocked Application”. That doesn’t help. “Define a New Trusted Application” is not helping either, because he wants information, not to open the access. He can find links/buttons to manage settings for ports, networks, zones. But he’s looking for applications, the most natural thing to control, and he cannot see how they are set up.
The information IS available, of course, in Advanced > Network Security Policy. But he won’t look there. Why would he, he’s not working on network settings at all. A “View Application List” should be located between “View Firewall Events” and “Define a New Trusted Application”. Nothing “advanced” in wanting to know what the firewall allows through. Block, or Allow. That’s the most basic of all things a firewall does. Port Sets and Network Zones are far more advanced.
3 - Popups should not ever time out and disappear. Basically that’s like changing a user’s security level when he’s not looking. Also, you may need more than a couple of minutes to find out what FNPLicensingService.exe is and if you need it to access the net. If there is a lineup of popups waiting, you have a race.
I previously tried to set a high number of seconds before the popup times out, and I was not allowed to. But you just fixed that, didn’t you? I just tried again and it seems that the maximum time is raised to (2^32)-1, or a little over 136 years? Thank you.
This doesn’t help much for the rookie user though, when the default timeout value is still set low.
4 - Whenever a program is blocked for the first time, the user should be made aware (unless otherways specified in a supress message setting).
I say this because after upgrading, Trillians internet access was blocked. I was never asked if I wanted to allow it, and furthermore it probably should’ve remembered Trillian from the FP2 settings. Other 3rd party programs still worked, so it may just have been some sort of glitch. I’m currently in “train with safe mode” mode, and then I expect to be able to train the Firewall without it deciding to block IM, mail or browsers for me without letting me know.
5 - The notification for a changed program should be significantly different looking than for a new program. I know users that will think “Wha… why? I haven’t installed anything” when he should be thinking “oh right, I just permitted an update”. It’s two different actions, two different mindsets. He should only have to decide once if Opera 9 should have internet access. He already did, and will not change his mind because there’s a new and better version! When Opera updates 21 times to version 9.21, you should rather notify him that the application has been changed, and that you are happy to block it if this is an unauthorized update. Hey, doesn’t HIPS already protect Opera from such updates?
The rookie user should worry when a program suddenly appears out of nowhere. He should not follow the same thought pattern when an hyper-updated antivirus program does the hourly version update. So the firewall notifications should not be confusingly much alike on those two events.
6 - I’m not sure HIPS enabled should be the default setting until it has a better library of known trusted processes. I don’t know if it can be both user friendly and still as secure. Still, I can look up any service on the net and find out what it is, you can look up any service on the net and find out what it is, but the vast majority of the world’s population needs a little decision making help.
Here, the HIPS defence popped up asking a non-expert user if he wanted to allow to run a process. He said no, or maybe waited till it timed out. It was a windows core process. He could never again log on. He was unable to solve the problem himself or even have a clue as to why he could not log in. As many as possible of the critical processes should be recognized by the Defence software. And when they do, the user should be made aware that what he is or is not blocking, is (or if the origin cannot be confirmed, is or is posing to be) recognised as an important process.
For me, who’ve used Zone Alarm, Norton, and more for years, Comodo is user friendly and powerful. But even so, with HIPS turned on as default I still could not recommend it to a novice user, i.e. my mum. Not when it blocks services and programs without a rookie user having a good chance to keep up with it.
I have no illusions that my opinions on usability improvements are “the only right thing” or even important. But Comodo seems to be an organization that pays attention to user interface details (very much unlike Symantec) and I think these suggestions/objections should at least be heard.
And have a nice weekend.