Main Area and Open Discussion > General Software Discussion

Nirsoft's Antivirus Hall of Shame

<< < (3/4) > >>

Stoic Joker:
Can it be done? Sure. But I think the effort required for those communications (and the infrastructure to support the communications) is far more than most companies are willing to even entertain, even if they had the imagination for the task (which I doubt is there as it requires reimagining standard and common practices).-Renegade (October 20, 2015, 11:15 PM)
--- End quote ---

It's actually not that hard to do if you get a bit of a buddy system going. If Email/system message X looks suspicious/odd/important., ask somebody, anybody...just as long as there is a second pair of eyes on it (it makes a difference). There will always be that one person in any group that is brighter than the rest, so use that person to your advantage and let the others go to them. Smaller groups of brighter people train the herd of others ... Leaving the IT staff to mop up the messes of those that don't catch on as fast.

Most importantly, force people to get in the habit of actually reading the messages that are presented to them. I've been informally training both our in-house staff, and the staff at our clients for years, and it's been quite successful. I do frequently get calls from client locations asking about strange messages/behavior from time to time ... But it's at the 'Just click no!' stage that I can get them out of on the phone now about 95% of the time.

wraith808:
Most importantly, force people to get in the habit of actually reading the messages that are presented to them. I've been informally training both our in-house staff, and the staff at our clients for years, and it's been quite successful. I do frequently get calls from client locations asking about strange messages/behavior from time to time ... But it's at the 'Just click no!' stage that I can get them out of on the phone now about 95% of the time.
-Stoic Joker (October 21, 2015, 05:56 AM)
--- End quote ---

This.  100x this.  Winpatrol is great... if you read the messages.  It, more than anything else, has saved me from countless hours working on relatives' machines.  But it does take attentive computing.

JavaJones:
Maybe people just click through because the current warning dialogs say little or nothing to them that they can understand or use to make any kind of rational choice. Maybe there are too many such dialogs (false positives, remember...). Both of these issues can be improved.

There are, of course, always going to be people you just can't reach or make understand what the software is saying. But that doesn't mean it's not worth trying to improve the current approach which uses obscure (even to me) references and terminology and provides minimal real, relevant information. It would be fairly easy to design improved dialogs for this sort of thing that provided a 2-3 sentence summary of the reason for the warning, e.g.:
"We've detected a program named 'myapp.exe' acting suspiciously on your computer, but it doesn't match any currently known virus. The unknown program appears to be trying to alter important files used by your operating system."
Or:
"The unknown program appears to be attempting to access the Internet in an unusual way", etc., e.g. on a non-standard part, or whatever, we're just dumbing it down here.

And then a prompt:
"If you're not sure whether this is legitimate behavior just choose to Quarantine the program and we'll suspend its activities. If you change your mind later you can always Restore it in your antivirus control panel, accessible from the system tray icon in the lower right of your screen."

And then you have one of those expandable dealies to get more info for advanced users, or an "Advanced Info" text button (don't make it look like something just anyone would want to click, i.e. not a shiny button). If a user clicks for advanced info they get a process name and path, and other info, maybe some buttons to open the process properties, or path, whatever.

That's just a simple idea off the top of my head. And I think it improves on almost every antivirus warning dialog I've ever seen. It would not be difficult or complicated to implement, every suspicious behavior heuristic maps pretty basically to a few simple categories like "unusual network activity", "trying to access or modify system files", etc. Just translate those into human readable dummy speak and put it in a friendly 2-3 sentence description.

Oh and yes, we need to make the messages mandatory to read, so use UAC prompts (why don't more antivirus apps do this when they detect problems!?).

- Oshyan

wraith808:
Oh and yes, we need to make the messages mandatory to read, so use UAC prompts (why don't more antivirus apps do this when they detect problems!?).
-JavaJones (October 21, 2015, 01:56 PM)
--- End quote ---

UAC prompts don't make it mandatory to read.  Just to click! ;D

Renegade:
Most importantly, force people to get in the habit of actually reading the messages that are presented to them. I've been informally training both our in-house staff, and the staff at our clients for years, and it's been quite successful. I do frequently get calls from client locations asking about strange messages/behavior from time to time ... But it's at the 'Just click no!' stage that I can get them out of on the phone now about 95% of the time.
-Stoic Joker (October 21, 2015, 05:56 AM)
--- End quote ---

This.  100x this.  Winpatrol is great... if you read the messages.  It, more than anything else, has saved me from countless hours working on relatives' machines.  But it does take attentive computing.
-wraith808 (October 21, 2015, 11:28 AM)
--- End quote ---

For workplaces, it's one thing, but for the broader at-home audience, who will train them to read?

A while back MS put out some design guidelines for buttons where you had larger and smaller text on the buttons and they were anchored to the sides of the form that they were in so that you had very large, wide buttons.

As the buttons are the action items themselves, they promote actually reading the text more than when you have the text outside the buttons and simple yes/no/cancel text on the buttons.

That's one tactic to get people to read, but it could be improved. I think a wizard-like UI with buttons like that for more complex decisions could be used to get people to read more -- sort of like a "choose your own adventure" set of paths.

But getting people to read? Not all that easy.

I had one guy complaining about how my software didn't work after he bought it... he couldn't open any files, etc. etc. Turns out he never even installed it!!! You just can't compete with that kind of ignorance.

Navigation

[0] Message Index

[#] Next page

[*] Previous page