TeaTimer 1.5 issues

[SirDracula]

I upgraded to TeaTimer 1.5 beta (version 1.5.0.2) and I noticed the following:

1. It doesn't prompt when some applications try to add themselves to Startup. I noticed that Adobe Reader added itself and I was notified and didn't have a chance to block it. Is this because Adobe is a signed/recognized application and it's automatically allowed? If so, I would like to see an option to be prompted for ALL applications, otherwise TeaTimer is not very useful to me. I do not want any apps (even though they are legit) to add themselves to startup without my *explicit* approval.

2. When switching between 2 different users on XP Pro, there's a default username registry entry that gets updated and Spybot keeps prompting every time for this entry. If I allow it and remember the action, then it ends up in this repeated loop where it shows the popup window from the system tray every few seconds.

3. For many registry changes that I allow/deny and remember the action TeaTimer ends up in a loop popping up a window every few seconds that shows that the action was allowed/denied.

Are these bugs?

I tried version 1.5.0.3 that was posted somewhere else in the forums, but it doesn't even start on my computer.

[PepiMK]

Seems you're sthe second one already where it doesn't start -.-
I've prepared something that may fix this and that will allow better testing over the weekend, will post it asap...

[SirDracula]

Seems you're sthe second one already where it doesn't start -.-
I've prepared something that may fix this and that will allow better testing over the weekend, will post it asap...

I take it #2 and #3 in my original post are bugs. But could you please comment on #1? I'm worried that you changed the behavior of TeaTimer to always allow "trusted" apps to add themselves to Startup which would render TeaTimer useless to me - unless of course, you add an option to disable this behavior.

Thanks.

[PepiMK]

No, not "trusted apps" in general if you refer to code-signed applications (way too many signed dialers out there), just a very small amount of "trusted by us" applications. And 90% of that will be legit other anti-malware/anti-spyware/anti-virus applications, for example Norton Antivirus... You can delete Includes\X509White.sbs to get rid of this whitelist.

[SirDracula]

No, not "trusted apps" in general if you refer to code-signed applications (way too many signed dialers out there), just a very small amount of "trusted by us" applications. And 90% of that will be legit other anti-malware/anti-spyware/anti-virus applications, for example Norton Antivirus... You can delete Includes\X509White.sbs to get rid of this whitelist.

I assume the file is "C:\Program Files\Spybot - Search & Destroy\Includes\X509White.sbs" and that's the only place, right?

How can I see a readable list of what's included in this file? Is Adobe Reader 7.0 for example on the list? It seems to add itself to Startup without any prompts from TeaTimer and I don't want it, even though it is not malware, I like to keep my Startup small and clean.

Thanks for your help.

[PepiMK]

You can't view that list yet; maybe we should display the allowed manufacturer names somewhere (all products signed with specified authenticode certificates are allowed). Currently its Adobe, McAfee, Microsoft, Symantec and us I think. And not necessarily all products by those companies, just those signed with the Authenticode keys known to us. The intention was to just add really important security software there, so that Spybot won't get in its way... Adobe came along when Symantec told us all the keys of products during their installation. We checked, and they weren't all actually owned by Symantec, but some by Microsoft and Adobe.

I'll check if there are conditions where the blacklist may override the whitelist when I upload someting to test the rest later (still have to finish testing a new bug reporting scheme I'll use for that).

[SirDracula]

So if I remove X509White.sbs, can I be sure that it won't come back either be recreated again or installed as part of an update? It would be very useful to have an option to ALWAYS prompt for ANYTHING that is added to Startup - what you consider trusted, I may not ...

Also, how about adding the TeaTimer version/build number in its About box?

[PepiMK]

The version number/build is already implemented for the next version

Whitelisting vs. asking about all... that's always a twosided story. On the one hand, there are people who know their registry, and what each entry shown means. On the other hand, there are a lot of people who're more casual PC users and don't. Finding the compromise between both may be difficult, and in the end, making it easier for the later ones prevailed. Which doesn't mean that later versions won't add more choices (carefully, since more options mean more confusion as well... maybe using the mode state from the main app), like that option to choose whether to use whitelisting at all.

By the way, along with automated whitelisting came an improved blacklisting as well. We don't prompt for known malware either :D

To permanently get rid of that whitelisting with the current version, after deleting that file I would create an empty one, and give that the read-only attribute.

Too late for the TeaTimer.exe update tonight (too busy with testing error reporting features on Vista in the end), should come tomorrow morning

[PepiMK]

TeaTimer 1.5.0.5 (debugging version mainly for testing, not for general use)

Ok, I've implemented some improved error reporting that should allow you or others who want to test this does-not-open-bug to submit a report of why it doesn't open. Whenever an unrecoverable error occurs in this version, it'll show such a dialog:


(that example is for FileAlyzer, the title would be TeaTimer.exe of course)


Press "send bug report" (you can do a "show bug report" to view what exactly is transmitted), and we'll be able to look deeper into the problem (this is not the same "bug report" known from Spybot, but one containing helpful information for codemonkeys only ).

[SirDracula]

This version seems to work better so far.

But I still don't agree with your whitelist policy. While you should have a blacklist, you should not have a whitelist at all, or at least let people see what's in the list and accept all, some or none of the entries.

I do not agree with the fact that you should control what should be and not be in my Startup.

For example, have you removed Adobe from there? I don't want it there. Maybe someone else doesn't want some other entry, but we can't even see what's in the whitelist file.

I know I can remove the file, but that's not a good user interface and there are no guarantees that the file is not coming back or some piece of malware will create a file with all sorts of entries in there.

I'd rather manually accept entries, it's not a big deal to click Accept on a few entries that I want to allow (like Symantec for example).

I hope you agree with my point. Thank you.