PDA

View Full Version : TeaTimer 1.5 issues



SirDracula
2007-01-29, 06:22
I upgraded to TeaTimer 1.5 beta (version 1.5.0.2) and I noticed the following:

1. It doesn't prompt when some applications try to add themselves to Startup. I noticed that Adobe Reader added itself and I was notified and didn't have a chance to block it. Is this because Adobe is a signed/recognized application and it's automatically allowed? If so, I would like to see an option to be prompted for ALL applications, otherwise TeaTimer is not very useful to me. I do not want any apps (even though they are legit) to add themselves to startup without my *explicit* approval.

2. When switching between 2 different users on XP Pro, there's a default username registry entry that gets updated and Spybot keeps prompting every time for this entry. If I allow it and remember the action, then it ends up in this repeated loop where it shows the popup window from the system tray every few seconds.

3. For many registry changes that I allow/deny and remember the action TeaTimer ends up in a loop popping up a window every few seconds that shows that the action was allowed/denied.

Are these bugs?

I tried version 1.5.0.3 that was posted somewhere else in the forums, but it doesn't even start on my computer.

PepiMK
2007-01-29, 10:41
Seems you're sthe second one already where it doesn't start -.-
I've prepared something that may fix this and that will allow better testing over the weekend, will post it asap...

SirDracula
2007-01-29, 16:26
Seems you're sthe second one already where it doesn't start -.-
I've prepared something that may fix this and that will allow better testing over the weekend, will post it asap...

I take it #2 and #3 in my original post are bugs. But could you please comment on #1? I'm worried that you changed the behavior of TeaTimer to always allow "trusted" apps to add themselves to Startup which would render TeaTimer useless to me - unless of course, you add an option to disable this behavior.

Thanks.

PepiMK
2007-01-29, 17:35
No, not "trusted apps" in general if you refer to code-signed applications (way too many signed dialers out there), just a very small amount of "trusted by us" applications. And 90% of that will be legit other anti-malware/anti-spyware/anti-virus applications, for example Norton Antivirus... :fear: You can delete Includes\X509White.sbs to get rid of this whitelist.

SirDracula
2007-01-29, 17:42
No, not "trusted apps" in general if you refer to code-signed applications (way too many signed dialers out there), just a very small amount of "trusted by us" applications. And 90% of that will be legit other anti-malware/anti-spyware/anti-virus applications, for example Norton Antivirus... :fear: You can delete Includes\X509White.sbs to get rid of this whitelist.

I assume the file is "C:\Program Files\Spybot - Search & Destroy\Includes\X509White.sbs" and that's the only place, right?

How can I see a readable list of what's included in this file? Is Adobe Reader 7.0 for example on the list? It seems to add itself to Startup without any prompts from TeaTimer and I don't want it, even though it is not malware, I like to keep my Startup small and clean.

Thanks for your help.

PepiMK
2007-01-29, 19:41
You can't view that list yet; maybe we should display the allowed manufacturer names somewhere (all products signed with specified authenticode certificates are allowed). Currently its Adobe, McAfee, Microsoft, Symantec and us I think. And not necessarily all products by those companies, just those signed with the Authenticode keys known to us. The intention was to just add really important security software there, so that Spybot won't get in its way... Adobe came along when Symantec told us all the keys of products during their installation. We checked, and they weren't all actually owned by Symantec, but some by Microsoft and Adobe.

I'll check if there are conditions where the blacklist may override the whitelist when I upload someting to test the rest later (still have to finish testing a new bug reporting scheme I'll use for that).

SirDracula
2007-01-29, 20:09
So if I remove X509White.sbs, can I be sure that it won't come back either be recreated again or installed as part of an update? It would be very useful to have an option to ALWAYS prompt for ANYTHING that is added to Startup - what you consider trusted, I may not ...

Also, how about adding the TeaTimer version/build number in its About box?

PepiMK
2007-01-30, 01:36
The version number/build is already implemented for the next version :)

Whitelisting vs. asking about all... that's always a twosided story. On the one hand, there are people who know their registry, and what each entry shown means. On the other hand, there are a lot of people who're more casual PC users and don't. Finding the compromise between both may be difficult, and in the end, making it easier for the later ones prevailed. Which doesn't mean that later versions won't add more choices (carefully, since more options mean more confusion as well... maybe using the mode state from the main app), like that option to choose whether to use whitelisting at all.

By the way, along with automated whitelisting came an improved blacklisting as well. We don't prompt for known malware either :D

To permanently get rid of that whitelisting with the current version, after deleting that file I would create an empty one, and give that the read-only attribute.

Too late for the TeaTimer.exe update tonight (too busy with testing error reporting features on Vista in the end), should come tomorrow morning :)

PepiMK
2007-01-30, 15:08
TeaTimer 1.5.0.5 (http://www.safer-networking.org/files/beta/teatimer1505.zip) (debugging version mainly for testing, not for general use)

Ok, I've implemented some improved error reporting that should allow you or others who want to test this does-not-open-bug to submit a report of why it doesn't open. Whenever an unrecoverable error occurs in this version, it'll show such a dialog:

http://www.safer-networking.org/images/madcrash-1.png
(that example is for FileAlyzer, the title would be TeaTimer.exe of course)


Press "send bug report" (you can do a "show bug report" to view what exactly is transmitted), and we'll be able to look deeper into the problem (this is not the same "bug report" known from Spybot, but one containing helpful information for codemonkeys only :D:).

SirDracula
2007-02-01, 01:47
This version seems to work better so far.

But I still don't agree with your whitelist policy. While you should have a blacklist, you should not have a whitelist at all, or at least let people see what's in the list and accept all, some or none of the entries.

I do not agree with the fact that you should control what should be and not be in my Startup.

For example, have you removed Adobe from there? I don't want it there. Maybe someone else doesn't want some other entry, but we can't even see what's in the whitelist file.

I know I can remove the file, but that's not a good user interface and there are no guarantees that the file is not coming back or some piece of malware will create a file with all sorts of entries in there.

I'd rather manually accept entries, it's not a big deal to click Accept on a few entries that I want to allow (like Symantec for example).

I hope you agree with my point. Thank you.

PepiMK
2007-02-01, 15:05
Well, agreeing to Symantec is easy for you or me. But not whitelisting them was reason for them to force thousands of people to uninstall Spybot-S&D during installation. Next to that, without a whitelist, newbies may block enrties of security software, and keeping security intact is important for us. Even worse: without a whitelist, two security softwares could get into an eternal loop of complaining about each others accesses and changes ;)

I agree that an option to disable the whitelist is a good idea, as well as showing the whitelist, but the whitelist will be kept enabled by default, sorry ;)

SirDracula
2007-02-01, 16:42
I agree that an option to disable the whitelist is a good idea, as well as showing the whitelist, but the whitelist will be kept enabled by default, sorry ;)

That's OK as long as I can look at the list and disable it if I wish to do so. Now I'm looking forward to the change :)

iNsuRRecTiON
2007-02-02, 23:10
Hey,

does send bug report send the infos per standard email client or does this function is incorporated into the app itself and don't need an email client..?!

I ask, because I don't use email clients and haven't configured any.. :rolleyes:

I use webmail, so if you click on send bug report, will the transfer done completely be the app or is an email client necessary, which would be bad.. :-P :spider:

best regards,

iNsuRRecTiON

PepiMK
2007-02-04, 23:52
This one? This one uploads the information to one of our webservers, so there's no email involved at all, no need to set up anything :)

The normal "bug report" inside Spybot-S&D (from the Tools menu, for sending in logs of what has been detected during a scan) does use email though... either through SimpleMAPI (installed mail application) or by directly entering smtp data.