While I am affiliated with Malwarebytes, please note that this is a personal request based on the various users who I've had to walk through cleanup, and that it is not a request from Malwarebytes Corporation. I don't want anyone to think that Malwarebytes has an issue with Safer networking or their software.

Also note that I was one of the people who beta tested Spybot S&D's immunize features for Opera back when those were first in beta. Back then I made it clear that the feature was not ready, but no one listened to me and the new version with the new immunize features were released anyway. That is one of the reasons why I moved on from Safer Networking, and why I got involved with Malwarebytes. While I expect this request to get the same attention as my warnings about the issues with Opera support in the immunize beta tests, when I have a problem with a software I like, I am the type who does not hesitate to make that issue know, even when I know that no one will listen to me.

As a technical support representative, I get to see a decent number of people with infected computers (just as some of you here do). What always bothers me is when someone has Spybot Search & Destroy installed, and didn't know to uncheck TeaTimer during the install, because usually when I see TeaTimer installed the anti-malware software that they were using could have cleaned up their system, but they had no clue how to answer the prompts from TeaTimer during removal, and it wound up preventing the malware from being removed.

In my experience as a technician and a tech support rep, there are (for the most part) two types of average users. Those who always click yes, and those who always click no. Since TeaTimer makes the user decide what should be done, it cannot protect someone who has a tendency to always click yes, and on the flip side someone who always clicks no will never be able to install new software, remove malware, or remove bad startup entries.

Of course, there are users who try to read the prompts, and try to select the correct action, but how can they be expected to select the correct thing? "Do you want to allow some file to create some registry entry" is never going to be answered correctly by the average user. They don't know the file names of the programs they use and install, and they certainly don't know anything about registry entries. For these people, TeaTimer is going to cause them far more problems than it will prevent.

TeaTimer is a great tool for security experts, IT admins, and even higher-level techs who know what they are doing. They are the type who love to have that kind of info available. The average user will never use TeaTimer right, and it is my belief that having TeaTimer as a default option in the installer is a very bad idea, and is causing more harm than good.

Teatimer autodecides on a lot of decisions now,so less techy users should not have as much of a problem with it.
A bit about it here,though you have to really look for the part about tt:
http://forums.spybot.info/showthread.php?t=30443

I remember also that tt was not checked by default when Spybot was being installed on older versions,though I can't remember for sure or not whether that is the case with the newer version.

And TeaTimer in Spybot-S&D 1.6 will auto-decide on many popups based on them


.........

I remember also that tt was not checked by default when Spybot was being installed on older versions,though I can't remember for sure or not whether that is the case with the newer version.

If I remember correctly, it became default in one of the more recent versions. Not sure if it was 1.5.2 or 1.6...

This (http://forums.spybot.info/runalyzer.php) is a list of nearly half a million decisions TeaTimer will make for the user. Nearly the same amount still awaits help regarding rating, which means about half of decisions should be automated.
Any suggestions on how to get people participate in that rating would be very welcome, we're all not really the publicity/advertising guys ;)

But I think I've written elsewhere that the user-decision-on-unknown will be an optional thing in 2.0. Every monitoring module in there has a flag that could be toggled between the two, though I think it will just be an all or nathing decision, with nothing (only reporting bad items) being default.

As for Opera, there will probably never would have been "the time" to start immunizing, since every file format change may break compatibility.

(any objection on moving this to the beta part? 1.6.1 is closed, so this affects 2.0, even if it isnt "TeaTimer" at all there, but a completely new on-access instead of near-time part)

(any objection on moving this to the beta part? 1.6.1 is closed, so this affects 2.0, even if it isnt "TeaTimer" at all there, but a completely new on-access instead of near-time part)

None at all. I actually tried to start this thread in the beta section, and didn't have access (shows you how long it's been since I've beta tested here).

Also note that while TeaTimer has come a long way, it's still not ready for the average user's computer. I know people who, even though they know better, still wind up answering the TeaTimer questions wrong. It's not ready for the average user until it doesn't ask questions at all.

Well, you could have a rating system a bit like WOT (Web of Trust) on each dialog, but the consequences for a mis-rated entry would be far more dear. In this case, I would agree that we want quality over quantity. I do actually agree with GT500, Teatimer is great for 'us' techies and has improved a whole great deal, but I do regularly see people clicking the wrong option.

The Teatimer module in v2.0 that PepiMK describes sounds great :bigthumb:

Part of me agrees with you, but I got bored of all the popups so I just disabled it. :)

Well, I was tempted to port that switch to decide which actions to cover back to 1.6, but the new release was just too close and testing of the various browser things difficult enough.

Will hurry up on the 2.0 road though :)

I agree, TeaTimer needs the user to have background information to know how to answer to those alerts. It's like a HIPS.

Perhaps, the solution could be to turn TeaTimer into a smart and strong behavior blocker?

Hello m00nbl00d :welcome:

My suggestion: TeaTimer should be a separate tool :bigthumb:

Perhaps in a custom installation you can have the option on whether you want to install it or not?

Perhaps in a custom installation you can have the option on whether you want to install it or not?

???????
There is the option available during the installation to NOT have Teatimer.
There is the option after install to turn off Teatimer or turn on Teatimer via the Tools/Resident page on a "semi permanent" basis, or to disable Teatimer on a temporary basis via the right click menu from the task bar icon. How many more options do you need?

And more important: as I mentioned it won't be in 2.0 this way anyway :)

The decide-on-unknown will be an option the user has to turn on himself if he wants it. Incompatible parts can be disabled one by one, even automatically (if detection of incompatiblity provides that information).

Hello m00nbl00d :welcome:

My suggestion: TeaTimer should be a separate tool :bigthumb:

Hello. ;) Where have I "seen" you before, uh? :D

That's an option. I believe your point, is that, those, who do not wish to use Spybot, could still use the TeaTimer as a stand alone HIPS?

Still, there's alot people who have no idea how to deal with such tools, hence, I believe, that a smart behavior blocker would be better. That way, those users wouldn't fear if whatever they just allowed would harm their system or if they blocked something they shouldn't have.

Perhaps something like HauteSecure has, but take it further, as in, protecting the whole system and not just working, mainly, with the web browsers, specially IE and Firefox, in HauteSecure's case.

Just a thought.

Regards

And more important: as I mentioned it won't be in 2.0 this way anyway :)

The decide-on-unknown will be an option the user has to turn on himself if he wants it. Incompatible parts can be disabled one by one, even automatically (if detection of incompatiblity provides that information).

What do you think of the suggestion I mentioned to ance, about making a smart behavior blocker/sandboxing tool alike HauteSecure?

HauteSecure makes life easier to users, even if just protecting, mainly, IE and Firefox. It will automatically block behaviors, when checked against a list of rules already set to block.

For the more advanced users, they could still use TeaTimer or the new TeaTimer you plan to implement, and tweak it for their taste.

It would work both sides, and it would still be usable by unknowledgeable users.

What you think? Or is it something like that you're implementing?

Regards

Hello. ;) Where have I "seen" you before, uh? :D


Wilders / AVG Free?

See also http://forums.spybot.info/showthread.php?t=45083 :bigthumb:

Between things yesterday I looked at the code and found that a simple "paranoid mode" switch in old TeaTimer would not be more than a handful of lines as well. After reading this thread we also took a look at uninstallation feedback and found TeaTimer to be mentioned :sick:

If anyone wants to give it a try and give feedback, it might become a quick update: test version (http://forums.spybot.info/downloads.php?id=42).

Only change is a "paranoid mode" switch that allows to use TeaTimer only for flagging bad, not unknown, entries.

What does that mean? Will I get a pop up everytime a blacklist entry is noticed?

As I said, it's just a quick solution, no big change in overall functionality.

For registry entries, first all black- and whitelists will be consulted (the LASSH for the entry, scanning the file associated with the entry, etc.), and if one of them matches, it will behave as usual - you'll see the balloon near the tray area, if you've got balloons enabled.

Only in cases where the Allow/Deny dialog would have been shown (which was on unidentified only anyway), it would get skipped with paranoid mode disabled.

The process scanner is not affected by that, since it only complained on detected bad stuff anyway ;)

Only in cases where the Allow/Deny dialog would have been shown (which was on unidentified only anyway), it would get skipped with paranoid mode disabled.


So with paranoid mode disabled any unidentified action will get automatic "Allow"? :crowned:

PepiMK? :flowers:

Your assumption was quite correct :)

And I invite everyone reading this trying out and commenting... we need feedback to get this out soon ;)

Very good :bigthumb: So my wife won't get any pop ups from TeaTimer in the future!

Could it be An idea to use A "Teatimer" that's automatically uploading the registry locations that are being allowed or blocked to the lassh-database?
Users should allow that functionality. Or could be requested.

PepiMK,

Paranoid mode toggle seems to work OK, however I have a query about terminology.

With Paranoid mode enabled, when for instance the screen saver is changed (I toggle between none and Windows XP as a simple test for Teatimer) the Allow/Deny dialogue comes up as it should. When I click on Allow, there are two messages in the balloon. The second one is "identified as User decision", which is correct. The first one is "Resident allowed the change .... based on your white list". I have always associated the user white list for Teatimer as those decisions made with the Remember box ticked, and it wasn't ticked in the test run above.

Hmmm right, the first part of the text is a bit misleading. That first part is one thats fixed for all balloons, so just te second part has to be added. Sounds fine for the half a dozen internal white/blacklist things (file scan, certificate, lassh entry status, user list, etc.), but sounds a bit off for user decisions indeed.