There's more or less no usability difference or experience using Hard_Configurator and WHHLight; you WHHLight fans are simply jealous of Hard_Configurator's "16-Pack Abs"!
Make your video test requests!
- Thread starter Shadowra
- Start date
I consider HC for advanced users, while WHHL for above-average user.There's more or less no usability difference or experience using Hard_Configurator and WHHLight; you WHHLight fans are simply jealous of Hard_Configurator's "16-Pack Abs"!
We like categorization in our work
It is clear that you have no idea how RunBySmartsScreen works in the H_C.
In my previous response, I accurately described how Windows Software Restriction Policies (SRP), the engine Hard_Configurator uses, handle blocks by throwing a scary, generic OS error.
To mitigate how rigid SRP is, you built a clever bridge called RunBySmartScreen.
Instead of forcing a user to dig through logs every single time, H_C adds a right-click context menu option (or integrates with Explorer). When a user wants to run a new installer, they use "Run by SmartScreen." H_C intercepts the file and pings Microsoft’s SmartScreen cloud.
While RunBySmartScreen is a brilliant technical workaround for power users, it absolutely does not solve the usability problem for the average user. Your point stands firm for three massive reasons:
The Double-Click Reflex
Average users do not right-click executable files and look for custom context menus to install software. They double-click. And if they double-click an unrecognized executable in a restricted space, they bypass the SmartScreen check and are immediately slammed with that terrifying "blocked by group policy" error message you mentioned. You cannot easily train an average user to abandon the double-click.
The Reputation Trap
What happens when an average user tries to install an indie game, an open-source utility, or a brand-new update for a niche program? Microsoft's SmartScreen relies on mass reputation. If the file is safe but unknown to Microsoft, SmartScreen will reject it. At that point, RunBySmartScreen fails, and the user is right back at the brick wall: they must open the H_C GUI, find the log, and manually whitelist the file.
Delegated Agency
With tools like Comodo or CyberLock, if a file is unknown, the software asks the user: "This is unrecognized. Block or Allow?" The user has the agency to remediate the issue in one click. With H_C, that agency is delegated to Microsoft's cloud. If Microsoft says "I don't know," there is no "Allow anyway" button for the user to click on the spot.
The Developer Blind Spot
You have built an incredibly secure, lightweight tool, and are rightfully proud of it. But developers often suffer from the "Curse of Knowledge", they know exactly how their software works, so they assume the workflows are intuitive.
To a developer, "just right-click and use RunBySmartScreen, and if it fails, whitelist the hash in the GUI" sounds perfectly usable. To an average user just trying to play a newly released indie game, that is a frustrating, confusing dead end.
I might be wrong about your knowledge and RunBySmartScreen.
However, you would not post this if you used it.
We MalwareTips users thank you for the high-level, top-secret intel!
I know how RunBySmartScreen works technically, Andy.I might be wrong about your knowledge and RunBySmartScreen.
However, you would not post this if you used it.
It’s a clever bridge that lets users force a file check against Microsoft’s cloud via the right-click Explorer context menu to temporarily bypass the SRP block.But my argument isn't about the underlying code; it's about the psychology and habits of the average home user.
First, average users do not right-click executables to look for custom context options to install software. They double-click. And when they double-click an unverified file in a restricted User Space, they bypass RunBySmartScreen entirely and slam face-first into that terrifying Windows 'Blocked by Group Policy' error.
Second, even if they do remember to use RunBySmartScreen, what happens when they try to run a niche app or a brand-new indie game that Microsoft hasn't built a reputation for yet? Windows throws up the massive blue 'Windows protected your PC' screen. To a developer, that’s not a dead end because you know you have to click the unhighlighted 'More info' text just to make the 'Run anyway' button appear. To an average user, that blue screen is a giant stop sign. They panic and back out, or they are forced into the H_C GUI to manually whitelist a hash.
With Comodo or CyberLock, when an unrecognized file runs, the user gets a prompt that explicitly hands them the agency to remediate it right then and there: 'We don't know this file. Block or Allow?'
This is exactly why I requested a usability test with all three products for average users, to showcase how each actually handles these real-world remediation scenarios and compare the friction side-by-side.
That is why using H_C would help to understand this topic.
H_C in Recommended settings works slightly differently. The SRP block comes first when the user tries to open any file with active content (also the application installer or executable malware). The only thing the user must remember is to use RunBySmartScreen when the intention is not to open the file but to install the application. After this, the application is usually installed and can be run without any blocks, and no need to use RunBySmartScreen again.
So, the problem can only occur when the user installs many applications or when application installers have a poor SmartScreen reputation. Such users need help from a home administrator or simply do not use H_C.
Last edited:
I think we are actually in total agreement now, Andy!
When you say, 'Such users need help from a home administrator or simply do not use H_C,' you are hitting on the exact point I have been trying to make.
My entire argument is that H_C is a phenomenal, highly secure tool for a 'home administrator' to lock down a system, but it is not built for the average, independent home user to manage by themselves.
Saying 'the only thing the user must remember is to use RunBySmartScreen' highlights that exact friction. Average users rely on muscle memory; they double-click. If a security product requires them to adopt a new right-click workflow, or requires them to call a 'home administrator' because an indie game installer lacks SmartScreen reputation, then the usability for that specific demographic is very low.
This is exactly why I requested the 3-way usability test. CyberLock and Comodo are designed to prompt the average user directly to make a decision. H_C is designed to block the user until a home administrator intervenes (or a power user executes a SmartScreen bypass). Both are valid security philosophies, but they offer completely different usability experiences for the average person. I just want to see those different philosophies tested side-by-side!
Suppose an average user has downloaded a mod which contains malware. With Comodo, the file will be run virtualised at first and the user will be notified. Now inside the sandbox the malware does not work. So the user thinks that Comodo is the culprit and excludes the file from virtualisation the next time since Comodo does not provide any analysis result. Ultimately the PC becomes infected.
Now suppose an average user with H_C tries to run another mod file packed with malware & the file is blocked. So the user disables H_C and tries to install it, thereby infecting the system. Hence , H_C is perfect as a companion to an AV blocking the most widely used vectors of infection (scripts, powershell & lolbins).
With CyberLock, as soon as the user tries to run the file, it will perform an analysis and give a verdict score. An average user will then see the message and depending on the verdict will decide the next course of action. So from a layman perspective, I think that CL is the most user friendly while advanced users will be pretty happy with H_C and CF.
Now suppose an average user with H_C tries to run another mod file packed with malware & the file is blocked. So the user disables H_C and tries to install it, thereby infecting the system. Hence , H_C is perfect as a companion to an AV blocking the most widely used vectors of infection (scripts, powershell & lolbins).
With CyberLock, as soon as the user tries to run the file, it will perform an analysis and give a verdict score. An average user will then see the message and depending on the verdict will decide the next course of action. So from a layman perspective, I think that CL is the most user friendly while advanced users will be pretty happy with H_C and CF.
Using right-click RunBySmartScreen does not require a power user. It requires only an instruction and a little training on how to install applications. Users who have problems with RunBySmartScreen are exactly those who shouldnot be allowed to install applications.
You do not need to test it. @rashmi uses both Comodo and H_C, so he can share his experience (however, maybe in another thread).
Andy, I think that statement perfectly highlights the difference in how we are looking at this!Using right-click RunBySmartScreen does not require a power user. It requires only an instruction and a little training on how to install applications. Users who have problems with RunBySmartScreen are exactly those who shouldnot be allowed to install applications.
You do not need to test it. @rashmi uses both Comodo and H_C, so he can share his experience (however, maybe in another thread).
When you say, 'Users who have problems with RunBySmartScreen are exactly those who should not be allowed to install applications,' you are looking at this from an Enterprise/IT Administrator mindset. You are treating the independent home user like an employee on a locked-down corporate network.
But I am talking about the average consumer who owns their own PC. They are their own admin. In the consumer space, if a security product requires 'a little training' and manual instruction just to install a safe application, that is a massive usability hurdle. Comodo and CyberLock don't require training to read a clear prompt and click 'Allow'.
Furthermore, relying on the personal opinions of forum regulars or product advocates completely defeats the purpose of testing real-world usability. Tech enthusiasts and fanboys already know how the software works and have the underlying expert knowledge to bypass friction. Their experience does not reflect the target demographic. We can't take the word of someone who already knows the workarounds; we need to see what happens when a truly average user faces that blue 'Windows protected your PC' screen.
That is exactly why I am pushing for an objective, standardized test. Let's ask a tester to portray an actual average user in front of all three products, ask them to install an unrecognized indie game, and see which one they can remediate without having to call an IT guy. That’s the only true test of set-and-forget usability!
A similar but simpler process is with H_C. If the user tries to run the installation via RunBySmartScreen the verdict is done by Microsoft SmartScreen. If the file is allowed, this means that the verdict is positive. If SmartScreen blocks the file, the verdict is negative. This procedure is simpler and safer for average users, because users do not have to think and make decisions.
If I correctly understand what you wrote about CyberLock, it can be advantageous for power users who can make educated decisions after understanding the information provided by CyberLock. However, it is possible (I am unsure) that one can configure CyberLock to make automatic Allow/Block decisions (like in H_C) using a threshold level.
Last edited:
I already know what the data will show if a portrayed regular user does this right, but a visual side-by-side really drives home how these tools operate. Frankly, it’s a much better exercise than just putting the same old suite through the wringer every couple of months.
... Cyberlock has always been a supplement to AV on system. @danb has been incorporating an AI analysis into its scanning... iirc it is more than simple deny/allow...
... or just leave Cyberlock default settings, it works. I probably have a CL saved settings profile... (& yes, I like AndyFuls apps too).
that's why @AndyFul created WHHL (more or less no difference??)You may also like...
-
Entreprise Antivirus Comparative : Cylance - CrowdStrike - Cynet - DeepInstinct- Started by Shadowra
- Replies: 18
-
-
Shadowra's Big Comparative - Episode 3 Entreprise Antivirus
- Started by Shadowra
- Replies: 64
-
POpera One R3 rollout continues with new ways to customize your Tab Islands
- Started by Patrick Curtin
- Replies: 0
-
SOpera One R3 arrives with new AI, Google integrations, and more
- Started by Santiago Benavides García
- Replies: 0