Let me start by stating that this is not the first time I've posted this today to an Anti-Malware software vendor's forums, and may not be the last. I sincerely hope my questions and suggests do not go unnoticed! Good Anti-xxx apps are difficult to find and for me, this product is a surprise late entry, so alas, here I am to hopefully help you, and in doing so, help myself and countless others. Since this is the FIRST forum I've visited that specifically welcomed suggestions, some of my comments may be long and unneeded, but bear with me, I don't feel like re-writing this! But I MUST spread the word. On with the idea.
Anti-Malware applications have always catered to the home user initially, and later many have added functionality for the all the troubled network administrators out there trying to keep their networks clean. Unfortunately there is one major consideration for which after all these years is still missing from Anti-xxx apps. This is new functionality for the average break/fix computer technician who is not working with just one system, but many on a daily basis. First I will explain my own situation, later I will tie it in to the future of the home user and how it will benefit them as well.
The most common method for a technician such as myself to clean a system of virii/malware is not to battle it on the client's machine if at all possible. Most computer shops I've worked for, briefly co-owned one, or visited out of interest and boredom, all have at least one (if not an army of them) what I refer to as a "tech bench computer." I'll refer to it as a "TBC" from here on. Mostly the systems are used for virus removal but in the last few years, ad/spy/malware of other types are actually many times more difficult to remove than your every day virus, so these TBC's are now more equiped to fight viruses and ad/spy/malware on client machines. The function is simple; remove the hard drive from the client's machine, attach as a secondary to the TBC, run anti-whatever scans on the client's hard drive.
Even these machines are slowly being replaced (when circumstances permit) by custom WinPE boot CD's; yet the function remains the same.
Additional features of some anti-malware software can alleviate a lot of the time it takes to do a malware removal on a system; important features like providing command-line parameters for automation; network admins no doubt find this invaluable as well. In my store I've developed an entire series of custom NT-based batch files and scripts designed to automate nearly every program we currently use to do it's job. It promotes consistency among our techs and saves tons of time, though it cannot be said that it's entirely efficient; Initially I run anti-virus and anti-malware scans from our TBCs or Boot CDs, followed by my own archaic brute force scans with 'defs' that I personally create and maintain, followed by manual inspection of the client's file system and examination of loaded registry hives for additional malware that isn't detected, to which I can later add to my own brute force defs.
The serious inefficiency is then having to run pretty much the same scans on all of the client's hard drives again after they are put back into their actual machines, and we start up windows. (for all intents and purposes, I'm only referring to scanning/cleaning NT-based OSes) Further still, is running those scans on multiple user accounts. Just one client's machine, if it had 5 user accounts, now has had 6 different scans run on it by the same application! There comes a point in time where you have to say enough is enough.
Here is where you, to name just one vendor, fits in. Your great application, for which I've only recently discovered, is only tailored for home users. Maybe you even have a version or functionality in the works that caters to lan admins and network scans (I honestly haven't looked...) but there is much functionality that can be added for technicians such as myself who do a job well and as complete as possible for their clients.
It all starts with the ability to scan other users' registry hives without having to log on to those other user accounts!
Still the major icing on this cake would be the ability to load and scan additional registry hives which are foreign to the system running the scanning software.
Yes, I could scan a file system with your app on a client's hard drive from my TBC or Boot CD, but not the registry! Even with my own archaic batch files and scripts consisting of archaic detection methods, tons of for /f in do loops, using reg.exe to brute force known entries from defs I painfully maintain myself, this can be accomplished. I simply load the client's registry hives into my TBC's registry under HKLM for my own scripts and later manual inspection, in this format:
etc... where I assign the "guest_" prefix as a static indicator of the client's particular loaded hive, and %username% is the variable for all the NTUSER.DAT's I can find in \Documents and Settings on the client's hard drive; my scripts take if from there. I can even query for values under certain keys and automatically fix issues such as the USERINIT and SHELL values under the ..\Winlogon key, to name a VERY FEW. I can remove known problem services, logon\notify dlls, and anything that would otherwise startup even in safe mode on the client's machine, even the occasional BootExecute value, which, as it only runs native apps well before winlogon, nothing gets past it. I can even sound a pc speaker beep to alert a tech of something that needs manual attention. All of this is essential to a quick and easy recovery once the client's machine is up and running Windows on it's own power.
So if I can do it, why can your product not do this? I simply think it was just never thought of, and the demand for such functionality isn't known yet. Well I submit to you my method.
I'm a very busy guy with a few other techs to look after, handle their questions, handle a lot more than malware problems each day, handle a ton of calls from new and existing clients for everything from "my wireless mouse stopped working" [and I'm too stubborn to check the batteries or hit the little button,] to "I can't open my quickbooks file over the network ... what was, oh, the X: drive!" to "I forgot my password, do you know it?" to "My Windows is fine, but my XP is missing!"
I'm too busy, too tired of the maintenance when new malware strikes, and I'd rather leave it to the PROFESSIONALS (that's you!)
Now that I've stated MY case..... just think of the new breed of home user out there!
? How many people are finally starting to run dual boot configurations? Especially with Vista out, many home users want the switch but do not want to leave the security blanket of XP, I get approached all the time when someone is curious about running both OSes. You think it'll take long for it to occur to them that when malware starts to tank their XP install, that they might try to fix it from the Vista install?
WinPE based BOOT CDs
? How popular has the methods of creating utility boot CDs with custom versions of WinPE running? How many home users do you think are using those methods now to fix their virus/malware issues?
? How many home users have multiple computers, spares, and are gaining the knowledge to use those additional computers to their advantage when it comes to virus/malware removal?
Maybe it's not a lot, but it will be. Over 12 years ago as the PC became more affordable, and especially 6-7 years ago as they hit the sub-$500 (US) range, the average computer user started to become less and less knowledgeable. Now, the tide is turning as computers are more available in schools and more people can afford them (and even more than one) in their homes, and the average computer user is gaining skill and knowledge quickly. How long will it be before that home user starts to search for that functionality that I've been dying to see for many years now?
Now is the time for Anti-malware vendors to step up and cater to a new crowd. Yeah, for that average user now the pretty GUIs and easy to use wizards are still a priority, but it won't be long before they start to see past that and start spending their money with more content and functionality in mind.
Now back to purely selfish reasons:
* PLZ consider adding the functionality of loading registry hives. I don't request it follow my guest_ prefix, I don't care. But a command line interface for the location of those hives would be nice, e.g. /includehives=f:\windows.000\system32\config;g:\documents and settings;h:\winnt\system32\config; (ETC...) where depending on the environment, specific drives/paths can be replaced with %variables% in scripts.
* and if you don't already have that command-line interface free of prompts that would enable someone like me to entirely script your app's operation, please ADD IT!
* plain text .INI files for different configurations are also sweet. encrypted or internal settings are a pain to modify through the program's interface for quick jobs when you really need it scripted. I can at least easily script an .INI file change. To be perfectly honest, I'm the guy who misses using DOS, if that explains anything, just don't use it as an excuse to dismiss my plea!
* The ability to run scans from read-only media, and the ability to not require an "install" of the product would be great. There ARE those of us who do not run memory resident protection against any threat for ANY reason, and anything questionable gets done through a virtual machine.
I will be taking the time to evaluate your software further in the near future and hope some of my requests are addressed. Providing at least the ability to script the app's operation through command-line parameters would enable me to use it in a professional capacity with my automated scripts.
For my client's sake, keeping your software bloat-free and light on the system resources, staying honest and keeping up the good fight would enable me to recommend your product to my clients in good conscience.
Thanks for your time and consideration!
Also, sorry for the long post.