Microsoft AntiSpyware - Beta

[Vanguard]

Bullshit! Why would I bitch about that? That is a locally stored
resource. Why do you suppose they chose NOT to use it ($$$)?

Because the dummies that use a product blindly won't realize their home
page has been altered and instead think the anti-spyware product
disabled their web browser. There is already hijackware that sets the
home page to about:blank. Better to give the user a working home page
rather than a dead one.

You're being silly.

MSAS doesn't just detect spyware based on signatures. It also detects
changes to critical areas and lets the user reset the browser to a known
state. There is nothing recorded in the registry regarding the home
page that could not be affected by malware, so how do YOU know that the
page isn't the malware site itself? You're saying not to change the
home page set by the user. So how does a product attempting a recovery
or resetting to defaults know what was the home page the user wanted?
Yeah, you could ask the user, and then ask them about a changed search
page, and then ask them about changes to the security zones that are
different than the default selection, and so on and so on. The user
would quickly get tired of all the prompts and never bother to use that
function because the dummy users wouldn't know how to respond anyway.
The restore operation is not to restore to what the user configured. It
is to restore to install-time defaults; i.e., you go back to your base
state. This isn't something unique to MSAS. Lots of products allow you
to reset to a base state and they don't waste the time asking the user
to validate every single change.

So how would YOU overcome the ability to change the registry which means
that the stored values cannot be used when resetting to a base state?
How do you overcome having to ask the user dozens of questions asking
them to validate every setting that gets reset? If the user has to wade
through dozens of questions asking their permission to effect each
separate change, they don't need MSAS at all. They could just go into
the options themselves and reset them one at a time.

The user already has the ability to record WHAT is the base state to
which MSAS will reset the browser: Advanced Tools -> Browser Restore,
change the restore setting(s). Then MSAS doesn't have to guess. Then
MSAS doesn't so severely bother you by displaying a Microsoft web page
for a Microsoft product running on a Microsoft operating system. You
could even specify about:blank as your base state home page. Just do
it.

 

[kurt wismer]

I think the reality here is that it is using a generic disinfector.
Search engines are often hijacked, and therefore restoring the default
settings is reasonable. Not much different from a macro virus
disinfector that strips *all* macros out of a document including the
benign ones. Or would you claim a hidden agenda for that as well?

apples and oranges... if msas left the search engine setting blank it
wouldn't be as big a deal... stripping out all macros isn't the same as
replacing existing macros with ones that advertise other products...

 

[kurt wismer]

So what is stopping you from doing that? Advanced Tools -> Browser
Restore, select the home page, search page, or whatever browser
settings, and set the value to which MSAS will restore to rather than
having it guess by resorting to install-time defaults.

that is not the same as asking the user...

you obviously don't understand the difference between opt-in and opt-out...

 

[kurt wismer]

Which is generated whether you visit or not.

no it's not... technically the ad revenue comes from clicking on the
ads but the more people who visit the page that has the ads, the higher
the rate the page owner can demand from advertisers...

Unless you actually visit
those linked sites then they don't know whether or not you've been to
the msn.com site. So don't click on any links (most of which are to a
Microsoft domain, anyway) or visit any sub-pages.

unfortunately, it's not quite that simple... as i explained above,
simply visiting msn.com affects the ad revenue bottom line...

[snip]

How do you know that the hijacker didn't change the search engine, and
changed it to Google? The user might've been using the Microsoft
search, or some other search as the default, the hijacker changes it to
Google, and the user still doesn't get the correct search after using
MSAS.

i don't know a hijacker didn't change the search engine, but likewise
MSAS doesn't know a hijacker did change it... this is a situation where
you can't know either way but rather than leave it to the user to
change it if it really wasn't the one they wanted or ask the user which
one to use, MSAS just blatantly steals eyeballs away from google...

Hijacks do NOT have to be just for profit. They can also be used
to irritate or infuriate, just like viruses. Just because you happen to
use Google as your search engine doesn't mean that MSAS can guess for
you what you want and that the current settings wasn't the effect of a
hijack, or even some other user that walked over to your host while you
left it logged in and changed it for you based on what they like.

are you being purposefully dense? i've said this at least a couple of
times already - MSAS could *ASK* which one to use... it's called
interactive software - perhaps you've seen prompts before in other
applications...

If you want MSAS to restore some other search page, home page, or other
settings, then why not configure MSAS to do that? Advanced Tools ->
Browser Restore, select your search page for your profile (or the global
default), and set it to whatever you heart desires. Then MSAS doesn't
have to guess by resetting to install-time defaults. It can reset to
what you told it to.

users don't generally go into such configuration settings...
furthermore, they shouldn't have to *opt-out* of msn search...

 

[Vanguard]

users don't generally go into such configuration settings...
furthermore, they shouldn't have to *opt-out* of msn search...

And they don't bother reading the help already included with the
product, either. However, I really don't want to use software that is
geared to the worst morons that use the program. You give them the
help, you give them the options, and yet they are still too lazy or
stupid to use them. Rather than letting the user use the install-time
defaults or configure their own base state, you want the product to
require the user to opt-in to each setting proposed by MSAS or to
opt-out (and then have the user cancel that particular setting change to
leave it as-is or have to enter the new value). The product becomes a
real pain to use for anyone who actually read the help and checks the
options. Even my dad who is a real computer neophyte can manage to
figure that out because he was the initiative to actually look.

You are focusing on just the search page. There is also the home page.
Currently MSAS has 18 settings you can configure for your base state in
a restore, and there will probably be more settings that it can restore.
You think users really want to answer 18, or more, prompts? You think
these dummies that are too lazy to look at the options are going to
understand the difference between the home page for their user profile,
the home page for all users, and the home page for default users (for
new accounts), and likewise the 3 entries for the search page?

Personally I would like MSAS to default to the about:blank page as the
default home page when MSAS is first installed. As for the search page,
well, until I configure it differently then it has to use something.
Even if there were an option to prompt or not when MSAS restores the
browser's settings, that would still be an option and, by your own
argument, an option that the dummy users aren't going to see, anyway.
However, since the options ARE there, I would prefer it reset to the
base state that I actually bothered to define *and* WITHOUT a slew of
prompts regarding each one. I don't want a product that makes itself
stupid because some users are too stupid to look at the options. Then
it becomes a clumsy program.

 

[Julian]

apples and oranges... if msas left the search engine setting blank it
wouldn't be as big a deal... stripping out all macros isn't the same as
replacing existing macros with ones that advertise other products...

It doesn't come set to blank. Resetting it to the defaults seems more
logical, and is actually more helpful to the myriads of users for whom
setting it to something other than blank would be a problem. For those
who know how to change it, it hardly matters a damn what it is reset to.

 

[Vanguard]

that is not the same as asking the user...

you obviously don't understand the difference between opt-in and
opt-out...

So you want MSAS to ask 18 prompts regarding the 18 settings (the
current count) rather than let the user define their desired base state
in the options? This because you believe too many users are too stupid
or too lazy to configure the options. The options are there to define a
base state. There is also included help. Options and help: two items
often overlooked by users. So the fault of these particular users
should be inflicted upon the rest of us? No thanks.

I suppose an option could be added where the user could select to be
prompted on each of these browser settings when restoring them. Oh
wait, that's an option and something your set of users aren't looking
at, anyway. So does MSAS get distributed with the option enabled that
present a dummies interface with prompts for every setting restore, or
do they distribute the product in a state that most users should be able
to figure out, especially if they RTFM.

These users are too lazy to configure a base state in the options. Yet
you think these same users will know the difference between the home
page for the current user profile, the home page for the All Users
profile, and the home page for the Default Users profile (when creating
new accounts), and likewise for the 3 different search page settings.
If they can't figure out how to configure options, you think they'll
really understand those settings when barraged with a slew of opt-in
prompts? You're saying the users are too dumb to look at the options.
Well, then they are dumb users and prompting them won't ensure they make
the right choices, either, and they'll just likely keep clicking okay to
use whatever values are proffered in the prompts.

You claim the user would be opting in by defaulting to NOT change the
settings that MSAS is trying to restore (to some other values). Say my
search engine is Yahoo buy some malware changed it to Google. I don't
want Google, but according to your scenario, I would have to opt-OUT of
continuing to use Google and enter in the URL for the Yahoo search
string. You claim the user would be opting in. Not if malware changed
the home page to that value you think is okay for you but isn't for me.
In fact, I would have to opt-OUT of all those current settings that got
changed but not by me when recovering from some malware. So the concept
of opting in or out depends entirely on whether or not the current value
is what you want but also depends if it matches what you previously set
it to and didn't get changed by malware. After all, not everyone wants
Google as their search engine nor do they want it changed to Google and
then have to opt-OUT of using that search engine when they are
supposedly trying to restore IE.

The user is too dumb to figure out how to use the options but
sufficiently smart in knowing how to use an anti-spyware tool,
understand the risks inherent in its use, and understand what to answer
for all those umpteen prompts? Geez, how many times have I seen some
user posting a knee-jerk message on how to get Outlook Express not to
block attachments all because they are too lazy to look in the options
or do a search on the topic before asking. You might argue the user
should get prompted to opt-in to blocking attachments, but another user
that does want them blocked by default would claim that they have to
opt-out of allowing attachments. Sounds a lot like the folks claiming
PRO-choice and PRO-life: both want the positively associated with their
viewpoint by using PRO and neither wants to be ANTI. Opt-in to you is
someone else's opt-out, and visa versa.

 

[Vanguard]

It doesn't come set to blank. Resetting it to the defaults seems more
logical, and is actually more helpful to the myriads of users for whom
setting it to something other than blank would be a problem. For those
who know how to change it, it hardly matters a damn what it is reset
to.

Having MSAS default to resetting the home page to about:blank would
alleviate the wailings of anti-Microsoft zealots using a Microsoft
operating system and a Microsoft web browser while using a Microsoft
anti-spyware utility who feel Microsoft shouldn't be pushing Microsoft
web pages, but that would still be an OPTION which, according to Kurt,
these dumb users won't be using, anyway! Oh wait, it already is an
option (Advanced Tools -> Browser Restore, set the home page to whatever
you want). If the user is too dumb to configure the options to define
the values for a browser restore then they are too dumb to configure an
option regarding prompting on each setting change and will be too dumb
to know how to answer the prompts. If they are too lazy to configure
the options then they are too lazy to analyze each prompt and will
instead just keep clicking Yes or OK which obviates the whole point of
restoring the browser to a known and benign state.

As for setting the search page to about:blank, that would be even worse.
There is no Address Bar for the search pane in IE so the user doesn't
get to see the URL for the search engine. That means the user won't
know the search page being displayed was about:blank but instead will
figure it isn't working anymore and bitch that MSAS broke their search
function in IE. These same dumb users don't know how to configure their
search options because, well, those are options, too, and remember that
these dumb users aren't configuring their options. The blank home page
would trigger lots of newbie users in calling tech support as to why IE
doesn't connect anymore. A blank search pane would definitely generate
even more calls to tech support that MSAS broke the search function.

I truly hope Microsoft doesn't dumb down its UI to accommodate the 10%
of idiots that result in 90% of the tech calls and make the other 90% of
us suffer in their idiocy. Ever gone to a lunch buffet and while
sitting the table some joker wants you to recount all the items
available in the buffet because they are too lazy to go look for
themself? How many more dumb users are going to repeatedly ask the
same question on how to stop Outlook Express from blocking attachments?
IT'S AN OPTION. Use it! Besides reading the included help or manual,
much of what a product does can be gleaned by reviewing all the
available configuration options.

 

[kurt wismer]

And they don't bother reading the help already included with the
product, either. However, I really don't want to use software that is
geared to the worst morons that use the program.

non-sequitur... it really doesn't matter what kind of application you
want to use... the issue is whether or not msas' behaviour qualifies it
as adware... in the default configuration (the one most users use) it
draws an audience to the msn.com website, thereby increasing the
advertising revenue that site generates... it does so at the expense of
perfectly legitimate competitor sites (which makes the practice
anti-competitive)... and i've demonstrated that there are reasonable
alternatives to this behaviour so it's not like ms didn't have a
choice... ms has chosen to make their anti-spyware app behave like
adware...

You give them the
help, you give them the options, and yet they are still too lazy or
stupid to use them.

your frustration over other users has no bearing on whether or not msas
is adware...

[snip]

You are focusing on just the search page. There is also the home page.
Currently MSAS has 18 settings you can configure for your base state in
a restore, and there will probably be more settings that it can restore.
You think users really want to answer 18, or more, prompts?

sophistry... all 18 settings can be done in one wizard-like prompt and
you know it... that prompt can even have a little checkbox at the
bottom that says "Remember Settings"...

You think
these dummies that are too lazy to look at the options are going to
understand the difference between the home page for their user profile,
the home page for all users, and the home page for default users (for
new accounts), and likewise the 3 entries for the search page?

if the UI is done intelligently enough, yes i think they'll understand
the difference...

Personally I would like MSAS to default to the about:blank page as the
default home page when MSAS is first installed. As for the search page,
well, until I configure it differently then it has to use something.
Even if there were an option to prompt or not when MSAS restores the
browser's settings, that would still be an option and, by your own
argument, an option that the dummy users aren't going to see, anyway.
However, since the options ARE there, I would prefer it reset to the
base state that I actually bothered to define *and* WITHOUT a slew of
prompts regarding each one.

i have no problem with that... IFF you configure the settings
beforehand, it should use those setting... if you don't, it should ask...

I don't want a product that makes itself
stupid because some users are too stupid to look at the options. Then
it becomes a clumsy program.

how about a program capable of catering to both...

 

[kurt wismer]

It doesn't come set to blank. Resetting it to the defaults seems more
logical, and is actually more helpful to the myriads of users for whom
setting it to something other than blank would be a problem.

setting it to blank wouldn't be as big a deal because at least
microsoft wouldn't be benefiting at their competitor's expense... i
never said it was ideal... ideally it would know the correct setting to
use, and barring that the next most ideal thing would be for it to ask...

 

[kurt wismer]

Vanguard wrote: [snip]

So what is stopping you from doing that? Advanced Tools -> Browser
Restore, select the home page, search page, or whatever browser
settings, and set the value to which MSAS will restore to rather than
having it guess by resorting to install-time defaults.

that is not the same as asking the user...

you obviously don't understand the difference between opt-in and
opt-out...

So you want MSAS to ask 18 prompts regarding the 18 settings (the
current count) rather than let the user define their desired base state
in the options?

wow - i guess when you design software you put in the absolute minimum
functionality...

it doesn't have to be just one or the other... the program could use
the user defined settings if they've actually been defined, or ask the
user if they haven't been defined... what a concept...

[snip]

You claim the user would be opting in by defaulting to NOT change the
settings that MSAS is trying to restore (to some other values).

no, i claim the user would be opting in to using msn.com by consciously
choosing msn.com...

Say my
search engine is Yahoo buy some malware changed it to Google. I don't
want Google, but according to your scenario, I would have to opt-OUT of
continuing to use Google and enter in the URL for the Yahoo search
string.

you're still misunderstanding opt-in and opt-out... in this scenario,
the *malware* put the user in the position of having to opt-out
(they're using msas because they want to opt-out of the changes the
malware made)... should msas be putting the user in the same position
that the malware does? no... and yet that's exactly what it does by
blindly restoring those defaults...

You claim the user would be opting in.

consciously choosing yahoo rather than having it forced on you by some
automaton *IS* opting in...

Not if malware changed
the home page to that value you think is okay for you but isn't for me.
In fact, I would have to opt-OUT of all those current settings that got
changed but not by me when recovering from some malware. So the concept
of opting in or out depends entirely on whether or not the current value
is what you want but also depends if it matches what you previously set
it to and didn't get changed by malware.

no, opting in or out boils down to choosing something or undoing a
choice that someone/something made for you...

After all, not everyone wants
Google as their search engine nor do they want it changed to Google and
then have to opt-OUT of using that search engine when they are
supposedly trying to restore IE.

when they are restoring IE they are opting out by definition - they are
opting out of the changes the malware made... they shouldn't have to
also opt out of the changes that msas makes afterwards...

The user is too dumb to figure out how to use the options but

no, not too dumb, too lazy... it is a well known fact that users take
the path of least resistance/work - that means using things in their
default configuration, clicking ok buttons without reading warnings,
etc... that is why efforts must be made by software developers to make
sure the easiest actions are also the right actions (though some people
in redmond have figured out how to use that user behaviour to their own
benefit)...

 

[Vanguard]

non-sequitur... it really doesn't matter what kind of application you
want to use... the issue is whether or not msas' behaviour qualifies
it
as adware... in the default configuration (the one most users use) it
draws an audience to the msn.com website, thereby increasing the
advertising revenue that site generates... it does so at the expense
of
perfectly legitimate competitor sites (which makes the practice
anti-competitive)... and i've demonstrated that there are reasonable
alternatives to this behaviour so it's not like ms didn't have a
choice... ms has chosen to make their anti-spyware app behave like
adware...

A company that chooses to advertise their own products instead of a
competitor's. Now there's a big surprise.

your frustration over other users has no bearing on whether or not
msas
is adware...

I'm pretty sure all the help pages on their web site found by their Help
and Support function within Windows XP have "Microsoft" splashed across
the top and have links to other pages that advertise Microsoft products.
Guess their help is also considered adware. The business of business is
to remain in business. You don't do that by advertizing your
competitor's products or services. If Symantec had a browser restore
utility, I wouldn't be surprised to see the home page set to point at
Symantec. If, however, it was designed to restore IE to its
install-time defaults then I would expect Microsoft pages to show up.
Disaster recovery is not geared to returning to you a state defined by
preferences. It is geared towards returning you to a known and benign
state. It is not Microsoft's responsibility to guarantee that whatever
you currently have configured, like the home page, is an okay setting.
Giant already accounted for the fact that users may want to restore to a
base state that is different than the install-time state.

[snip]

You are focusing on just the search page. There is also the home
page. Currently MSAS has 18 settings you can configure for your base
state in a restore, and there will probably be more settings that it
can restore. You think users really want to answer 18, or more,
prompts?

sophistry... all 18 settings can be done in one wizard-like prompt and
you know it... that prompt can even have a little checkbox at the
bottom that says "Remember Settings"...

Which comes back to if the user is too lazy to configure the options in
the first place then they won't bother when a prompt dialog is pushed in
their face. They'll just click to proceed without performing any
analysis of what is proffered in the prompt. Wizards are for morons.
Yes, some morons are using MSAS (toddlers know how to pull the trigger
on a shotgun, too). If a wizard gets added, hopefully it would appear
only on the first use of MSAS and I don't have to go opting in or out of
it reappearing. Be nice if I could brush the flies out of my face only
once.

if the UI is done intelligently enough, yes i think they'll understand
the difference...

Actually better help content would assist users in making the right
decisions. Unfortunately, no matter how good is the help, there are
plenty of users that never open it. This product is hazardous to use
but seems to be promoted as a tool usable by even newbies. You have
this anti-spyware-for-dummies product that ends up asking the user if
they want to allow a new LSP (Layered Service Provider) to remain
installed. You know what the response will be of the newbie. "Huh?
What's an LSP?", and they won't bother to investigate, either. The UI
does need rework, too. However, I would definitely like to see an
Expert interface separate of a Beginner's interface. I really don't
want a dumbed down interface with Fisher-Price doll icons with a
multitude of colors just to look pretty but is just a bunch of
distracting fluff. Marketers are getting way too involved in the UI
design.

i have no problem with that... IFF you configure the settings
beforehand, it should use those setting... if you don't, it should
ask...

But how would it know that the value to which you "set" the option
wasn't the same as the default (i.e., the default is what you want).
That's why I proposed an option regarding the prompt(s). Don't bother
me with dialogs where I have to keep clicking to remember my setting or
to not prompt me anymore. Give me a global option to disable all those
prompts so I can get the product working immediately. But then we're
back to having the user configure an option but there are already other
options to handle the base state configuration.

how about a program capable of catering to both...

Yeah, like maybe having a selection between an Expert and Beginner's
interface. However, I suspect the Beginner's interface would have even
more defaults pre-configured than the Expert interface.

My opinion is that defaulting to about:blank instead of ANY web page
when restoring the browser will result in some users thinking MSAS broke
IE because they think IE isn't connecting anymore. Using about:blank
for the search pane will really up the number of tech calls from users
complaining that MSAS broke the search function. The wizard mechanism
that listed ALL the settings with an option to remember them is okay as
that would get the fluff out of the way for subsequent runs of MSAS.
But you already know what is really going to happen. Users are just
going to click OK to get past the prompt dialog (and on subsequent runs
they'll learn to check the "remember settings" box) but they really
won't delve into what those settings are for. They'll just figure those
are the appropriate defaults. When looking under the options to set
these values, users are more likely to ponder what they are for and what
values they should be.

If they have the initiative to actually go look at the options and
decide how to configure a base recovery state that is different than the
install-time state for IE then they'll probably have the initiative to
investigate what each setting is for. Popping up a wizard in their face
with a bunch of settings listed within it probably ends up with them
just clicking to close that dialog, much like when they simply click
past the EULA rather than bother to read it.

For those users that are too lazy or unconcerned about configuring the
options of the program, you really think shoving a wizard dialog in
their face will change the result? They are not going to configure
that, either. They'll just accept the defaults already presented to
them. For folks like you and me that want something other than the
install-time defaults for IE, like about:blank as the home page, well,
we know how to configure options and don't needs wizards pushed in our
face geared for the dummies.

It will be interesting to see how much Microsoft decides to change the
UI and what features they add in Beta2 and in the released version.
Without using separate UIs, like Expert and Beginner's mode, it's tough
to design a UI that accommodates users ranging from wizards to morons.

 

[Vanguard]

it doesn't have to be just one or the other... the program could use
the user defined settings if they've actually been defined, or ask the
user if they haven't been defined... what a concept...

But what if they have been defined but are defined to be the
install-time values for IE? That's why you need to have some
initialization value since blank values are not appropriate.

Quick. What is the value for the Search Page registry key to specify
Google as your default search page? Okay, that one you could probably
guess was http://www.google.com. Without looking at the registry, what
is the value of the Search Bar registry entry to use Google? I wonder
how many users would know it was http://www.google.com/ie. What should
the SearchURL registry key be set to? Even fewer users would guess it
is http://www.google.com/keyword/%s. Now ask them what is the URL used
for the SearchAssistant (what gets displayed in the Search pane when
opened) specified under the Search\SearchAssistant key. Yep, that's
http://www.google.com/ie, too. But how many users will actually know
those are the CORRECT values (plus there maybe more than one value which
is correct)? The malware could've easily screwed up those registry
entries so just because they still have "google" somewhere in them
doesn't mean they are valid values anymore. A user that was using
Google but never looked at the value in the registry might think
http://[email protected]/579 is okay because, well, it has
"google.com" in it (but instead it goes to some "swinging singles"
site). And when seeing a long list of settings then it is easy to miss
one that is "off". When configuring the options to define a base state,
it took some investigating to ensure they were the correct values for
those settings. Users aren't going to do that when a wizard is pushed
into their face listing over a dozen of the current settings (and maybe
the install-time settings for IE).

Having the user choose to keep the existing value is suspect as it
doesn't necessarily provide a good value after malware has been screwing
around in the registry. Obviously users shouldn't be required to
remember all these settings. While IE install-time defaults are
currently listed when you install MSAS and which you can change to your
own preferred base state for recovery, most users still won't know what
are the correct values to enter into the options to define this base
state.

So rather than pushing a wizard in their face that could be presenting
invalid values that might *look* like they are, say, for Google, instead
provide an option for the user to take a snapshot of the current
settings. If the user feels that their setup is currently correct, let
them save a snapshot of those settings. They can then restore back to
this snapshot, or they could fall all the way back to the IE
install-time settings. The IE install-time values would be the base
snapshot (that cannot be deleted). In fact, you could let the user save
multiple setting snapshots. The user could then play around and, after
finding they screwed something up, could restore back to a particular
snapshot.

Right now you can do that to a small degree. You can go into the
options for Browser Restore and set the restore value to the current
value. For example, after using the Google Toolbar's option to
configure Google as my default search page and engine, I then went into
MSAS to each setting to use the "Change restore setting to a new URL"
and set the base state to the current value. Then when I later do a
browser restore, I'll get back those same settings. However, that only
gives you one snapshot and you have to build that snapshot one setting
at a time. It also loses the IE install-time settings so I no longer
have that snapshot to fall back to.

It is a bit ridiculous that you only get this small sized snapshot of
IE's settings and only one snapshot of them. Besides providing
snapshots of the browser settings, it'd be great to have snapshots of
the security zone settings, advanced settings, cookie settings, the
hosts file, and so on. This would NOT be the same as System Recovery
because that restores to a registry and file snapshot that covers a hell
of lot more than just IE, plus System Recovery doesn't give you any
granularity in what you want to save in a snapshot.

Then instead of a wizard presenting a bunch of settings that many users
don't understand to decide whether or not the current values are the
correct values, they'll just get a shortie wizard asking which settings
snapshot to which they want to restore. You spend the time figuring out
what the settings should be when building your snapshot but not when you
are under duress to get the browser restored to that snapshot.

no, not too dumb, too lazy... it is a well known fact that users take
the path of least resistance/work - that means using things in their
default configuration, clicking ok buttons without reading warnings,
etc... that is why efforts must be made by software developers to make
sure the easiest actions are also the right actions (though some
people
in redmond have figured out how to use that user behaviour to their
own
benefit)...

The path of least resistance also means they won't be reviewing that
long list of settings and their current values presented by a wizard
popping up during a browser restore operation. That's why having
snapshots of whatever are the current settings is probably safer and
easier. If the user installs MSAS to perform an immediate browser
restore then they don't have a snapshot to which they can restore, so
they get the IE install-time defaults as the lowest or base state to
which they can recover. It is highly unlikely that the users will know
the correct values for all those registry entries so they know that the
current value presented by some wizard during the restore is okay or
not. Letting them save snapshots (and more than one) makes selecting
the snapshot pretty easy during the restore without barraging the user
with a slew of settings and values. Otherwise, users get presented with
a jumbled mess of babble when under stress to get their browser working
again the way it was before. Experts can still edit the options to
modify the snapshot to be slightly different than the current settings
so they can restore to just exactly what they want. Snapshots would
provide ease-of-use to both beginners and experts both for setup and
later during restore.

 

[Roger Wilco]

"Vanguard" <use_ReplyTo_header> wrote in message

[snip]

[...] ...current value presented by some wizard during the restore is okay or
not. Letting them save snapshots (and more than one) makes selecting
the snapshot pretty easy during the restore without barraging the user
with a slew of settings and values.

A little timed dialog with the user won't be as excruciating as you
think.

Your browser settings may have been altered.

[x] Use MSAS defaults (recommended).
[ ] Retain current settings
[ ] Set your own preferences below, or use snapshot wizard.

<maybe a form with pulldowns for displaying current and MSAS default
settings>

MSAS defaults will be used if no choice is entered in fifteen seconds.

[|||||||||||||||||||||||||||||................]

This way it can run unattended and is more like opt-in.

Having never used an anti-spyware app like this, I wonder what "Giant"
set these preferences to.

 

[kurt wismer]

A company that chooses to advertise their own products instead of a
competitor's. Now there's a big surprise.

that microsoft chooses to steal the advertising audience away from
their competitors with underhanded tricks is no big surprise... they're
well known for their anti-competitive practices...

I'm pretty sure all the help pages on their web site found by their Help
and Support function within Windows XP have "Microsoft" splashed across
the top and have links to other pages that advertise Microsoft products.

when you look at microsoft help and support you expect to see a
microsoft logo... when you go to your search engine that used to be
google, you don't expect to see msn... there's a big difference...

[snip]

state. It is not Microsoft's responsibility to guarantee that whatever
you currently have configured, like the home page, is an okay setting.

it is microsoft's responsibility to ensure that they don't hurt other
people's business through unfair practices... changing settings to
point everything back to msn is no different than what a browser
hijacker would do...

[snip]

Which comes back to if the user is too lazy to configure the options in
the first place then they won't bother when a prompt dialog is pushed in
their face. They'll just click to proceed without performing any
analysis of what is proffered in the prompt.

that also does not matter... at least ms would be showing due
diligence in trying to make the user aware of their options...

Wizards are for morons.

no, wizards are for the masses... the technically competent elite are
few in number...

[snip]

Actually better help content would assist users in making the right
decisions.

no it won't... going to help is not a default action... most users only
perform the default action...

[snip]

But how would it know that the value to which you "set" the option
wasn't the same as the default (i.e., the default is what you want).
That's why I proposed an option regarding the prompt(s).

why does it matter if the value you configure is the same as the
default? if you want it to just use the defaults it's perfectly
reasonable to have an option to set everything to default all at
once... i believe i've seen "Use Defaults" buttons in the past...

[snip]

Yeah, like maybe having a selection between an Expert and Beginner's
interface. However, I suspect the Beginner's interface would have even
more defaults pre-configured than the Expert interface.

My opinion is that defaulting to about:blank instead of ANY web page
when restoring the browser will result in some users thinking MSAS broke
IE because they think IE isn't connecting anymore. Using about:blank
for the search pane will really up the number of tech calls from users
complaining that MSAS broke the search function.

i'm not suggesting about:blank as a viable solution, just saying that
it's better (from an ethics standpoint) than what they're doing right
now...

The wizard mechanism
that listed ALL the settings with an option to remember them is okay as
that would get the fluff out of the way for subsequent runs of MSAS. But
you already know what is really going to happen. Users are just going
to click OK to get past the prompt dialog (and on subsequent runs
they'll learn to check the "remember settings" box) but they really
won't delve into what those settings are for.

they don't necessarily need to delve into what those settings are for -
so long as they are made aware of the options and can review the
changes before they're applied...

They'll just figure those
are the appropriate defaults. When looking under the options to set
these values, users are more likely to ponder what they are for and what
values they should be.

except most users won't look under the options, they're just want to
'make it go'...

If they have the initiative to actually go look at the options and
decide how to configure a base recovery state that is different than the
install-time state for IE then they'll probably have the initiative to
investigate what each setting is for. Popping up a wizard in their face
with a bunch of settings listed within it probably ends up with them
just clicking to close that dialog, much like when they simply click
past the EULA rather than bother to read it.

and like an EULA, the button to close the dialog can be grayed out
until appropriate other selections have been made...

For those users that are too lazy or unconcerned about configuring the
options of the program, you really think shoving a wizard dialog in
their face will change the result?

it doesn't matter if it changes the result, the point is that they've
been made aware of their options... and yes, i think it will change the
result... if people are used to using google as a search engine and
they see the wizard has msn.com listed as the search engine, they're
going to go and change it...

 

[kurt wismer]

But what if they have been defined but are defined to be the
install-time values for IE?

then it behaves the same as if it were just using defaults...

[snip]

Quick. What is the value for the Search Page registry key to specify
Google as your default search page? Okay, that one you could probably
guess was http://www.google.com. Without looking at the registry, what
is the value of the Search Bar registry entry to use Google? I wonder
how many users would know it was http://www.google.com/ie. What should
the SearchURL registry key be set to? Even fewer users would guess it
is http://www.google.com/keyword/%s. Now ask them what is the URL used
for the SearchAssistant (what gets displayed in the Search pane when
opened) specified under the Search\SearchAssistant key. Yep, that's
http://www.google.com/ie, too. But how many users will actually know
those are the CORRECT values (plus there maybe more than one value which
is correct)?

i concede that those are not the kinds of values a user is likely to be
able to enter from memory, but it's not unreasonable for a user to
confirm them if that's what the settings currently are...

The malware could've easily screwed up those registry
entries so just because they still have "google" somewhere in them
doesn't mean they are valid values anymore. A user that was using
Google but never looked at the value in the registry might think
http://[email protected]/579 is okay because, well, it has
"google.com" in it (but instead it goes to some "swinging singles"
site).

those types of urls can easily be detected and trigger warnings for the
user...

And when seeing a long list of settings then it is easy to miss
one that is "off". When configuring the options to define a base state,
it took some investigating to ensure they were the correct values for
those settings. Users aren't going to do that when a wizard is pushed
into their face listing over a dozen of the current settings (and maybe
the install-time settings for IE).

when entering the urls by hand, sure it takes some effort to find out
what the correct urls are, but not so much if you're simply confirming
or denying that the current url looks appropriate...

Having the user choose to keep the existing value is suspect as it
doesn't necessarily provide a good value after malware has been screwing
around in the registry.

oh my goodness, the user might do something *wrong*... lets stop users
from using computers to avoid this from ever happening...

so long as the user is given choices there exists the possibility that
the user will make bad choices... but the alternative is to not give
the user choices at all... that's not a good alternative...

[snip]

So rather than pushing a wizard in their face that could be presenting
invalid values that might *look* like they are, say, for Google, instead
provide an option for the user to take a snapshot of the current
settings. If the user feels that their setup is currently correct, let
them save a snapshot of those settings. They can then restore back to
this snapshot, or they could fall all the way back to the IE
install-time settings. The IE install-time values would be the base
snapshot (that cannot be deleted). In fact, you could let the user save
multiple setting snapshots. The user could then play around and, after
finding they screwed something up, could restore back to a particular
snapshot.

this is another good idea, and an improvement over what is being done
now...

[snip]

The path of least resistance also means they won't be reviewing that
long list of settings and their current values presented by a wizard
popping up during a browser restore operation.

they will if the UI forces them to... if i'm not mistaken it's called a
forcing function... in order to make the default action the right
action, judicious use of forcing functions is required...

That's why having
snapshots of whatever are the current settings is probably safer and
easier.

safer and easier? they could work in concert with each other...

If the user installs MSAS to perform an immediate browser
restore then they don't have a snapshot to which they can restore, so
they get the IE install-time defaults as the lowest or base state to
which they can recover.

or they can take a snapshot of the suspect state, return the the
factory defaults right now (since they're in such a hurry) and then
later use the snapshot they took to try and return to their preferred
state, bit by bit, at their leisure...