Solved

Protected Applications - settings


As I am a new subscriber, I'd welcome some advice on the best settings to use for Protected Applications in the Identity and Privacy Area. I have 3 web browsers and all are set at "Protect" which I think is generally advised.
 
The fourth application shown is Media Go which is rather like a Sony version of iTunes. You use it to download movies, music and games and it's also a library. Anyway, I found that this application had been set at "Deny". I don't think that that is correct. Should I change the setting to "Allow" or to "Protect." What are the relative risks? 
 
Incidentally I didn't put the Deny setting myself. It doesn't make sense to totally block a media store and library, does it?
 
Thanks
 
Martin
icon

Best answer by YegorP 25 May 2012, 17:54

View original

11 replies

Userlevel 7
Badge +62
Hello @ Frankly I believe you have an idea there that helps everyone out and your easement is recognized in all favors...The WSA Forum and developers ....wish I would of thought of this ....Thank You 😉
Userlevel 7
Hi Dan
 
Sorry to here about your issue, and you are obviously very much entitled to your views of WSA but the comment of"...frankly your attitude smells tech condescending to me." & "...another instance of 'we know better than you-itis'" are most uncalled for.
 
The vast majority of the responders in the Community are volunteers who give up of their own time to try to assist fellow users, and we have absolutely no control over the product as it is.
 
If you feel strongly about the way defaults are set/feel that there should be an option to allow the tailoring of key defaults during the installation process then please post a new Feature Request in the Ideas Exchange (link is at the top of every page) which other users can review, comment on and if so minded signify concrete support for.
 
As it says, from the Development Team, in that forum "Share your ideas - big and small!  Remember to VOTE for your favorite ideas because we're listening. Not all will be implemented, but the ones will the most votes will definitely get discussed. :)".
 
If you do decide to post such a request  (and as a developer yourself I would suspect that any such post would be most informative/bang on the money ;)) please post back here that you have so that we can go along to review  and support?
 
Regards
 
 
Baldrick
Turning off cut and paste for almost every application on a computer is 'just fine'. ?.
 
Maybe because like a few other commentators I am a developer and have many tools installed
my usecase is different from yours.
 
I have installed and reinstalled a dozen apps and stop using some and  carry out some functions on another computer.
 
Days wasted till I found out webroot took it upon themselves to disallow pasting data.
 
I have norton and avg on other machines and they work fine without interfering with normal operations in this way.
 
A simple option to choose our own default could have saved me much wasted time and pain. Next time something weird
happens with my tools I probably will just remove replace webroot rather than sacrifice so much time and effort
 
The billable hours lost would be worth 20 times the cost and any value gained by using webroot.
 
I am answering an old post as I browsed here from google after finding a forum post where webroot had
crippled another developers workflow similarly.
 
I like many things about webroot but these defaults and frankly your attitude smells tech condescending to me.
 
So I will keep my otther securityware as insurance against another instance of 'we know better than you-itis'
 
Cheers
Dan
 
 
Userlevel 7
Hello dansecdev, welcome to the Webroot Community!
 
While it is curious you replied to such an old post, I am sure your comments will be given due consideration  :-) 
 
I will say that for some power users the defaults may not be the most convenient, but the defaults are set to provide the best 'install and go' protection possible for the average user.  I admit that while most of the defaults work just fine but I do have to manually adjust a few.
This is the issue with the classic network admin security kneejerk of 'turn off all permissions above basic user and let the peons plead to turn them back on' configuration approach.
 
It's taught as recieved wisdom in every network security course and all it does is encourage users to hack the system or use outside tools or simply not use the tools they need.  Worst case a frustrated manager will insist on elevated permissions for all users.
 
There should be roles for most main use cases (user needs) or optional controls to customize at least the default policy as suggested here.
 
I do not have the time to go and set 100 odd executables to allow and there is no allow all switch (so I could go and then turn off the few I dont want to be text pastible (mainly because I dont know what they are)) - so I too will turn off identity shield and make a waste of all the development time on this doubtless useful feature.
 
Classic arrogant defaults result in compromising the entire security layer. 
 
For Christsake could  whomever is responsible for managing testing just once put themselves in the shoes of
a user that wants to use thier computer not fight the mummy state attitude of security geeks.
 
 
d
Userlevel 2
Hi Jim -
 
Thanks for the reply.  I have posted there:  http://community.webroot.com/t5/Ideas-Exchange/Modifications-to-Identity-Shield/idi-p/21046
 
 
Userlevel 7
This kind of problem makes a good case for an optional setting in the Identity Shield to change the default behavior to Allow.  While that would limit the usefulness of the Identity Shield by requiring users to move things into Protect or Deny themselves, it would solve the problem for developers who run into this issue by only requiring a single settings tweak.

The Identity Shield is designed mostly for browser use, and you can get a more clear understanding of what it does by visiting Protected Websites in the settings menu to see more protection options.

While I've mentioned the idea of an additional setting internally, customer input carries the most weight, and I would suggest making an idea in the Ideas Exchange for a setting to do what I've described above.  The setting could also be done as a prompt, or there may be other ways of going about this.  Any suggestion you have about how to best overcome this issue would be valuable, and that value would be most quickly recognized as it starts to gain kudos from other users who like it as well.
Userlevel 2
Hi -

I've found that you can turn off "Identity Shield" - Open Webroot, go to the Identity Privacy tab - it's at the top.

This disables more than I'd like - but at least you can actually use your computer..
 
[eta] I find the whole concept of these "protected apps" to be crazy.  All it seems to do is to prevent pasting into them.  You can copy & cut from them, just not paste.  I like some of the other protections in Identity Shield, but for now it's all I could figure out so I could use my computer.
 
In my case, if I had not been able to turn it off, I would have had to uninstall Webroot & go with another brand of A/V.
 
Userlevel 5
Badge +1
I have similar issues but not as a developer. I hope someone can answer swiftly.
Userlevel 2
I don't mean to hijack this thread, but it is exactly the topic I'm having trouble with.
 
I am a software developer (for 30 years) & just got a new computer with Webroot included.  I have used many A/V solutions, but Webroot really caught me off guard. 
 
I spent over 10 hours uninstalling & reinstalling software trying to figure out why I couldn't paste into an application when a browser was open.  IOW - pasting into it was fine until I opened Firefox or IE - then it'd stop working.
 
I finally found the protected app settings & changed them from Deny to Protected & I can paste again.
 
However, I compile new exe's many times a day & each time I recompile, Webroot changes that exe to Deny.  Annoying at best, though infuriating is probably closer.  Any new programs I install get this setting as well.
 
How on earth do I turn off the automatic "Protected Settings"?
 
TIA!
 
 
Userlevel 7
Hey martin607,
 
It's actually uncommon to see WSA automatically set an application or program to "allow". On the contrary, most programs/applications are typically set to "protect" or "deny" in order to ensure they don't steal your information should they happen to be malicious.
 
Keeping Media Go in "deny" shouldn't cause any functionality issues or prevent you from using the app. However, if you know that the program is "good", you can manually set it to "allow" if you'd like. :D
 
Hope that helps. Let me know if you have any more questions!

Reply