vistafirewallcontrol.freeforums.org

[claudiubotezatu]

In "Settings" there is a Zone for All the application (suppressed by applications zones) and is AllApps; however there is no zone in "Zones" with the name AllApps;

Anyway ,what in this zone (AllApps) is suposed to do.

As a personal note I have to say that the lack of proper documentation for Win7 Firewall Control Pro (32$!!) is frustrating ....

Thanks,
Claudiu

[VistaFirewallControl]

>In "Settings" there is a Zone for All the application (suppressed by applications zones) and is AllApps; however there is no zone in "Zones" with the name AllApps;

The zone is initially empty so there is nothing meaningful to be stored in the repository (the Zones tab). If you edit the zone W7FC will offer you storing the zone to the repository immediately and then will trace all the zone changes against the repository.

>Anyway ,what in this zone (AllApps) is suposed to do.

The option allows overriding all applications permissions in specific environments, VPN connections, mutable installation helpers (see the F.A.Q for the details) etc.
For instance, if you need all the application to be enabled to a destination and if the applications are not explicitly blocked to the destination, you can add a correspondent rule to the AllApps zone instead of patching multiple permissions of many applications.



>As a personal note I have to say that the lack of proper documentation for Win7 Firewall Control Pro (32$!!) is frustrating ....

The manual is always a compromise between the details level and the entire manual length. The long manuals are not read typically. If you can suggest a specific explanation to be added to the manual we would be happy to supplement the manual.

[jclarkw]

>> >>As a personal note I have to say that the lack of proper documentation for Win7 Firewall Control Pro (32$!!) is frustrating ....<<
If you can suggest a specific explanation to be added to the manual we would be happy to supplement the manual.<<


I must emphatically agree with claudiubotezatu. Theree are too many specifics to list, the documentation is SO cryptic and SO slanted toward IT experts, but here are two general ideas that would help a lot:

1) There should be at least one concrete example for each topic. Perhaps a beginner example and an expert example would be best.

2) Each topic should explain to a novice what he actually needs (or does not need) to do about it to get a workable installation. For example, I didn't see any discussion of how the automatic suggested-zone mechanism actually works in Plus.

The software APPEARS to be great, but the manual doesn't make it easy (for me at least) to tell. -- jclarkw

[VistaFirewallControl]

>1) There should be at least one concrete example for each topic. Perhaps a beginner example and an expert example would be best.

Could you please provide a brief sample. Should it be a clink-by-click instruction? It's hard to have a detached view to the product sometimes. The sample could be helpful.
There is no problem to edit the manual, there is the problem to avoid IP networking basics and make the manual short and clear for everybody.

>2) Each topic should explain to a novice what he actually needs (or does not need) to do about it to get a workable installation.

The problem is security policy varies from user to user, from environment to environment.
So "what is safe" for a person could be extremely dangerous for another person.
Some users expect WindowsUpdate safe and WindowsUpdate must be enabled unconditionally. The others do not expect that.
Some users expect any home network computer safe, the others prefer to exclude a "kid's" PC from in-home communication.
There is no a universal approach unfortunately, there is a tool to implement any policy you want.

>For example, I didn't see any discussion of how the automatic suggested-zone mechanism actually works in Plus.

Oh, that's extremely simple. W7FC analyses the initial (and initially blocked) access attempt of non-listed application and uses the attempt parameters (mostly the access direction, port and application's life time, there are exceptions however) to advise a proper zone. There are some application name based exceptions. The logic is fuzzy and user experience based enough.


>The software APPEARS to be great, but the manual doesn't make it easy (for me at least) to tell

Let's try to make it better

[jclarkw]

>>Could you please provide a brief sample. ...there is the problem to avoid IP networking basics and make the manual short and clear for everybody.<<

Well, now you've really go me started. It' been s few of days since I printed out and read through ALL of the documentation that I could find on your site. Without repeating myself extensively, I would like to refer you to my ongoing e-mail exchange with Tech Support on some of these issues under the heading, "W7FC Application Permissions -- How to Set in Free vs? :Feedback: Choose." The topic that most seems like an ideal case to me is the example that they just provided me on how to permit Internet Explorer 8 on first use in the Plus verion. The step-by-step instructions there, together with the clear description of what the corresponding recommended Zone actually does, were illuminating to me and probably would be so to most new users at almost any level, albeit that they use different Web browsers. I would suggest that each of the most common tasks of new users (e.g., introducing their e-mail client to W7FC, perhaps printing to a TCP-IP-atteched LAN printer) should have similar examples in the documentation.

As to how these examples should be included, I would vote for direct in-line text/figures, which the reader can easily skip if desired. (Actually, I'm a fan of downloadable PDF user guides that I can print and use as bedtime reading, although definitely not the over-blown, dumbed-down type that are put out by ZoneAlarm an other mass-market vendors.) Your basic structure is fine; it just needs a lot of filling out. I would never recommned a tutorial on IP networking; working out enough examples of the sort I am suggesting, users can easily find the backgound they require elsewhere. What's really needed besides examples, in my opinion is some fleshing out of the details of how to operate the program.

There is a lot of functionality in Plus that the user is left to find his/her way through alone. As I've been doing that myself, I've asked in the abovementioned ongoing correspondence questions like, how do individual "rules" (as opposed to "zones") get created, named, and made accessible for future use; how does the "Settings/LAN" function actually work, and how does the user control it to his/her advantage. There are many other features in the software that are hardly mentioned in the documentation...

>>The problem is security policy varies from user to user, from environment to environment.
So "what is safe" for a person could be extremely dangerous for another person.<<

Undoubtedly true, but that does not diminish the educational value of "tutorial" examples that would be appropriate to many users (as suggested by your provision of recommended zones for most applications), even though they may not go in the direction desired by some. My point is that, rather than stumbling ones way through the program with may questions to Tech Support, one might be able to find one's own way, guided by examples and more complete explanations in the documentation.

>>Oh, that's extremely simple. W7FC analyses the initial (and initially blocked) access attempt of non-listed application and uses the attempt parameters (mostly the access direction, port and application's life time, there are exceptions however) to advise a proper zone.<<

Fine. The recommended zones are great. What's not great is that the documentation does not explicitly say things like the statement quoted above. Also missing is a clear statement that the Free version provides easy-to-use basic protection but that the Plus version offers more protection, is more specific, and is more versatile. Nevertheless, Plus is still accessible to beginners by virtue of the "huge set of predefined security zones." (To make this point to a beginning user it's vital to back it up with concrete examples and explanations of how they work.)

>>Let's try to make it better<<

I would suggest that, rather than listening to rantings like mine, you should take the questions asked by users (admittedly answered promptly by your EXCELLENT Tech Support) more seriously as indications of information missing from your on-line documentation. -- 'Nuf Said?

[VistaFirewallControl]

>"W7FC Application Permissions -- How to Set in Free vs? :Feedback: Choose." The topic that most seems like an ideal case to me is the example that they just provided me on how to permit Internet Explorer 8 on first use in the Plus verion.

In our humble opinion there is a logic, evident enough and universal for any application.
The activity detected, a zone advised, you confirm the advised (if it fits your policy).
If something does not work properly, you analyze the blocking events (with the balloon of the log) and adjust the permissions accordingly. The per-applications details are very specific and can’t be documented in-full, there is a lot of internet active application, there is no chance to describe all of them.

>The step-by-step instructions there, together with the clear description of what the corresponding recommended Zone actually does, were illuminating to me and probably would be so to most new users at almost any level, albeit that they use different Web browsers.

Any “what zone actually does” can be seen by listing the zone rules (while editing the zone).
The rules are strictly named and the names are descriptive (we did our best).
Obviously we should not start from IP basics, protocol/port descriptions and well known ports specifications. Have we missed something?


>I would suggest that each of the most common tasks of new users (e.g., introducing their e-mail client to W7FC, perhaps printing to a TCP-IP-atteched LAN printer) should have similar examples in the documentation.

For every available application? That’s hardly possible. Any chance to select a more popular application group to describe the behavior? We failed with that once or twice. The user environments vary so significantly.
If a user prefers FireFox, would IE related mentioning be helpful to the user? What do you think?

>As to how these examples should be included, I would vote for direct in-line text/figures, which the reader can easily skip if desired.

What is the default state if the inline figures, shown or hidden. The typical problem is that the users rarely change the default state. So if the default is shown the end will never be reached, with the default is skipped, the items will hardly be reviewed. Sounds surprisingly but we had a chance to make sure many times.


>As to how these examples should be included, …….. I'm a fan of downloadable PDF …. definitely not the over-blown

Actually the documentation details level compromise is important. PDF is a sequential format.
When printed it would be hard to find a required topic. Paper documents are not “searchable”
What do you think about youtube style videos.


>Your basic structure is fine; it just needs a lot of filling out. I would never recommned a tutorial on IP networking; working out enough examples of the sort I am suggesting, users can easily find the backgound they require elsewhere. What's really needed besides examples, in my opinion is some fleshing out of the details of how to operate the program.

You are obviously right. What do you think about a paragraph added just after Manual/Abstract with detection application screenshot and brief related description around?


>There is a lot of functionality in Plus that the user is left to find his/her way through alone. As I've been doing that myself, I've asked in the abovementioned ongoing correspondence questions like, how do individual "rules" (as opposed to "zones") get created, named, and made accessible for future use;

Could you please be more specific in where exactly the zones manual page is not enough?



>how does the "Settings/LAN" function actually work, and how does the user control it to his/her advantage. There are many other features in the software that are hardly mentioned in the documentation...

Settings page (the LAN paragraph). If we have missed something could you please point us




> (as suggested by your provision of recommended zones for most applications), even though they may not go in the direction desired by some.

So another paragraph to be added? “Advised zones. How it works”. Right?

>>Oh, that's extremely simple. W7FC analyses the initial (and initially blocked) access attempt of non-listed application and uses the attempt parameters (mostly the access direction, port and application's life time, there are exceptions however) to advise a proper zone.<<

>Free version provides easy-to-use basic protection but that the Plus version offers more protection, is more specific, and is more versatile. Nevertheless, Plus is still accessible to beginners by virtue of the "huge set of predefined security zones."

We are on the right way. Thank you.
There is the feature comparison on http://sphinx-soft.com/Vista/order.html
What should be done to improve?
(Sorry for the reminding, we can hardly have a completely detached view)

[jclarkw]

I'll try to give point-by-point responses to your above questions later. (As you know better than I, haveing already tried to write a user's guide -- I myself am not a "technical writer,' just a user and a scientist who writes technical papers, a different animal entirely -- this will take time.) Right now I offer two thoughts that occurred to me overnight. The first is probably obvious:

1) Move this discussion to it's own new thread with an appropriate title such as "User's Guide -- Suggestions for Improving," in hopes that other users will be drawn into the discussion and offer suggestions of their own.

2) Write (or rather, re-write) an introduction to the detailed, section-by-section manual that provides a real overview. NOTE: The following is intended as an outline only and will probably contain important errors (due to misunderstands on my part as I blunder my way through your software) that you will need to correct. I suggest that you correct and/or them HERE and use that corrected version as a draft for a future formal version, on which other users can comment.


OVERVIEW (Readers beware that the following contains errors and is not sanctioned by Tech Support):

The software is application-oriented, as opposed to a traditional firewall that is communication-oriented (but see below), and has the following overall structure:
It detects that an "Application" (this term should be defined somewhere) is trying to access the network.
It then searches through the "Program List" to see if that application already has a "Zone" assigned. If no Zone has been associated, it normally temporarily blocks access (or otherwise acts in accordance with the Rule defined where?) and asks the user to assign one (but see below).
Such a zone can be chosen from a pre-defined list, one (or more) of which is usually suggested to the user to make the process simpler.
A "Zone" consists of an ordered series of one or more "Rules" and a "Result." See sections so-and-so for details on these elements and how to create and combine them.
Or it can be user-defined from a set of individual "Rules" found in the "Repositor," or from new user-defined rules.
If a Zone has been assigned, the designation action is taken.
If an "AnyApplication" zone has been defined (or turned on? This paragraph I'm not at all sure about!), instead of blocking and asking the user, it takes the defined action. (See section ... of explanation of the utility of temporarily having an "AnyApplication" Zone.) Such a zone can also be used to apply a set of general, communication-oriented rules, as would a traditional firewall. Correct?

The software treats connections to a LAN differently from direct connections to the Internet. (Here again I am very unsure how this works...)
If a LAN connection is detected (by recognizing one of the "local" IP addresses?), many of the zones are modified to allow more kinds of communication (e.g., file and printer sharing?) These modifications are made through the LAN option -- see section so-and-so -- but can be user-modified as well.
If no LAN connection is detected, the software checks for a user designation of "Expensive/Insecure Connection." (Or is it the other way around?) In that case it changes the permissions certain applications (so designated by the user -- see section so-and-so -- to DisableAll.

The Free version has the same basic structure as above but provides only four pre-defined zones (list...), does not make recommendations, and does not allow the user to define new zones or rules. (Other important differences?)


Best I can do right now. Does any of the above sound helpful? I certainly could have used this kind of information (and still could use more, as indicated by the errors/uncertainties above!) to guide me through the rest of the documention. -- jclarkw

[jclarkw]

In a brief attempt to respond to your specifiic questions above:

>>In our humble opinion there is a logic, evident enough and universal for any application.
The activity detected, a zone advised, you confirm the advised (if it fits your policy).
If something does not work properly, you analyze the blocking events (with the balloon of the log) and adjust the permissions accordingly.

Agreed. This is good material and should be explicitly added to the "Overview" that I've tried to outline above.

>>The per-applications details are very specific and can’t be documented in-full, there is a lot of internet active application, there is no chance to describe all of them.
Any “what zone actually does” can be seen by listing the zone rules (while editing the zone).
The rules are strictly named and the names are descriptive (we did our best).
Obviously we should not start from IP basics, protocol/port descriptions and well known ports specifications. Have we missed something?<<

Again agreed. What I think you have missed is that none of these processes is evident at first to the new user (at least it wasn't to myself, who might be considered an experienced but not expert computer and Internet user). This is why I'm confinced that leading the user in detail through a few examples (carefully chosen and not advertized to fit everyone) would help him/her to understand, and to modify if desired, a pre-defined zone or rule encountered in the software.

>>For every available application? That’s hardly possible. Any chance to select a more popular application group to describe the behavior? We failed with that once or twice. The user environments vary so significantly.
If a user prefers FireFox, would IE related mentioning be helpful to the user? What do you think?<<

Do you not think that walking through an example for IE (arguably the most popular, if not the most secure browser) will show the user how to apply your software to his/her own browser. Certainly you would not provide examples for every, or even many, applications. Rather I suggest you choose a few (maybe three or four) that either are very common and/or illustrate the different techniques that can be used in different situations (best chosen by you). The first such example would be particularly important, since it would give the first step-by-step illustration of how the software works. Later ones could be presented in successively less detail.

>>What is the default state if the inline figures, shown or hidden. The typical problem is that the users rarely change the default state. So if the default is shown the end will never be reached, with the default is skipped, the items will hardly be reviewed. Sounds surprisingly but we had a chance to make sure many times.
Actually the documentation details level compromise is important. PDF is a sequential format.
When printed it would be hard to find a required topic. Paper documents are not “searchable”
What do you think about youtube style videos.<<

Your experience is better than my lack thereof. All I can tell you is my own preference for a user's guide -- that it be organized linearly but begin with a good overview and end with a good index. (Of course a PDF can easily be searched on any computer -- more easily for me than an on-line HTML document with many linked pages, especially because the links are already defined and not necessarily to the readers needs or taste.) Anyhow, the examples I'm recommending are fundamentally tutorial in purpose, so should probably be in-line with the descriptive material. Personally I hate videos, although they seem to be the preference of our TV-oriented society. They are even more linear and un-searchable than a printed document.

>>You are obviously right. What do you think about a paragraph added just after Manual/Abstract with detection application screenshot and brief related description around?<<

I think this is what I've tried to describe in my "Overview" outline above.

>>Could you please be more specific in where exactly the zones manual page is not enough?<<

I've tried to point out a few examples that tripped me up, both here and in our e-mail correspondence. I'm happy (in fact, I'll be forced) to ask more questions as I try to learn your software over time. I'm afraid, however, that I don't have time to go through the existing documentation and attempt to re-write it. (You could hire a computer-savy technical writer to do that, but be careful to avoid the kind the writes most software manuals these days, and put a strict page limit on the project!)

>>Settings page (the LAN paragraph). If we have missed something could you please point us<<

I have not worked my way through this yet, although my (probably mistaken) comments in the "overview" proposed above and my recent question by e-mail will give you some idea of what I didn't understand.

>>So another paragraph to be added? “Advised zones. How it works”. Right?<<

Definitely.

>>There is the feature comparison on http://sphinx-soft.com/Vista/order.html
What should be done to improve?<<

Provide some descriptive text along the lines suggested above to go with the table. When I first looked at that table, I didn't really understand what most of the headings meant.

Anyhow, good luck with this admittedly difficult and irksome, but I believe important, task. -- jclarkw

[VistaFirewallControl]

Thank you very much for the suggestions, the manual changes have been scheduled.

FUI:
>for IE (arguably the most popular, if not the most secure browser)
Hardly. http://www.w3schools.com/browsers/browsers_stats.asp

>1) Move this discussion to it's own new thread with an appropriate title such as "User's Guide -- Suggestions for Improving," in hopes that other users ………
Hardly, in spite of about 1.5 million users, such threads will be empty or filled with random posts…… unfortunately

[jclarkw]

>> >>for IE (arguably the most popular, if not the most secure browser)<<
Hardly. http://www.w3schools.com/browsers/browsers_stats.asp<<


Interesting! Apparently Firefox and Chrome have taken over. (I've been thinking I should be switching to Firefox...) Thanks for the info. -- jclarkw