I asked this a long time ago via mail, but i will try it via forum again.
I would like to request a password lockdown, so that users can prevent others to mess around with the settings of spyshelter when they are using the same computer.
And together with the password lockdown request i would like to request an option to disable this feature for a certain amount of time when for example installing applications. Otherwise the prompting would get users insane…
So just like the do not disturb feature, but then only related to the password lockdown feature.
Another question… couldn’t someone just go to add/remove programs and uninstall SpyShelter if they have admin access anyway?
Also, what if you lose the password because it’s not the admin password? You’d just uninstall SpyShelter? And if the user can just uninstall SpyShelter anyway then would a password help?
I’m not trying to argue against the idea, just thinking of different scenarios…
I think the removal of the program should be connected with adding the spyshelter password first - so unlock it - otherwise it does not make sense.
So without unlocking no removal.
This gives however another challenge if one might lose the password, it’s not possible to operate it anymore, or remove it in case it was not functioning correct.
I propose such a scenario.
The password for the program must be different from the password of the system administrator. Just like the old, classic version of the program.
Before deleting the program, the user must enter the password for the program, otherwise the program will not be deleted even with administrator rights. For example, this is how password protection works in Kaspersky anti-virus (and other antiviruses). Without entering the password for the program, this program cannot be deleted even with administrator rights.
If the user has forgotten the password for the program, and wants to perform some actions that require entering a password (changing settings, deleting the program), then there should be a “Reset password” button in the password entry form, clicking on which an automatically generated one-time password will be sent to the email address to which this program license is registered which will allow the user to enter the program settings (or perform other actions) to disable the password protection function/change the password, etc.
If the user has already lost access to the email address for which he registered the program license, then he will have to contact technical support to be sent a similar one-time password to log in to the program.
We will take a look at other security applications with this feature. I guess for me… I would worry if we don’t use the official Windows admin password for this feature, then the user could lose the SpyShelter password and be stuck where they couldn’t do anything. What could we even offer to help them? Telling the user they can never uninstall an app seems unacceptable. So, that’s one reason I think we prefer the idea of using the Windows admin password. But, I guess many Windows users run their account as admin anyway. Or, perhaps we could still request the admin password even if the user is running their Windows account as admin.
The other thing to consider is that even if we tried to prevent a settings change, or uninstall, there will always be some method to kill processes and remove files no matter what. Windows isn’t set up to keep you from ever removing a file… so I think even if we tried to prevent settings changes or file removal, it will always be possible. Also, if someone bad already has full access to your PC, haven’t you already lost the fight anyway?
I’m not saying the idea is bad or good, just some more questions/comments. I think the best step for us is to look at other similar software and see how they accomplish this task (as one of you recommended).
The main thing for us is to avoid doing any harm to our users, so we should consider that when considering this “lock” feature. Also, SpyShelter does have some protections in place so someone can’t go in and completely disable everything easily, but it doesn’t have a password/admin requirement yet.
