Please make X-Fence a full-fledge product.
X-fence is the primary reason why I'm interested in F-Secure at all. I really really want to see it get some serious tender love and care rather than the direction the dev team is taking it by watering it down by bundling it with the preset rules and hiding it as a mere button relegated to the last item users will read as they review all the settings. I understand how no user interaction required is a big thing for security products for the average joe, that's fine, but as a power user, I don't trust it, I have no idea what rules come pre-bundled, or what decisions it is making about applications that I never see prompts for. Please do not shaft the power users that once used Little Flocker. I want X-Fence to be as robust a file system firewall as Little Snitch is as a network firewall. A robust app would allow for stricter filtering than what comes bundled with fs protect, while being user-friendly (not so tedious to work with). Little Snitch accomplishes this balance well with network firewall, I ask that you match their feat with a filesystem firewall.
Being able to easily see and resolve redundant/overlapping or conflicting rules would be huge for the security conscious power user, a menu cluster for monitoring, disabling/enabling and changing settings about new rules on the fly. In short, I wish X-Fence was a full-fledged product as it was originally intended to be, like it's origin, Little Flocker. I would gladly pay $50 or more to have such a robust layer of security at the file system level. It is way too difficult to manipulate the rules as it is, a user has to open the settings panel, find X-Fence, click the last tab in the panel, and then finally X-Fence rules pop up, and it's not even an application, so I can't add it to my dock or menu. It's not made for humans to use. Please create a robust full-fledged filesystem firewall application. Thank you for hearing me out.
Comments
-
Hi,
thanks for your feedback, we definitely take it in consideration.
Indeed, the idea is that for your average user, decisions will be made by the default (F-Secure provided) rules in combination with F-Secure's Security Cloud service. However, if you switch to "Classic" mode, it will operate more like the old XFENCE with a minimal system ruleset and not rely on our Security Cloud for making decisions. It's worth noting that these "non-default" features are still very early in the development so in the current betas they may not work quite as expected. As an example, the "learning mode" feature was left out but will be back soon.
As for the rule editor, it is a regular app bundle (albeit hidden away as "normal" users shouldn't need it), so once it's running and visible in Dock you can right-click on it and choose "Add to Dock" to keep it there. We can also explore if it would make sense to make it (and other XFENCE features) more easily reachable for power users, for example via a preference option. We already have several power user features planned in the near future and feedback like yours will help us when planning the future releases.
Cheers,
- Rasmus, F-Secure R&D
Rasmus Sten
F-Secure Technology, Mac Team
-
I test drove the classic mode and the strict mode. It works, but it was not nearly what I had hoped for, it's too tedious to use on a daily basis, it doesn't make it easy to make short work of creating rules from a strict approach. In Little Snitch, I love the ability to create temporary rules, and then being able to edit temporary rules into permanent rules. Being able to silently allow or block new rules but still have the entries in Little Snitch for investigating and formulating rules at a later date when I have time to handle it after is very useful. I love how easy it is to adjust the scope of protection to allow all network traffic over port 443 or to port 80 for a web browser for example, it makes it easy to create rules that are sensible according to the application, so, the web browser for example, it would be hell to be strict about network traffic for a web browser, to allow every single domain and port on an individual basis. If I had to do that I'd throw up my hands and give up, it's not worth the trouble. Making it easy to select a directory potentially up the directory tree, or limit it to just the one selected and not recursively, and only up the tree as necessary excluding permission to other directories in an easy way with keyboard shortcuts and dynamic options would be the bee's knees.
The issue for me with the default mode which relies on the smart cloud solution, is I can't see or adjust the rules for the default rules that rely on your cloud solution. That really bothers me. I get it for antivirus or malware, but for me, file system level protection is more than just protecting my system from malicious snoopy applications, it's about privacy. completely opaque set of rules that relies on the cloud is not transparent, and does not give me any sense of privacy or control. I'm fine with starting with a solid base of pre-built rules for system functions, and I would welcome suggestions for rules based on your smart cloud solution, but I don't want to have to choose between no choice and the tediousness of working with software that is not user-friendly. Part of the appeal for me is being aware of the ethics of the software developers who I buy software from. Are they touching things on my file system that are inappropriate? The default mode is too quiet honestly, I don't have a good sense of how well it's working. I need more verbosity.
One really useful feature about Little Snitch is that it has a database that can describe the process that can inform our decision when a new connection/rule arises. They actually have an API and process where software developers can submit a profile of the network processes their software makes and the user can see a description of what the process is for/what it does and make a decision with more conscious choice & understanding and peace of mind.
I think my general point has been made, so I'll stop here, but I want to say, I'm glad x-fence is being developed, and it's nice to not be dealing with the system hangs as much as before although I do notice it from time to time as I do run Parallels (Virtual Machine software) and video encoding tasks among other things. You are definitely creating a magical product, it's sad that most people won't even be aware of the power of that. I personally really want to see a power user version that is more verbose and easier to make choices with a hybrid of manual and semi-automatic decisions.
All right. That's it from me for now. Keep up the good work f-secure team!
🚩 What Do You Think?
We’d love your thoughts on our fresh look! Quick survey, big impact!