BleepingComputer.com: when assisting members with issues, do you have to sound like you're writing from a script?

Hi Guys,
I was just wondering. I've seen when people respond to threads, that the reply often seems as if they have a bunch of word documents or text documents of what they're going to say based on the question. It doesn't seem like folks are writing per user's questions. For instance, I was recently sent to the Malware logs forum for a check of one of my computers (which turned out fine), and since I'm an enthusiast, an intuitive learner who scans the logs that are asked of me during help sessions, and a techie at heart, I understand some of what is stated in those logs. RSIT for example. I asked the one assisting me if something that caught my glance was anything to worry about, and my question was never answered. The script that seemed to have been followed just continued on it's merry way. (And I still have yet to figure out what that entry meant). And when I tried to explain that some of the utilities that are used in that forum aren't accessible to screen readers, I felt that no heed was paid. I've been wondering how to tell you about the accessibility issues I've been seeing, but I didn't want to get myself in a screw-up. Like some of the special utilities you use here, parts of them aren't accessible, and my belief is that whether blind or sighted, all of us should be able to use advanced utilities. I'll give names of utilities if you ask for them, but let me know. and one more question. If you get a MRT member who is capable of answering questions that don't have anything directly to do with malware, can they leave their script to answer them?

Many thanks, and I'm sorry if this seems a little surprising to you,but I'm trying to help,
Your faithful board member,
Chromebuster

Hello chromebuster.

First of all, yes, many members of the staff use copy-pasted canned text instructions to make their life a bit easier. However, I also agree that help you recieve should not solely be such texts.

Quote

Yes. Personally, I'll try to help the poster with non-malware issues, general slowness, for instance, if I feel comfortable with what is involved. When faced with hardware issues, which I'm not as familiar with, I'd ask the user to post in another part of the forum for help.

In any case, your questions and concerns should not be ignored. If you feel that this is happening, you can always politely restate the question. Maybe the helper just missed it accidentally. I can't imagine you "getting yourself in a screw-up" by asking questions. Unless you are being rude or r tpying lik edis , there's no reason for you to be ignored.

Quote

Please rephrase the question and perhaps give an example. I don't understand what you are asking.

With Regards,
The Panda

Hello PropagandaPanda,

I think I can address this question by quoting from ChromeBuster's log topic.

First off, a screen reader is an application that translates text to speech. In order for that to work, a program must be accessible to text-to-speech applications.

Quote

From: http://www.bleepingcomputer.com/forums/ind...t&p=1882385

Orange Blossom

Hello.

Thanks OB.

@Chomebuster
Unfortunately, some tools are not written in a framework that supports accessibility tools. The only thing that can be done is contact the developper about it.

With Regards,
The Panda

I'll give you an example. Not that I've ever been in this situation, but I've seen it a lot with comboFix scripts. Correct me if I'm wrong, but I have seen users be asked to drag a text file onto a desktop icon. That is just not possible for screen reader users like me and many others in the world. The developer should offer two ways for the expert to direct the OP using the utility such as to cut and paste the script into a box or something. Something that can be reached with screen readers. Yes, Drag-and-drop is possible using JAWS, but not just anywhere on the screen. Freedom Scientific made it so that action is only possible within windows explorer. I would have contacted the developer sooner, but one, I don't know how to get ahold of him, two, none of the logs are mine and it's just because I feel for others, and three, I'm only one person. My inquiries alone don't usually make a difference. My mission is to help those in need of accessibility, and to help stress the need for accessibility calls. ComboFix was just an example I've seen. Another one is HighJackThis. I was trying to use the special JAWS commands for selecting hard-to-reach text, and I could only select one out of the five or six entries that were needed since the program doesn't respond to keyboard commands very well. I ended up having to ask my father. My point is that though some software shouldn't be touched by even the intuitive learner like me and should only be ran under the supervision of a trained expert, that doesn't mean that users of such software under the right circumstances shouldn't have the rights to accessibility by either mouse or keyboard alike. Maybe this community could help me and my network (see my web site www.raeder24.org at the bottom of my signature), to make more accessibility calls happen and get heeded? Raeder24 is always in need for more spokespeople. Let me know what can be done about contacting some of these developers. Thanks.

Chromebuster

Hello chromebuster.

Quote

I'm pretty sure there would be an alternative method of running ComboFix's script that would work for you. It would involve copying text into two files, renaming one as a batch script (.bat extension), then running the script.

HijackThis is an outdated tool. Alternative tools have been created.

You've brought up an interesting and important topic. I think that in the case that we are helping a visually impaired person working through an accessibility program, the helper could keep to the tools that support such programs.

Maybe we can help by creating a list of programs commonly used in malware removal that are compatible with common accessibility tools.

With Regards,
The Panda

Thanks so much for being in this with me. I'm sure you certainly do understand where I'm coming from. And your idea would be wonderful. I think it's a good idea. But I also think that developers of some of these tools need to be contacted by folks higher up in the channels. I mean, I know that some of the moderators of this board know them, so they'd listen to you guys, wouldn't they? Though I'm an advocate for accessibility for all, I'm really just a puny little old enthusiast, so most companies or high-ranking developers of expert level programs would say that my opinions don't matter. But they'd listen to you. I know they would since you are directly affiliated with them. But you really should have a look at my site. It's dedicated to the accessibility calling as well as some tech support like this site is. Accept that you have more leverage than we do, at the moment anyway. And in honor of you folks, my next blog entry will be in favor of your caring about accessibility to the blind. And one suggestion for those members of the MRT (which I hope to be one day too). You said that there are accessible longer routes for the more advanced tools that can be taken. In the event that you don't know a member too well and don't know what their computing habits are, maybe give both drag-and-drop and copy and paste so that the user can choose what's easier and possible for that matter for them? Thanks for your continued support in this matter,

Chromebuster

It would certainly help having a list of programs commonly used in malware removal that are compatible with common accessibility tools. I found out only as I suggested a tool that it would not work with accessibility tools. That was the first log that I have worked on with the user using accessibility tools. But I was told by the user she/he would wait until a sighted person came to help him/her so I did not realize that it was a problem.

As far as using canned responses, I think that is much better than writing a new response from scratch each time which may lead to some steps being left out or mistakes made. I check my canned responses to make sure everything is covered.

I have to admit I am not as chatty as some of the HJT members and I do miss some questions from time to time. All the user has to do is to remind me.

Hi again,
That would help. I also think that if two methods are available for using tools, such as the ComboFix example earlier, that both methods should be given for then the user can choose which is best for him/her. and just as a reminder to my question, I was looking at the RSIT log, and I saw that a reference to and older version of Outlook 2010 beta was showing in the security event log with the old configuration of my Gordon College email address. I didn't understand how that could be since I haven't had that version of office in there since maybe January or earlier. But I think that rather than just sticking with tools that work with Screen readers, the developers should be contacted, and this issue should be addressed with them. Accessibility across the board is important.

Chromebuster

Quote

I can confirm there is an alternative way to run this, in case you are not able to drag/drop the file. However, always providing the user with two alternatives, can become confusing, and lengthen the post. Personally I prefer to give an alternative solution/work around only when necessary.

• Well, ... I'll take that. I understand where you're coming from. Again I think my beliefs are simply clashing with yours since they lean toward accessibility for all, and not achieving a task in the quickest fashion as is the belief here from what I can see. what I'm trying to get at is that companies need to have knowledge that their software is not accessible for all, and the only thing that will make them aware is if they have more than an occasional request for it. In other words, I'm trying to rally. And as much as I'd like to be a staff member here, helping with malware, I don't know if I'm the right person for the job. You see, maybe it'd help you if I told you this story. I was rejected a job at Gordon college last semester as a tech support front desk worker at the college's technology center. I couldn't figure out why I didn't get it, but somebody I know has a theory. She says that they may be afraid that I'll go beyond simply what the job description says. In other words, I'd be trying to fix folks computers instead of the usual logging of requests only. I hate to tell you, she's right. and not only that, but I have strong issues with helping folks who know nothing about computers since I'm levels above most average users, so I'm trying to help in other ways until I get the proper job where I can be technical in the position of server admin. All I do when explaining things nowadays is boggle everyone's minds. I think I've got to learn to break my own standards. Maybe you could help me? So the list would be great, but I still think that developers need to be contacted and given an explanation of what they can do to improve accessibility with screen readers. I mean, I could contact the ones I know who work over at the MBAM community, but at the same time, I wouldn't feel right doing that. I wouldn't want to accidentally make them feel insulted do to my low rank. Thanks so much for being on my side, guys.

And another question I asked in my last post when discussing my precautionary log was whether Trend Micro's Browser Guard 2010 can fill the gap left by Spyware Blaster since that program is not accessible with screen readers either.
Chromebuster

This post has been edited by chromebuster: 27 August 2010 - 10:52 PM

Hi Chromebuster,

I think you misunderstood what I was trying to say.

First of all, I have a visual handicap, so I know where you are coming from. I fortunately do not need a screenreader, but I know from friends the problems one encounters when using them.
I am not a software developer, so I'm not able to give any useful comment on the fact that many software (whether that is security software or not) is not screenreader-compatible.

However, I am a helper at this forum and a few others. Lets take the example of dragging/dropping a file; there are more situations in which this cannot be done. I adapt my instructions to a specific situation. Imagine what would happen, I make a script that has to be dragged/dropped. I first explain how to do this by dragging/dropping (including a gif that shows the process); this is the easiest way to execute the script for the average user.
Then I can add: if you for some reason or another are not able to drag/drop, do this (instructions) instead.
Why do I choose not to do so? Not because I'm time-pressed to finish a fix ASAP. I do it this way to keep things as simple as possible for the member. At my side of the line, I cannot always know if a member is able to drag/drop (sometimes they tell me, other tiimes not). A simple "sorry I can't do that" is enough.

Personally I try to use as little commercial software as possible in a fix; I usually use MBAM and an online scanner and for the rest non-commercial tools that are developed in our community. I have no idea how accessible these are to be honest.

As a helper, I often encounter situations/problems that do not have a "perfect solution". Therefore it is impossible for me to adapt all my fixes in such a way they can always be followed with screenreaders, I think you can see why. However, this is sure possible in a case-to-case scenario (i.e., if I know a member has certain problems, whatever the cause may be, I can adapt my fixes to that).
As for the commercial apps, I am afraid many of those are just saying: well, the majority doesn't use screen readers, so why make the investment for a handful that do use them (I hope I am mistaken here, but unfortunately things are mostly axed on money and cost/profit balances).

I hope this clarifies my previous post, if not, please feel free to ask!

EDIT~ I forgot to answer your question regarding Spyware Blaster/TM Browser Guard. These are optional security programs. What you absolutely need is one Antivirus application, an Antispyware scanner (on demand) and a Firewall (a router, or, if you are on XP, a thirdparty firewall). All other things are nice, can be handy, but are not necessary if you browse safely and keep all your software up to date.

This post has been edited by elise025: 28 August 2010 - 01:55 AM

Hi,
Thanks for the clarification. If it makes you feel any better, I'm not a software developer either, but I am a programming enthusiast, and so I'm aware of the accessibility measures that Microsoft has incorporated into their Visual Studio IDE. I like all of them, and find them easy to implement since they are just changing properties and labeling things. My thing is that I don't see how hard that is for companies. I think that most comertial companies either one, don't use Microsoft-based controls which have automatic accessibility built into them, or two, they do use them and don't label the buttons because the developers don't take an extra second to go into the properties of their form and fill in the information. and that's literally how long it takes. ... a second. And still there are others, (90 percent at best), who do listen. I think it's the corporate ones that don't. Like for instance, I've tried to bring this issue up in the MbAM community, and never have I gotten so much as a reply on the subject from them. They are in the former camp who create their own controls. That is fine, but the way that program is written makes it extremely difficult to customize. For instance, in JAWS, you can change the class in the program itself, allowing JAWS to see what isn't there, basically. So in the JAWS configuration, you'd change the class to the regular Microsoft tab control, but MBAM would still have it's own classes there. The issue with this method is that you can get a hit or a miss. Sometimes it works the way you want, and sometimes it doesn't depending on how obscure the program class is. Now in terms of MBAM, the program is useable by screen readers, but it's not straightforward. JAWS users must root their different cursors that are built into the screen reader to get certain information to display such as the list of malware found, and half the time, that method can't display all of it. For instance, you'll get the path of the file, but if it's a few directories deep, it will cut off in the middle of it, and JAWS will only read parts of the path and file. This only gives a rough estimate of where the file actually is. This can result in users deleting the wrong file in the case of a false positive. It's happened to me before. I've tried to ask members of the JAWS scripting mailing list to help me script MBAM to fix the problem, but no one seems interested. Thoughts as to how I can stress the importance over at MBAM that these stupid things shouldn't be happening?

Chromebuster

I don't know the answer to this, but a question I have is this. Could the accesibility controls if they were implemented be another attack vector for malware. In other words, as an example , would MBAM have to work on safeguards on the accessibility tools incorporated to prevent a vector of attack on MBAM.

Does adding accessibility give another potential door for rendering malware tools ineffective?

I'm not a programmer nor do I use accessibility applications. Just wondering aloud.

I'm just learning how to program in C#, the book I've been reading to teach myself doesn't say anything about attack vectors being the fact that one uses standard controls. The control that is used by MBAM is called thunder 6. Or something along those lines. if it were changed to the SysListView32 control for the list items (the class that SAS uses), JAWS and other screen readers are still able to recognize it natively without any tweaking on the screen reader's side. Now I don't mind tweaking stuff, but what about the average user who could care less and who just wants the program to work for them? I mean, my tweaks for MBAM don't really work well anyway, like I said, it's a hit or a miss. But my point is that if standard windows controls perform the same functions as custom controls, why not use them? I'll ask the folks on the programming mailing list full of blind members I belong to and you'll have your answer in a few days when somebody on there gets back to me.