Hi Tech!
beside talking about Sandbox, you said same thing that I'm screaming for years! "default allow" and "default deny".
we all use Antivirus to prevent effect of malwares on our systems. what are them? Harm data, slow down, popups, theft data, use internet bandwidth etc.
these days security softwars are doing something instead of prevent them! like bring a lot of popup and questions (Thanks avast!, it don't do that much) and slow down systems (avast don't do it too
). so it's very important that security software becoming set it and forget and also being trustworthy. like when it said This Is Malware, we say if my AV says it is malware, it is! and not thinking maybe it's FP?
I said that prior to my comment to say we much think of many thing before add a new feature to our products.
Best thing you noticed is "Whitelist" AND "Blacklist", not only "Blacklist".
avast has lack of Whitelist in someway. if it had a whitelist beside their blacklist, it was much easier for them to collect 'unknown' files. I mean, when I scan a folder with a nice antimalware, in the scan result it says (For example) "We Scanned 100 files, 33 Known Clean, 33 Malware and 34 unknown files" and give me options to send these 34 unknown files to their Analysis desk with my comment. I know such thing will need many many resources. also same for Firewall or any other components. a Firewall may have an option that use predefined rules do default allow or dent per program depending on the whitelist or blacklist...
Sandboxing is a great idea, even not as a security solution, something which take care of windows very well (if being programmed in the right way!).
Think of a quality sandbox and how good it can take care of windows? e.g. if your player being installed in a sandbox, browser in it's own sandbox, messenger in it's own sandbox and how easy it will to manage. windows will live untouched and become more solid. when you give up your player and wanted try another one, just flush your player sandbox and install the new one!
when I say a well programed Sandbox I mean every sandbox being customizable like their access to hard drive, internet etc. or run windows services normally or... (Sandboxie cannot run services must of times). so with that quality of sandbox you can run your bowser in a isolated place, isolated like a Virtual Machine which even every kind of sites or plugin don't be able read even 1 bit of your hard drive.
some times Sandboxes cause more problem than having benefits like additional popup from them or fail to run programs or....
so, if avast can program a Sandbox with that quality, I say go for it, if not, don't add something which bother us more!
by having more resources and spending more time, it is possible to do, so why not? start if it is a nightmare because in last 30-40 years many files have being created and you need to list them, but after a while you will list most of them and you will just need to works for newly created files from now on...
That's all what I think! maybe it's all wrong