First of all don't tell me to take it easy, i am alergic to that.
Sorry, we don't know each other personally or that much, enough to know these details.
Let me ask you something, does Comodo know of every single game you run and have it on that whitelist ?
1. We're not discussing Comodo.
I'm discussing an avast possible feature that I like and seems useful.
2. No. Comodo can't know any single game out there... This is the handicap, this is the problem... Can the programmers drop some light on how to solve this?
The blacklist approach is better for me as it doesn't require an input from me which is why i am running avast!. Are you getting my point ?
Sure. The blacklist is a very good approach. But should it be the only one? Can't we get a balanced solution?
What exactly are you trying to say here and how does it relate to what you quoted from me ?
That behavior blocker is blacklist approach. It's good. It allows better detection rates. We agree with all this.
The "problem" is that the other approach, the whitelist. Is it possible? Yes. Can it be well implemented? That's the point.
I do NOT want it to block the unknown, that is my point Tech.
No problem. You've voted "no"
I'm perfectly aware the point is controversial. So I've started a poll.
Because under the "unknown" category could be perfectly legit programs that the whitelist just doesn't know about.
Agree. This is the main drawback.
How to solve it?
A "flexible" sandbox, with not full virtualization. Maybe?
And again i am against the philosophy of BLOCK EVERYTHING UNKNOWN. The traditional approach of AV's(you could say blacklist approach) coupled with some good heuristics is what i want.
I use this approach as I have AIS
What you want Tech is a good HIPS program that blocks everything and i want a good av that blocks ONLY the baddies.
Hmmm... Not exactly. A HIPS is always complicated when isolated. I need something flexible. I want to test software and other users want to play with fire. Automatic sandboxing could avoid something deeply mess the computer as it will be something like a limitation to user access.
Do we understand each other now ?
Completely