Which Product to develop next?
A granular access-control solution that allows complete control over registry permissions, file permissions, what can be written, what can't be, etc. Basically, I want something that's similar to what is found in SELinux, but easy to use like Novell's Apparmor.
Examples of current solutions in Windows: Core Forcehttp://force.coresecurity.com/
* Full control over everything.
* Integrated firewall via Windows port of OpenBSD's pf (packet filter).
* Uses community developed profiles.
* Difficult to setup. (As in, you need to read and understand before creating profiles for your apps).
* Community is still small, as it takes time to understand (reading, etc) how to setup profiles, as well as follow their submission guidelines.
* Not suitable for non-techie folks.GeSWallhttp://www.gentlesecurity.com/
* Easy to setup.
* Can add your own profiles for each application.
* Relies on a company to develop a profile for your specific apps. (currently, support is limited to just popular applications...Its not good if you're an impatient person.)
* Creating your own profile is difficult...Harder than Core Force. (Do you really want to find the right registry Keys and paths for your applications?)
What I'm proposing is to have such a solution that is the "last line of defence" application. This is what I see as a "worse case scenario", where all the signature and heuristic based methods of detection fail. The point of this approach is to limit and contain the damage of a system, such that an exploit doesn't take the whole system, but the damage is contained to a specfic application instead.
I reckon this solution should be closely coupled with the Personal Firewall. (To offer an integrated solution, like what is found in Core Force).
The challenge for Comodo, would be to introduce a method or interface that makes it relatively easy to create our own profiles to be submitted/tested, AND to have a "learning mode", such that if you're not technically inclined or just plain lazy, the application will build a profile based on how you use your app. (any major deviation, like suddenly attempting to delete doc files without user permission is denied).
Note: This approach does NOT replace Comodo's AV/anti-spyware solution, but is a supplement. This acts like a "last ditch" defence, in case other solutions fail. It does significantly enhance Comodo's Personal Firewall by a tremendous amount...It will no longer be some "typical Windows Personal Firewall" solution. But something that could even make Linux users a little curious about.
This solution also provides a "workaround" until Microsoft can get off its fat butt and release a patch in a timely manner. (Monthly updates is NOT timely, especially when it comes to electronic speeds of malware infections).
Sure, you may put some AV companies out of business with this approach, but that's technically not our problem, is it?