It may be helpful. However, that sort of protection would also kick in any time an application was updated as well.
Therefore, what I would like to see is for this sort of addition to also help combat the problem of unsigned applications which update frequently constantly being put in the sandbox. Something like this could help protect against the referenced vulnerability and also add usability.
However, I believe it should not be activated by default. As long as it’s an opt-in configuration change I support this, but Comodo’s message should not be so scary. It should mention that it can also be caused by simple updating.
You should qualify that Chiron. I use the nightly builds of firefox, which are unsigned, update every day and don’t generate any additional alerts, even when the version changes. However, with OA (see image) I know which I’d prefer…
I’m not sure if there’s a misunderstanding and if there is, by whom. I’m just pointing out that, unlike some products, CIS doesn’t always notify on application change - hash.
In the case above, I install firefox 21 (unsigned) launch that application and get firewall alerts, which I allow. I replace the version 21 binaries with binaries from version 22 (unsigned) and with CIS I get nothing. You can see what happens under OA.
Unfortunately, this is an old old topic, which may or may not be an issue. Personally, I’d like an alert, when a binary changes, without needing recourse to paranoid mode in HIPS.