Alternative to this method is the VNC and meterpreter shells(dlls running entirely from memory) from Metasploit. Since those dlls are not written to disk even if Classical HIPS or AE2 is configured to block loading of non-whitelisted dlls, those will not be blocked.
Their method revolves around an Internet Explorer vulnerability (presented at 7:30 of the video).
Whitelisting works under the assumption that programs from trustworthy sources can be run under full privileges. I find this to be too optimistic especially in the case of widespread software such as web browsers. Hackers work around the clock to find such vulnerabilities (which are also extremely valuable to the right people) and whitelisting does nothing for the main issue: that your browser should not be allowed to install device drivers, monitor your keyboard, take a list of files from local and network resources etc.
I would really like to see Comodo returning back to its roots of being a powerful HIPS instead of wasting time with white lists.