Change: Trusted Vendor List to have different levels of trust

I would like to see the TVL (Trusted Vendor List) have at least two different levels of trust added so that some companies would be trusted more than others. This would allow CIS to run differently depending on the trust level of the vendor. The vendors with the most trust would run outside the sandbox, and the vendors who are trusted but not well known would still be forced to run in a sandbox.

For example, everything from Microsoft and other very well known vendors would still run outside the sandbox, but everything that is trusted but not well known would now run in a “trusted sandbox” with a higher level of access rights than the “unknown and untrusted sandbox”. Taking Melih’s example of not letting just anyone inside your home one step further, this would be similar to immediate family (very well trusted: complete access to all rooms) vs the pizza/cable guy (trusted but not well known: limited access to specific rooms and watched) vs. people walking up to your door for various reasons (unknown/untrusted: access to porch only and assumed dangerous). As it stands today, the pizza/cable guy has the same access to your home as your wife or husband and that seems to be the weak link in the armor to me.

I have to vote for undecided.

I’m not sure I’d like to see this implemented such that it would be done automatically, and by default. For one thing, it would be very difficult for Comodo to make this distinction.

Perhaps once Comodo gives us back the ability to disable the TVL and manually add in those that we trust this could be implemented. Essentially what I would like to see is in the alert you are given an option to add that vendor to the TVL (along with the information about whether it’s already in the default list). In addition you could be given this option to assign it the level of trust you believe it deserves.

I just worry that for ordinary users, which is who CIS should be configured for by default, this would be too annoying. For them a program that is trusted just needs to work. They don’t want any difficulties.

What do you think?

Let me know if I haven’t been clear. (Which I’m usually not) 88)

I do believe that there should be more options for the TVL,
Like Computer Security Policy have a TVL Security Policy Where the user can choose that this vendor is allowed to do this and that etc etc…

I think this should be completely Optional!

Just a thought…

Sure, many users don’t want to be bothered or don’t know what to do. But in numerous threads there are complaints that users at the other end of the spectrum are uncomfortable with the compromise involved in giving up more granular control.

The idea of sandbox policies seems a reasonable middle ground. Let users select the degree of trust! Let them choose how much security. Not just whether they trust the whole whitelist, but how much of it, and how far do they trust it! Now you have to take it or leave it.

I do agree that it would be difficult for Comodo to make the distinction on which vendor(s) make the ultimate trust group in the TVL, but you have to agree that Comodo is better informed to make this decision than a majority of users out there. I have a bad feeling about allowing a user to add items to the TVL for themselves. At the end I explain why.

Disabling or deleting the TVL would be almost identical to my original suggestion in that it does not ultimately trust everyone, and would sandbox everything else that has a level of trust according to the current TVL anyway.

In my other wish list poll about the configuration settings, I’m thinking that this manual control of the TVL could be an advanced setting. Again, I believe that allowing a user to add a company to the TVL for themselves is bad idea.

I have seen more than one video review lately with bypasses because of malicious files from trusted vendors. You don’t want any user being able to run these files just because they are trusted. How does this happen? Are these companies who started out bad and still received trust, or are these companies who started out producing good products and then get bought up by someone who is only after their trust so they can spread harm? If this is the case, what happens if you allow users to manually put a vendor on their TVL whom they trust? What happens then if the same company that they trusted starts making malicious stuff? What would be the harm in keeping the not-so-well known vendors running in the sandbox forever as long as it works correctly?

With this suggestion, I’m assuming that Comodo can make it so that everything can “run” in the sandbox as long as the application doesn’t try to do malicious things to the computer. If this can be accomplished, then we should not have to worry about things not working for the ordinary user. Keep in mind that the unknown and untrusted applications would be forced to run in a totally separate sandbox to keep potentially good applications in the other sandbox and the computer from getting infected.

I agree with this fully - as it sounds very easy for developers to add an extra tab that starts out blank and doesn’t change the way the default setup works. I posted a similar idea here:

…except it’s for all whitelisted files and trusted files from the cloud, not just the TVL, which currently we can’t control the rights of without using paranoid mode.

I have to vote for “yes” for TVL different levels of trust. Should be an option and it could help to work better.
But “options” are not needed everywhere , just a remind …

i think there are some good ideas here with some things that maybe should be added and or taken away. i hope melih reads this thread because i think there is a lot of potential here to make CIS better than it already is

TVL is a good idea for newbies who get confused by too many popups but for me I don’t like it at all.

I want to allow only what I want to allow, and nothing more. I do not want someone else deciding for me what will be allowed.

My wishes for the TVL are:

  1. Add controls for better management, allowing removal of multiple entries at once, and even perhaps for emptying the list completely.

  2. Allow automatic updates to the TVL to be turned OFF. I do NOT want the TVL to add more entries every time I run a program update

  3. Option to disable TVL totally if you so wish. I suspect currently that it still plays a part even when you think you’ve disabled it.

  4. Ability to have cloud scanning enabled but NOT have silent updates to the TVL