Actually, I see no reason for the whitelist to even be visible to the user. As long as it is maintained and updated regularly by a company like Comodo that is in the position of being a pretty good judge of what is safe and what might not be, I would have no problem with an expanded whitelist that was invisible. You don’t like that it says MY Trusted Vendors, the solution is simple. Remove the word my.
I see no reason why there should not be both a My Trusted Vendors and a Trusted Vendors list.
I don’t think that is the excuse for a security suit that requires users to make security decisions.
Average computer users are just like normal car passengers, they want to go somewhere but don’t know the way to go or how to drive. They can just take a taxi or bus to do the task.
I don’t know why car passengers must learn to drive or tell the driver how to go there.
PC security education should be simple, such as, avoiding install softwares from unknown sources, don’t open spam emails…
It will be too demanding to ask PC users to determine if it is safe for a program to change some registry items, COM Interfaces, installing global hook… What is it all about? Should I learn all of them to use a PC?
You use a poor analogy.
It is not simple because the OS itself has poor security design.
The security industry is trying to make the best of a bad situation.
If you install software you are the driver.
Dennis
Ok.
Well sometimes I want to drive a car with automatic transmission and the automatic transmission in CIS needs improvement.
Even an automatic transmission needs to be put into gear before the car will take you anywhere. 
Actually, I don’t think these kinds of analogy are useful. That’s why I ask some specific questions…
…It will be too demanding to ask PC users to determine if it is safe for a program to change some registry items, COM Interfaces, installing global hook… What is it all about? Should I learn all of them to use a PC?
If you use a Administrator account yes.
I don’t think most of the average PC user know about what is a Administrator account. So most of them should not use a PC :o
or a PC user should learn all of the things, such as registry items, COM Interfaces, installing global hook to install a simple software on their own PC?
or an average PC user is not allowed to install his own software anymore?
Users or supposedly “install and forget” software make “security” decision all time and they are not even aware of that they are on a car without driver…
Whenever Car passenger do not necessarily have to be able to drive, it would be unreasonable is someone advice them otherwise…
There are many things that could be learned without efforts like the above ones but sure they won’t be learned if average users are encouraged to perceive they have not…
Even the example you provided it is not something anyone is supposed to know at birth…
First off you should be aware that there are color-coded security ratings…
That is easily acknowledgeable information that also provide a way to have an idea about what actions are related to different severity ratings.
Now how difficult is to understand that a kernel driver and a global hook have security implications?
And the real issue IMHO is this there is no way to tell what an average user will learn without actually involving him whereas often it looks like definitions are “carved” to deny this aspect.
“To not have questions” is something assumed for software and users a well…
It actually looks like “few words” are a great burden for those who advise the so called “average” users and it is better have them neglecting a bunch of things that encourage their interest to be involved.
You couldn’t believe how many things an individual is able to learn if not discouraged by a inappropriate environment…
Although if you still wish to have them blindly rely on “default allow” approaches I hope on the remote chance they’ll made up their mind by themselves…
Yep Microsoft neither and that was one of the reason UAC was born. You should be really surprised to confirm how many users are not yet aware of such baseline security prectice (and yet are encouraged to disable UAC…)
Consoles seemingly require much less awareness and yet apparently are considered “toys” (whereas actually computers all the same) whereas are supposedly meant to bring forth a default allow for “allowed” softwares where by design users could implicitly trust whatever they could be allowed to run…
An user cannot possibly know many aspects when he start to use a PC but yet this do not imply he shouldn’t be able to evolve further whereas is arguable how much should be dismissed as unpractical when away of the keyboard it is obviously acknowledged that new things require an appropriate mindsets and willingness to not falter an the least perceived discomfort…
To actually drive a car people are actually educated to traffic code, safe driving, baseline maintenance, first aid…
And all this it is not meant only to secure them but also the other people that could be directly or indirectly affected by uneducated malpractices.
The “necessity” of such training is not something people usually argue about as this “awareness” has deeply rooted in popular culture.
Obviously cars have been around for centuries…
I don’t think you have experiences with average users and it seems that you really want all PC users because an IT security specialist. So a Doctor will need to spend his time to learn what is global hook… instead of learning more new clinical knowledge. A mechanical engineer will need to spend his time to lear what is COM interface… instead of learn more advance engineering skills… Apart from these, you are not only required to know the IT terminology, you also need to know what is a specific COM interface/resgistry’s functions to determine if the changes is safe or not…
And I trust there may not be conflict between “default deny” and “user friendliness”. You have just limited your mind set so that no intelligence can be built within CIS. Is it really unreasonable to ask a program to have built-in intelligence to made decisions and do a task for a PC users? I think that is just the basic objective of current computer technology.
That’s why I agree PC security education such as, avoiding install softwares from unknown sources, don’t open spam emails, installing security software…are still essential. However, they must not be technically demanding.
If your are implying I’m an IT you are seriously mislead whereas apparently you are willing to provide the impression that even easily attainable information should be considered exclusive prerogative or professional.
Or you are neglecting I did not have a PC in my cradle when I was born?
Sure a doctor will have no need of the firist aid training of drivers’ed, whereas a mechanical engineer could find overly simplistic the maintenance part of such educations.
Both will at least find reasonable to learn the rest including traffic code…
I wonder if you ever noticed educational campaigns (countless ones are provided in many countries) to make people aware of some aspects/practices you could be easily willing to relegate to specialist expertise.
You may have been mislead as it should be obvious that the premise provided won’t even make “default allow” user friendly enough…
uuf…
This topic is becoming interminable.
Driver’s license…automatic gearbox?
Please focus. And some of you should edit their posts.
I only hope Comodo understands that the competitors out there are no longer only the likes of Norton or Mcafee. Free products are starting to come of age.
If a regular user (and I insist that he/she is most people out there and they just want no hassle from their software, security or other) comes to me and asks for a user friendly configuration I’ll install the following:
SiteAdvisor toolbar
IE8
Microsoft MSE
Comodo Firewall (with Defense+ disabled)
Then I would set some simple rules:
Always keep your software updated
Don’t open e-mails if you’re not sure about the sender
IM and torrents (another set of rules…you know them)
Only download from sites you trust (SiteAdvisor and/or a surf on the Net will give you that)
Never type confidential information (credit card and so on) unless on secure pages.
You can add a sandbox to this, but as it is Grandma is safe (and her daughter, and her grand daughter).
I hope those simple rules are provided as a quick example or what they could be like, and indeed it would be actually interesting to address them in a separate topic as some of them can be possibly misinterpreted to put forth a false sense of security.
As for hassle free or user friendly then D+ could be easily integrated as well through CleanPC mode whenever your advices are based on purely “Default Allow” approaches thus apparently implying that even a single click could be an hassle…
BTW How comes that a sandbox is a more sensible choice than introducing the easy notion of Limited user accounts?
Besides I really wonder how much user friendly Vista is supposed to be. I guess I’m below average indeed as the first time I attempted to use Vista I needed an hour only to find a single setting…
In this regard UAC was a breeze…
A tutorial about PC security (a set of rules any user could easily understand and apply) attached to CIS would be a very, very good thing.
If this would take the form of text or video I don’t know. I don’t know either how we could persuade users to read or watch it; but I’m sure we could think of a way.
Wonderful idea Endymion. If you decide to start a topic on this, count on my modest support.
Hi take the example of rogue antivirus which have infected millions of users, it shows 2 things:
(1) Traditional blacklisting is not enough.
(2) There are millions of users who do not have much knowledge about security and thus a HIPS like Defense+ would not be suitable for them.
Do not count on them to come and post on security forums unless they have been infected, so Comodo needs to change if it wants to attract them.