This is an updated version of an older wish. The original can be found here.
I’ve got some ideas for how to protect the end-user from malware that, for whatever reason, becomes trusted by Comodo. Now, I’m not concerned with the checks that Comodo staff make before the digital signature is entered into the TVL. That’s on their end. I’m concerned with the changes that could be made to CIS.
When CIS Should Automatically Upload A File
I believe that any new executable on the system, which is trusted because of its digital signature, should be automatically uploaded to Comodo the first time that it is seen on anyone’s computer. It should not be uploaded again, even if seen again on someone else’s computer. That way it only needs to be uploaded once. Also, during this entire process the file should remain trusted. This way it won’t hurt the usability of CIS at all.
Check File With Valkyrie And CAV
Comodo could then perform an initial check with Valkyrie and then scan it everyday for the next month using Comodo Antivirus. All of this could be automated on their end. If it gets flagged at any time as malware or suspicious by Comodo Antivirus then the file should get reviewed and scrutinized to see if should remain trusted. If it is found anything other than “Normal” by Valkyrie then it should also be manually analyzed. After 30 days if it isn’t found unsafe then I think it can safely be ignored on Comodo’s end. Essentially those files should be treated the same as most of the files submitted by CIS. They can be analyzed in time, but not given high priority.
How Comodo Should Check Suspicious Files
During this analysis the file should be checked just like any other file which is submitted to the thread to Submit Applications Here To Be Whitelisted - 2012. If the file is found safe then it should be added to the whitelist by file hash, and if not then the digital signature should be removed from the TVL.
How To Manually Submit Whitelisted Malware You Encounter
Of course for that malware that somehow slips through that net, which I think would be very unlikely, we still have this topic for users to report any suspicious trusted files.
Also, wasgij6 came up with an idea in his reply here to further protect end-users from malware. I’ve taken the flow chart, which was made by wasfij6, and attached it to this post. I think it would be too talkative for ordinary users, but perhaps it could be implemented as an opt-in option. This way users who are fine with a few more popups can be protected in this way.
What do you guys think? As always I’m very open to suggestions and am perfectly willing to alter the wish.
[attachment deleted by admin]