How about a modular CIS? Basically, the main part of CIS is Defense+ (default deny). This is what Comodo is all about. This gives the user the most protection and is the part (software) that is downloaded from Comodo’s website. In addition to this, modules can either be downloaded (from Comodo’s website) or enabled/updated within CIS’s GUI to allow additional protection (i.e Firewall, antivirus, cloud antivirus, etc). Of course, these modules are signed by Comodo so you can’t accidently install from another site.
You might say that CIS is already similar to this but you have to additionally select either the antivirus or firewall to continue. You could also say that this is similar to CCAV (covered by two products though). This approach would allow Comodo to add/update/remove modules over time (as newer more advanced technologies appear). This would also make the downloaded package smaller for those on limited bandwidth by installing only what they require. What do you think? Pros and cons of this approach welcome