When it comes to “security posture” for your computer or network what is the ideal posture you would like?
A)Default Allow
B)Default Deny
B) More secure, more control. :-TU
Edit: For anyone interested, there is an interesting 2012 article in the external link below.
It truly is a jungle out there. 
Both must go together. “Default allow” for processes and essential system services (strictly necessary files) and “default deny” for unauthorized access to these files (avoid many disorders companies);
No use denying it, is “allowed”. Example: block the unauthorized access to system files for unknown applications, but allow unrestricted access to secure applications (injector can use this failure, for example);
Security suites have several auxilires modules protection is still possible but circumvent them. What may not yet occurred was the need for cybercriminals use some of the “convenience methods” provided by the practicality of security software.
Web filters are ineffective. Although useful, they fail when the malware comes from “trusted domain”. A lot of times a file considered by the antivirus module as malware, web filtering not “seen” or blocked the link;
Firewalls allow output and input, although we have only allowed the output of packages.
Depends. Some users just can’t use Default Deny approach because whitelisting isn’t fast and wide enough to make it a non issue. And in the end it falls down to user to make a decision what to allow or not. Fore those users it’s better to use Default Allow with locked down controls. So they aren’t disturbed, but when something is detected, they can’t change that. Chances of false positives are minimal where with Default Deny, many clean stuff will be blocked because it’s simply not whitelisted.
Default allow is too high risk, allowing unknown potential viruses in.
Default Deny stops anything unknown until you the user approves it. Much safer. The argument some users can’t use DD is ridiculous. If they don’t know a software, don’t allow it.
Melih, how could you even consider using what everyone else had that allowed viruses iin, when your own DD approach has been proven very successful in the war on viruses and 0-day attacks?
They are mutually exclusive and can’t be used together.
Default Allow means: You have a BLACKLIST and you “ALLOW by DEFAULT” everything that is NOT in the list…(unknown malware gets through)
Default Deny means: You have a WHITELIST and you “DENY by DEFAULT” everything that is NOT in the list…(productivity was a problem until we solved it with automatic containment/sandboxing)
What you are explaining is “default deny posture” where you are allowing “known good” applications.
Yes Default Deny until recently suffered a usability problem.
But with Comodo’s auto containment (sandboxing) innovation,
1)unknown files can continue to execute inside our containment (hence legitimate files that are unknown will continue to operate)
2)We analyse these files and mark them as either good or bad within 45 seconds (95% of the cases) and within 2 hours (5% of the cases) using Valkyrie service. (enterprise service for now)
So now you can have default deny posture but with default allow usability 
:-TU
Even so, using a default allow approach is much more susceptible to malware.
Any compromised system has way more usability issues than any system using default deny for protection.
....But with Comodo's auto containment (sandboxing) innovation, 1)unknown files can continue to execute inside our containment (hence legitimate files that are unknown will continue to operate) 2)We analyse these files and mark them as either good or bad within 45 seconds (95% of the cases) and within 2 hours (5% of the cases) using Valkyrie service. (enterprise service for now)So now you can have default deny posture but with default allow usability
Now thanks to Comodo we can have our cake and eat it to. :-TU
My answer : B)Default Deny
but I and my friends love “usability” :-TU
only default allow gives us that.
Actually recently, I love Defult Allow with great behavior blocker and heuristic… The detection and blocking rises %99 :-TU
for %1… I do not interest all of these malware samples, they can live on other side of the world. So, I can run my all executable without interfering with sandboxing.
Yes, sandbox allows us to run our unknown files but. My friends do not know the movement. For example Melih,
They run an unknown application, automatic sanbox sandboxed the file.
User write, code and work on his job then try to save its job. No luck. He thought, I did my homework. Tomorrow, he opened the computer and uppss… the file is not there. Sandbox refreshed >:-D All his labor gone!
Novice users needs “Default Allow” with good detection.
I explained many time to my friends “How Comodo works, and why it is superb!” They also liked the idea behind Comodo.
After 1-2 days usage, They all wanted to uninstall Comodo because of the “usability” problems.
Thanks for reading.
Default Deny. I feel naked when I am behind a system that runs default allow security. I feel I don’t know what’s going on, I feel naked and start to itch. No Default Allow for yours truly. I like my system clean and under control.
Hi all,
B) More secure, more control >:-D
Great. Now the question is: when Valkyrie will become a home service so that everyone will benefit from its capabilities?
When we get 10,000 posts saying putting Valkyrie will bring the holy grail of security to the masses!
Default Deny!!! Deny!! Deny!! Deny everything!!! Deny everywhere!!! MUUAAHAHAHAHAAA… 
/funoff
Ok, lets be serious… The default deny approach is better, I guess, but only if we can have a better whitelist and a less independent module architeture on cis. If i have a, file that I need to set it to be allowed, but when i exec it it got sandboxed of blockec, chances are that even if I set it to allowed list / whitelist, the file may get sandboxed next time I exec it. This happens with CIS for a loooong time and it needs to be solved. If all cis modules where not so independent, than we might have oe module interacting with other for better usability for users… I know how to solve it and how to allow a file in any module of cis, but majority of users dont know and thats a problem to be solved by cis devs. You guys rocks!!! But You too need to improve these kind of things on cis.
Default Deny with Comodo virtualization containment, as soon as it’s working on Windows 10 too
https://forums.comodo.com/bug-reports-cis/spyshelter-test-t115145.0.html
I don’t want any unknown app to run virtualized within the sandbox as partially limited if I set it to work as untrusted
:-TU :-TU :-TU :-TU :-TU :-TU :-TU :-TU
How about starting a new topic with a poll?
For me, it is YES !
+1
10000-1 = 9999
+1
9998 bottles of ■■■■ on the wall