One big Trusted Vendor List(TVL) is very bad, using “Paranoid Mode” is very uncomfortable for the user. So:
Comodo must have 2 TVLS, one(small) for famous very trusted vendors(such as Microsoft, Google, Adobe, Apple, Opera, Mozilla) and one for others, not so trusted vendors.
Programs from vendors from the first list can be added to Trusted Files List(TFL) automatically and programs from vendors from the second one must be added to TFL only with question.
In addition can be a checkbox that allow/disable automatically(without any question) adding applications from vendors from TVL#2 to TFL.
With this option turned on(allowed) we have a current one TVL, nothing changes. But with this option turned off(disable) we get a smart TVL and some more alerts. Everyone will select for himself what he prefers more.
Then I don’t understand why the developers don’t want to add some functionality. This is a safety issue!
This is a good option. I don’t understand why it isn’t still added. But with one TVL this option will not decide a security issue.
It is a good question as a whole. First I also want to know all cases when application is added automatically to Trusted Files List(TFL) now.
I know three:
Vendor of the program is in the TVL.
The file was created by the file who has predefined policy “Installer or Updater”
The file was added to Protected Files and Folders List
Yes, this is exactly what I suggest. 2 TVLs decide this task. You can manually add and delete vendors which you trust, also you can manually add and delete vendors which programs can be added to TFL only through the question from Comodo(a pop-up alert).
I don’t agree with you that there is no necessity in TVL#2. This is a kind of trusting to Comodo. If Comodo placed some vendor to the TVL#1 you can trust these vendors and only delete some of them. This would be similar to a list of root CA certificates in my OS (Microsoft or other decides what root CA certificates must be present in the system and you able to modify this list). TVL#2 is a kind of the intermediate certificate authorities. And if Comodo placed some vendor in TVL#2 I want to see a question and manually decide to place application from this vendor to the TFL or not.
For example, if I download a new unknown application with digital signature I don’t really know can I trust this vendor or not!? virustotal.com or something other antivirus and that’s all what I can know about this new application. That’s why if Comodo places this vendor into TVL#2 this is a kind of trusting to that vendor. Certainly Comodo must guarantee at least that there are no any malware program from this vendor, if it is then this vendor must be deleted from TVL#2 and even more: it must be placed to the Blacklist of vendors. So we get a new VL :), named Blacklist of Vendors(BLV).
And only if I myself know that this vendor isn’t reliable I can answer “No” to the Comodo’s question about placement the application from this vendor to the TFL.
If not use TVL#2 you will get very many pop-up alerts if you don’t trust the vendor or you risk to trust a not reliable vendor(potential malware).
In addition can be a checkbox that allow/disable to ask question about placement an application from vendor from TVL#2 to TFL.
Some ideas similar to yours comfireuser.
Comodo controlled vendors = Automatically added and ticked.
Comodo/User Controlled vendors = Comodo adds but not ticks.
User Controlled vendors = manually add and tick.
For user controlled have boxes beside the vendors (Tick to allow) with the options to tick all, untick all, tick individual vendors.
Just some thoughts.
The problem with this, at least to some extent, are the disparate groups of users of the product is catering for. On the one hand you have those who would be happy to see the list grow and grow, so they never have to be bothered by alerts, on the other you have those who don’t want a TVL or anything added to Trusted Files, unless they say so. There are good and bad arguments for both.
Adding to this is the size of the TVL, which, as it stands, would be way to much work for anyone to want to trawl through, manually selecting a box here and a box there. To keep it simple, to cater for the extremes, and maybe the middle ground, perhaps the configuration choices could be reduced to two.
For those that want the TVL, offer to enable it during installation.
For those that don’t want the TVL add the vendor/signature details to the Alert, with an option to add or reject to a personal TVL.
Likewise with the Trusted Files List. For those who select to enable the TVL, the TFL is automatically updated. For those who opt for manual control, when a vendor is added to the personal TVL, the files from that vendor can, through an additional check box, also be added to the TFL.
I think at the very least - this request has, and probably will continue to fall on deaf ears - they should make it easy to remove (entries from) the TVL and stop adding to TFL once the vendors are removed.