My personal opinion and thoughts on this case is to fix the problem at it’s core, Perhaps invest effort into more secure operating systems and applications such as web browsers and email clients. isolation/restrictions/Virtualisation
Better malware detection and removal? Yes.
Better and more secure operating systems? Yes.
The best solution? Education!! My largest problem at work with computer issues is that the users, generally speaking, have absolutely no clue concerning computer security. I do educate, but often they are not listening. My fellow employees will step into nasty things online, and then quiz me on why I (not THEM) cannot stop malware from getting on their computers.
One good place to start with educating the public would be at the point of purchase for computers–like real instructions on computer security included in the box. But that would take away the myth of safe plug and play–why bother people with the icky details?
Education can help, But it will not cure the problem. Often “Safe” sites can be “hacked” and then will render education useless.
Things like HIPS and whitelists are proving to be effective so far as an preventive.
To be honest, and this is just my opinion - That I don’t agree with comodo’s approach to a traditional AV, As Melih has said before it’s 20 year old technology. I think it would have been better to work on Behavioral or instead work on their whitelist.
I agree. Comodo should rather work on a behavior blocker to work aside with CFP (Defense+) to help protect users take perform wrong choices. Lets face it, HIPS, more precisely, HIPS such as Defense+ are not for the average user. So, a behavior blocker would be welcome in these cases. Heck, even I would welcome it to be working aside with D+.
I remember I once suggested such behavior blocker, but, saw no feedback from Comodo of what so ever.
I think Comodo’s approach is good. Blacklisting is introduced in the global solution only behind the prevention layer, and to make it more user-friendly, as Melih’s said. So if a program attempting an action is in the black list, it will be denied access (and cleaned), without necessarily asking a user that may not know what to do; the same that unless you’re in Paranoid mode Defense+ will allow if the program is in the white list.