We need ways to run "antivirus" software with fewer privileges. One way to do this is what some DoD high-security systems call "guards" and "sanitizers". When files come in from the outside, they're diverted to a jail, where something has to examine them and decide whether they can get through, and what changes have to be made to them. The guard and sanitization software runs jailed or on a separate machine - it has few privileges. All it can do is look at files and say yes or no, or remove something from the file.

There's a need for a division of labor here. The downloading function in a browser shouldn't be allowed to look at the contents. The guard/sanitizer function shouldn't be allowed to do anything other than say yes or no, or modify the downloaded file. After processing each file, the guard/sanitizer function is flushed and reloaded, so that if it was corrupted, it can't affect other files.

Do we need virus scanners? Wouldn't it make much more sense to whitelist instead of blacklist? Far more efficient, far more secure.

Analemma_

Far more annoying and productivity-impeding for the users to have to put up with it.

epistasis

By "white-list" I mean to include code-signing, which has been shown not to impede much of anything, honestly.

OS X's half-white-list mode of refusing to run unsigned code unless you invoke it from the right-click menu seems to be incredibly effective.

Between code-signing and sand-boxing, I see virus scanners as failed legacies of the past. They have stopped little, and cost everyone greatly.

datguacdoh

https://github.com/google/santa seems like it takes this approach. Gives an enterprise the ability to decide which signed certs it wants to trust and then block everything else unless it gets vetted.