Comment by habosa

4 years ago

Here's an idea: log all opened binaries somewhere and then every hour or so check them against the list.

Never block me from opening something, but warn me about bad stuff on a regular basis.

They could also keep the current solution and just use a CRL as a backup to OCSP to check the revoked certificates and update it every other hour...

Yes but with your solution if an app is malicious, and did malicious things, it now has a whole hour to fuck your shit up before being disabled.