Comment by jojobas
4 years ago
Here's a wild idea: don't block executables from running.
Or if you do, only do it for a set of known bad ones, as antivirus products do.
Do not put a cloud service (or anything for that matter) between the users and their ability to run what they want.
Sure but how does that work? If a cert-revoked app is allowed to run, the damage is already done.
I think perhaps a better tradeoff would be if a revocation list could be synced hourly or so and the app could be checked sync locally and then asyncronously on open. And of course, always give the power user an option to ignore things.