Default-deny is not a bad concept, but users expect more than just that. Users want less prompts. If you bombard them with alerts they will kiss your product goodbye. So default-deny can be used as a companion under some circumstances, but it can't be a universal solution, waiting to replace everything else.
I respect your opinion, but please keep in mind that if a user installs VS, they will receive an order of magnitude less affirmative prompts from VS compared to the number of affirmative user prompts they receive browsing the web and clicking NO to receiving the newsletter.
Your statement is not incorrect, but believing that a user can always answer prompts correctly is not great. There is a reason why NortonLifeLock, Trend Micro, Bitdefender and some other vendors won't implement a prompt whether to remove high-confidence detections, though users have asked since forever. Sometimes an additional poka-yoke is needed.I respect your opinion, but please keep in mind that if a user installs VS, they will receive an order of magnitude less affirmative prompts from VS compared to the number of affirmative user prompts they receive browsing the web and clicking NO to receiving the newsletter.
iOS and Android are deny-by-default and they work great for all users, including novices. VS users do not have to answer prompts at all, unless it is blocking something they are trying to install.
I completely agree with that opinion and you sumarized what was in my mind.alwayes cybercrime depend on social engineering attacks to trick the user to allow infection this would help the attacker a lot to bypass the complex protection mechanism and tools and save them a lot of time in developing their malware .that confirms what you said and what I would quote it again :
Default deny I think it most comprehensive protection way as it depends on simple concept in cyber security world which is "reducing the attack surface " the less you permit the less you vulnerable to attack and less to be infected.however the approach of some developer such as @danb is to make that concept more usable to novice and less experienced user and easy to digest and deal with by representing simple software with simple yet effective default deny baseline and that what I think the best protection Philosophy and hardest to bypass but need to be easy to be used
I'm not commenting on any specific product or feature, just saying how the "let me ask the user instead" philosophy is normally treated. Security enthusiasts may be happy with that but majority of users will ask you "I'm paying you, you are the expert. Why can't you take a decision instead of me, but I have to waste time answering prompts...?"Default deny I think it most comprehensive protection way as it depends on simple concept in cyber security world which is "reducing the attack surface " the less you permit the less you vulnerable to attack and less to be infected.however the approach of some developer such as @danb is to make that concept more usable to novice and less experienced user and easy to digest and deal with by representing simple software with simple yet effective default deny baseline and that what I thing the best protection Philosophy and hardest to bypass but need to be easy to be used
Most vendors put it with different names especially enterprise solutions for example :trusted application module in kaspersky or solid core in mcafee epo some also integrated it in their consumer product line yes they didnot make it obligatery but it is included which means it is one of good protection mechanisms however it could push as main protection layer as this would not acceptable by users who want silent and very low interactive users which may represent large part of home consumer
