I think that inexperienced user would have the same problem with EAM.
Well it's completely different and I'd say it's actually adapted like a proper BB. I consider NVT OSArmor a BB but a different type because it works differently.
NVT OSArmor is more like a HIPS using OS abuses to block malware. For example, monitoring behaviors for Temp folders, bcdedit usage, etc. Whereas the Emsisoft
BB is more automatic resolving and has checks in place to help it determine good from bad, as well as a monitoring scope for behavior which is more used in genuine malicious software (e.g. attacking of the MBR, file encryption, etc.).
NVT OSArmor FPs can be lowered with a custom configuration but NVT OSArmor is currently completely unknown in its mind to how accurate the detection is, like a HIPS which just monitors and alerts/blocks based on configuration. Unlike the Emsisoft BB which won't necessarily block, has a cloud network which is damn huge to not monitor known and reputable software, built-in characteristic checks, etc.
Both of them work completely differently but at the same time both of them are great. I'm a big fan of this application but I really cannot see a true average inexperienced user using it. It just won't work well.
Emsisoft dropped Mamutu because they had hardly any users, not enough to cover costings. EAM is popular with inexperienced as well because it isn't just a BB, it's a full AM suite which makes it appropriate. People can install and forget and be protected by real-time protection, web protection, and zero-day dynamic protection which is tuned for auto-resolving more and designed to be less intrusive now (thanks to their cloud and other factors). If you take the Emsisoft BB without the cloud network integration, built-in checks to decide on decisions/monitoring and make it standalone, only geeks will use it.
People can say that inexperienced users rely on anti-executable like VoodooShield, NVT ERP, etc. But it just really is hard for me to believe because I have never even heard any inexperienced user, or any person who is not on this or one other maximum 2 forums even reference to such software. Not those specifically, but those types of software in general.
This is why AV software isn't dead yet, despite it not being the best always with up to date techniques. It explains why vendors like Panda are still selling and making a mint, or why Avira did fine with sales with mainly signatures for so long. Why Bitdefender still makes a mint from their SDK.... Etc.... Because despite all these free great apps from NVT and other developers, an inexperienced user won't even know of them, let alone what they are or how they work.
Comodo make most their money from their other services like certificates for SSL and kernel-mode software signing, they even made their auto-sandbox free with the Firewall. Inexperienced average users won't install that and answer alerts or learn how to use the sandbox... They will go straight to Avast Free, probably upgrade after seeing the ads about improved security on the UI (Avast marketing), or purchase Norton/McAfee which came with their PC as a trial. They don't bother making it premium only because they know it won't do that much for income and they already make enough income from other higher priority services
It's been like this since the start and I doubt it'll change anytime soon because people who need to learn don't find the time to do so or have interest in doing so. And you find these awesome software like OSArmor by learning and wanting to learn, and using software like this really will strengthen your OS and keep you safer, but it isn't everyone's cup of tea. Certainly not an average user who wants to be click happy, but still wants to be protected (which can't happen and it'll be a hit and miss scenario each time they are click happy)
Look at HitmanPro.Alert. How many average inexperienced users do you think are using it, and are using Wilders to submit logs with details like a call stack? They won't understand any of it. SOPHOS bought out Surf-right and added the tech to their end-point protection, knowing that businesses tend to delay updates or don't even bother until checks are made to prevent breakages - and do have admins to manage it. The rest of the constant user base are mostly forum users who already know a lot or at least think they do and are willing to communicate online about bugs. A true inexperienced home user? Yeah they won't even know they can send the reports on a forum like this.
