Yes, I know it.Hey Andy, I completely understand your points and please do not take the following as me being defensive (especially the "irrelevant" part below ), I am just happy that we can discuss this so that everyone has a better understanding of what VS is all about and what we are aiming for.
The short answer is... I agree, if the user is browsing the web and checking email, the computer needs to be locked, even if they run a web app most of the time. Just like if you are a doctor that works 18 hour shifts, you will be wearing full PPE the entire time. Of if you are a truck driver you will be wearing your seat belt a lot more than the general population.
If after a few days of running VS in Smart Mode you want to switch to Always ON, that is perfectly reasonable. But I promise you, if I were to make it so VS only ran in Always ON from the time of initial installation, it would not be able to properly learn all of the actions and behaviors of all of the chain of events, and most likely the KMD would not even let the computer fully boot. The fact that this only happens once for each event chain (and subsequently remembers the event) is irrelevant... the only thing that matters is that it is able to do so at all. And still, in general, the only way to apply the most robust lock possible is to do so after all of the system processes are up and running.
And this discussion has been solely about automatic toggling... we have not even discussed manual toggling yet. The majority of computer novices have no idea how to right click on a tray icon to disable their security software. The whole point of VS is to provide the end user a TANGIBLE computer lock that automatically toggles when they are engaging in risky activities. VS is also there to comfort the user and to assure them that their computer is locked when they are about to click on something they are unsure of that might be suspicious. And even the most novice of users will not allow a new item after they click on a suspicious link and VS blocks something.
Some computers, like ATM machines, need to be locked full time. Computers that are not connected to the internet do not need VS at all... this is about the worst possible use case for VS. VS is intended for users who want a tangible automatic and manual toggling lock / gadget. Such a thing did not exist 8 or so years ago, so I built one .
I did not probably consider all factors, but I feel that there are two things worth rethinking:
- Alerts in Autopilot and Smart Mode (in the home environment).
- Unlocking the computer in Always ON Mode after 10 minutes of user inactivity (in businesses).
The second point can be important in businesses, because many computers can be connected to the local network without an Internet connection. But still, they share the emails and other resources from the local server. If one of the computers will be infected (that one without the installed VS or intentionally by the attacker), then the computers with installed VS (Always ON Mode toggled off after 10 minutes of user inactivity) can be also infected via the local network.
Of course, this could be solved if all potential users were trusted or had installed VS, but that would be hard to accomplish in practice.