[ivan_gammel]

Example with .exe files isn't good one. Modern AVs may do better job than just blocking them. I use Norton AV, which shows a report summary on new downloaded files, based on which I can make informed decision on whether to launch it or not (I personally launch immediately only trusted executables and google for any issues of the rest). The same can be done with all threats: AVs warn, provide some details and let users decide what to do.

[lmm]

> I use Norton AV, which shows a report summary on new downloaded files, based on which I can make informed decision on whether to launch it or not (I personally launch immediately only trusted executables and google for any issues of the rest).

Trusted in what sense? Does Norton maintain their own whitelist? Is there any reason to believe that whitelist would be any better than the digital signature check that's built into windows?

> based on which I can make informed decision on whether to launch it or not (I personally launch immediately only trusted executables and google for any issues of the rest). The same can be done with all threats: AVs warn, provide some details and let users decide what to do.

But what information can the AV offer that actually helps the user makes a better decision than they would have otherwise?

[ivan_gammel]

For apps looks like they have a whitelist based on usage statistics, so it's basically vetting by other users of NAV. It does not replace digital signature check, but it's a good addition to it.

For other threats it can be similar solution.