Re: So all it does...
>>>>But no, you as per usual have thought in your benighted wisdom that writing something which goes through a list of ones and noughts and checks them against a list of other ones and noughts is trivial and that therefore this is trivial. "
>>Because it IS trivial
You seem to have skipped over the preceding paragraph which explained that this does more than that. You haven't understood the point. Poster sees something that does X,Y and Z. Responds that it is rubbish because Z "is easy". I point out that it saying Z is trivial doesn't mean the project is trivial or useless. You respond, missing the point completely, saying "but Z IS trivial".
At least read what I have written, not just select out some part in isolation.
>>What's to stop a malware from altering the list so that its blacklist includes useful programs? AVs produce false positives by accident all the time; what's to stop them being done intentionally? As for the scanning process itself, it's still software, and software can be subverted.
The same things that stop malware from subverting anti-malware software today. This is an API that vendors like Kapersky can plug into. It enhances the range of their capabilities if they choose to use it. You seem to be taking an argumentative tack that if you can make some vague generalization such as "software can be subverted", it is good to dismiss these new features. Whereas I take the tack that giving anti-malware vendors more capabilities such as in-memory scanning and source-reputation scoring is a good thing.
If you're upset that the anti-malware software or OS, is "software", then perhaps you would be interested in the tool MS announced a couple of months ago that runs security from a separate Hyper-V instance that exists in parallel running directly from the hardware. There is not only one security measure in place. This is one part of a security in depth approach.