At this point, Having a thorough firewall ruleset shipped with default .iso would seem like a best bet for the first layer of defense of home users. I did send you a preset firewall rulset a few weeks ago @dmknght & a few exclusion like anonsurf ports and you’ll be ready with a robust firewall, test it out
Speaking on clamav, putting gui to work seems like a potential unnecessary workload. @Meet has a database of millions of malware signatures/hashes, exclude the ones for windows, mac, android & iOS and combine it with clamav sig database & run it via CLI. We can put a module together that is CLI, easy on resources and even more easy to operate. just few easy commands like “scan -all” that triggers a scan command on the backend side to scan the entire filesystem with a restricted limit on how many files/signatures are to be matched, but having our own sig database would mean we are the one to host server that pushes upgrades and since malware keeps evolving, we’ll have to push updates like every 6 hours and users will have to upgrade from their side soo often. Its basically like setting up our own department of malware analysis, which im pretty sure we aren’t ready for at the moment. Heuristic behavior based detection is a different topic, whole lot of different commands to finegrain the detection more on that in our personal chat on the messaging app.
Or what we can do is, ship the user-sec toolset with both home and well as security edtion, home edition comes with default firewall&malware sig ruleset enabled since it would reduce user interaction and less misconfiguration (aka pain in the ass) and security edition does come with with user-sec toolset but disabled by default assuming that people who choose to use security edition know what they’re doing.
What do you say?