COMODO Internet Security 4.0.135239.742 Released

Can any one PM me the rouge that is supposed to bypass the sandbox in Comodo?

Thanks

 

It seems you are absolutely right. Reading some threads over their forums confirms your sayings.

 

Hi Aglie,

You can test any rogue....It will definitely bypass Comodo.

 

Mine too.

 

No. Global Rules are the main restriction area. I created two rules, one that allows tcp and udp from ip any to ip any where source and destination ports are any, one that blocks any connection in/out from ip any to ip any. So the global rules allow only tcp and udp outgoing connections, the rest is blocked.

In this case, firewall asks only for the connections that are in the allowed area that i defined with global rules (i set the firewall mode to custom policy mode). Connections requested by applications that are not allowed in the global rules are denied automatically without prompting user (even if you create rules for them manually, they are ignored). Hence, unlike what you said, application rules do not take precedence over global rules. For instance, in the application rules i allowed frostwire for all outgoing tcp and udp connections and then changed the global rule to allow only tcp outgoing (the rest is blocked). Then i observed that frostwire could connect only with tcp protocol.

These observations depend on my experience of the last one hour. I do not know what is different for the firewall module in this version. i do not know about the v3, just wanted to try this new version and have liked it so far. But the feature in windows firewall where you can assign rules for windows services by using svchost.exe still lacks in third party firewalls. On the other side, if you use a proxy service, windows firewall is not aware of outgoing connections that go out through the proxy. anyways, i'll go on using this for some time and see if it meets my needs hehe

 

Just for experiment's sake I have run Fake AVs in a sanbox [Sandboxie-unpaid version] and it looks that in 95+% of the cases the Rogue can only execute in the sandbox and not affect the entire OS. But, well SBIE has been on the market with this technology for several years, isn't it?

Comodo [ and now Avast! and Kaspersky as well] are relatively new in this department. Better wait until Comodo fine tune that technology before risking to infect your whole PC playing Russian roulette with Fake AVs.

Regards,

Carlos

 

Tested rouge and some applications in Comodo sandbox in VBox Win 7 32 bit. Here are my results:

1- Auto sandboxing doesn,t work. It says that application is sandboxed but it,s in fact never sandboxed.

2- Sandboxing via right click menu, Run in comdo sandbox, works and system is intact.

3- There is no way in CIS GUI to see what processes, files and reg enteries are isolated.

4- Once an application is sandboxed, there are no more defence plus alerts for it( it must be optional IMO, I mean the user must be able to choose to have or have not the alerts).

5- Same seems true of FW alerts. FW alerts must be there as Sandbox itslelf has no inbound/ outbound control at all.

 

More reasons to not run it again then.

 

Hi aigle,

Can you post this on the Comodo forum, this might help them a lot I think.

 

Well, to me at least, a sandbox is a great feature in any security application when it is programmed right; however, the new trend and innovation in the security world nowadays has to do with file reputation. CIS 4 has brought nothing new on the security table as it stands right now and with all these bugs that have been reported I'll take a pass for now. Nonetheless, I'll still test it and see what happens.

Thanks.

 

LOL that was harsh but funny.

 

Yes its bit funny, that's why i have not touched CTM in ma machine..I left it as it was...About CIS 4, i have no words...One of the dangerous job done by Comodo.

Its not Default Deny Protection™ its Default Acquired Infection™...And this is the Patent Technology from COMODO.

 

Most of the frustration about CIS4 is in regards to the sandbox with justification.Many users (myself included) were expecting a 'SandboxIE like' product offering systemwide lockdown rather than the half and half mish-mash that we've ended up with.At present it's poorly implemented and confusing,along with the rest of the suite it clearly needs a few weeks of bug-fixing and tweaking before it can rightly be called a stable release version.

 

Done.

http://forums.comodo.com/feedbackco...v-4-sandbox-bugs-n-design-flaws-t52576.0.html

 

Thanks, I was a bit rude with them yesterday but I was bored xD jejeje
I hope that they will react like a professionals to this Final(beta) release. They need at least 1 month for fix all the reported unfixed bugs.

 

Nice now all info has been given to them, its up to them to make good use of it.

 

If any of you guys choose to uninstall this, beware that it leave a lot of directories/files behind in the program files and program data folders.

 

did you post on the Comodo forums so they can take care of the issue?

 

Well,hope does spring eternal,but the mess left behind by Comodo is tradition.

The "Windows Installer CleanUp Utility",can weed out a a lot of the MSI stuff,
but if you are even sort of a "clean Freak",it is regedit time!!

 

I didn't even go after the reg keys. I just manually deleted all the folders left behind.

 

This is pretty embarrassing. Their automatic sandboxing is fatally flawed, yet they say it's not an issue because CIS users are "advanced". Isn't the whole point of the automatic sandboxing to provide foolproof protection for even the least experienced user?

 

After the reading the Melihfesto,you quoted, cant you see this may be beating your head aginst a rock wall?

Give it a month or so before 5 is released,and 4 may be pretty well debugged.

Expect more than that,and I worry for your cardiac health.

 

Answer of Melih is totally non-professional. He doesn't even know what he is talking about.

 

Yeah i do agree with you...Seems that their MOD's and even their Admin became Non-Professional...Complete Loss of Mind...

CIS 4

COMODO MOD's and Admin

 

while agree, they are just defending, i mean people are being rude in there opinions on what they are saying.

the developers of CIS arent gain any money from it so people complain to just complain. im using CIS. never really used version 3 but 4 seems promising because of the sandbox.

yes i know the whole rogue issue. they have all the info and should and will patch all the wholes needed.