Comodo sandbox - different than SBIE

Because of a topic posted here, I was checking out comodo's sandbox. While I am not a fan of comodo products myself, it never hurts to re-evaluate

Here is a link that is quite interesting if you are into this sort of thing
https://forums.comodo.com/defense-sandbox-help-cis/introduction-to-the-5x-sandbox-t61169.0.html

I find it interesting at how comodo decide to approach sandboxing. Sandboxie has been out for so long, and really IMO the undisputed leader in sandboxing, that I am by now fairly familiar with what it will and will not do. Comodo seems to have hybridized the approach. Good or bad, who really knows, at least I don't.

When I think of a sandbox, I think of a real world sandbox, where I build my castles and things, and when I am done, I rake it flat, no trace left. The purpose of the sandbox is to keep the sand where it belongs, in the box and out of the yard.

Sandboxie is just what I think of. It keeps things where it belongs, and for the most part you can do anything you want within it. The only time sand escapes the box is if you allow it to by making an exception.

Comodo though seems to use a sandbox in a large degree like I expect, but allows quite a few different "gates" to the yard. Some gates allow direct access to the real system, others only allow partial access depending on options. Also in the comodo sandbox, you cannot apparently build anything you want, as some things are either not allowed to be built, or are just not kept in the sandbox.

Again, not really good or bad, just different. I myself have not used comodo's sandbox. It is quite tempting to, just to see how it does things. My past experience with comodo products though are that they are very pop-up happy and require a lot of hand-holding on my part to maintain. As well, for my likings they have always been very resource intensive. Of course, things do change, and that might be the case. I am deciding if I really want to put an internet suite on my machine, even if it is only for testing. Maybe if they released a stand-alone sandbox it might be more convincing.

Anyway, nothing major here, just rambling out loud. Maybe others have infos to add or might be interested to check something out they have not yet messed with.

Sul.

 

What it really "boils down to" for me is that I can sandbox Java with comodo and I can't with sandboxie =p that doesn't mean one is better than the other. I use both.

I know in my own tests I've seen Comodo protect from java exploits.

I don't think it can only be a matter of direct access to areas. I honestly don't think anything IN the sandbox can access anything OUT of the sanbox. I gave my Sandboxie sandbox FULL access to the entire drive and it still crashed.

They do make it clear that the programs are different, stating that Comodo is not for installing software to a sandbox.

 

Yeah, that much is clear for sure. I have a strong desire to see how they differ. I just might check it out as I am about to switch to x64 win7 tonight anyway. We'll see.

Sul.

 

Ah, right, the new computer. That'llbe fun.

I have tested the manual sandbox quite a lot and nothing that I personally have encountered has bypassed it. It is not as configurable at all though and the descriptions of the sandbox are vague (Partially Limited, Limited, etc all have vague descriptions.)

 

The upcoming version 6 of CIS will have a much more "Sandboxie-like" auto sandbox,which many,including myself will welcome.

 

They're pretty different. I mean, one of the most obvious differences being that one is free and one isn't.

 

Now now, both are free You just have to put up with closing out one sandbox to open another in the free version..which really gets on my nerve. I'm thinking of switching over to Returnil, since it not only doesn't restrict you, but it's got a nice anti-executable with it and AV, if you so choose to use it (and a better AV engine, imho).

 

Also of course Comodo's sandbox is not a separate application like sandboxie is, so you have to deal with additional features you may not want, just thought I would add that little detail since we are talking differences.

 

Or you can say it has all the basics, and no need to hunt down, install, and hope there are no conflicts with other programs Plenty of ways to look at it.

 

Actually, Sandboxie is shareware.

Source: http://www.sandboxie.com/index.php?FAQ_Licensing

Also, the shareware version doesn't allow to automatically force applications to run sandboxed, besides what you mentioned already.

 

I don't think the automatic forcing is a big deal. However, I hate having to close out one thing to open another, lol.

 

Both are big issues for me.

 

Thats the way I see it Sully and the way its been for me. I never care
about whats inside Sandboxies sandbox, my only concerns are what
I recover or allow by making an exception. I allow very little.

I never used Comodos sandbox and probably never will as I am not willing
to take a chance messing up my SBIE but I have been told by someone
that knows both sandboxes, that Comodos sandbox can not be configured
as good as it can be done with Sandboxie. This guy loves Comodo but
uses Sandboxie instead of the Comodo sandbox.

Bo

 

Yes it does.
http://www.sandboxie.com/index.php?ProgramStartSettings

 

If you consider your USB and CD/DVD drives it may be a big deal.

Just think how Stuxnet initially spread http://en.wikipedia.org/wiki/Stuxnet

 

In fairness Sandboxie has been going for many years and is close to perfection.Comodo's sandbox is relatively new but certainly heading in the right direction.

 

No,Moonblood is correct that's a paid feature.

 

My apologies to mOOnblOOd. I misunderstood "shareware".
Thanks andy.

 

First off I am a Sandboxie fanboy and make no excuses for it so my view of the Comodo sandbox may be tainted by the fact that, well, it just ain't Sandboxie.

I have no real evidence to suggest one is inherantly safer than the other but the granularity of sandbox control delivered by the talented Mr Tzur takes Sandboxie onto a different level in my opinion.

What starts sandboxed, what is allowed to spawn from that, where it can read, where it can write, whether it can access the internet and the multitude compatibility templates lift it above any offerred as add-ons to existing suites including Comodo.

When I tried to run the Comodo version for a short while and chose 'always start sandboxed' or something similar for my browsers and checked to virtualise files/registry etc it seemed to do a reasonable job at trapping the resultant changes in the hidden 'Virtual Root' folder but I could find no way of allowing access to download locations etc. That meant and if wanted to save something I had downloaded using the browser I had to go into the virtual root and manually move it out. Might have been good for an occassional journey to the dark side but not so much for day to day stuff. Certainly anyone other than me using my computers in my households would struggle I think.

As for the OP having followed your extremely interesting contributions to these forums I would be very interested in your view of the Comodo version but think in its current form the granularity you build in to your Sandboxie configs would be impossible to replicate in Comodo.

Cheers

 

+1
I agree with you sandboxie is much more configurable and better (in terms of configuration, options...) if you want to sandbox something and control everything.

Comodo automatic sandbox is more designed to be integrated with the HIPS so the unknown programs automatically run inside.
I don't sandbox my browser because I don't feel comfortable with it and I consider it not very useful, if you download malware or a file that you consider suspicious because of the origins you can run it anyway in a sandbox or upload it to VT via right click. For protect my browser I prefect programs like trusteer rapport able to protect against things that the sandbox doesn't.

The conclusion could be that sandboxie is designed to be a configurable 4x4 sandbox and CIS sandbox is mostly designed to be integrated with the HIPS, whitelists... although via right click you can manually sandbox whatever you want.

Although the manual sanboxing in CIS already does full virtualization, CIS 6 will bring a new full virtual sandbox for automatic sandboxing

 

Stuxnet is a completely different ballgame. It wouldn't have even caused harm on a home system. Also, I don't use a USB stick (yet. I'm considering getting a good sized one for backup purposes), and my DVD drive is rarely used. Not to mention you can simply right click those drives and choose "Run sandboxed". It's an extra step, yes, but not one I feel the need to pay 40 bucks to avoid.

 

As comodo says, their sandbox is not a replacement for sandboxie. They're different.

I wouldn't use Comodo to sandbox a browser since I can't control allowing access to downloads. But for something like Java I really don't need to allow anything - though it would be nice to add further restrictions.

Really, Comodo's just newer. It's not quite as amazing as Sandboxie because of the customization but it has its uses.

 

Pop-ups and resources usage are both low nowadays, unless you mess with the settings. Comodo can be custom installed, although the sandbox is part of Defense+ HIPS.