Comodo's CIS6 - Opinions?

Just wanna gauge the feeling out there on this?
I was quite taken with it during Beta but I've tried it on 3 of my PC's since it became an official release and none work 100%.

Is this a case of you get what you pay for? Pay peanuts, get monkeys?
Quite disappointed as 5 was great but was sold on the virtual kiosk option as used SandboxIE quite a bit.

Beta worked great, what's happened??

 

ive used CIS on and off for a few years and not had any problems with it.always installed and ran jsut fine.
Ive got an image of the latest version and i quite like it.
Opinions may vary.

 

MalwareDoctor did a review of Comodo's virtual kiosk protection and it blocked all but one sample - that was with the av and firewall turned off. Everything seemed to run fine on all the reviews I've seen on Comodo. Run it with HIPS off/BB and kiosk on would be my choice.

 

You might want to try the latest update which contains many bug fixes.

In my opinion with version 6 CIS has come of age.There's been a lot of different technologies integrated over the last few versions,which have worked to varying degrees.Now they appear to be maturing nicely and I expect continued refinement over the coming months.

 

Unfortunately it appears the problem with avast web shield has not been fixed yet.Not for windows 7 users anyway.

 

I started using Comodo at CIS 5 and now am am CIS 6. No complaints and the automatic sandboxing of a browser is working fine. The Virtual Kiosk works fine. I actually upgraded from Win 7 to Win 8 a few weeks ago and haven't yet installed Sandboxie as CIS is doing everything I need.

 

You don't need Sandboxie with CIS 6. That would be an overkill...

 

I would disagree.I used both and sandboxie is time tested and solid plus its far more configurable.
Comodo sandbox is new and not tested thoroughly yet.

 

Cis 6 seemed ok. Until i ran their own "CLT"
the mods say the leak tester needs to be updated for cis 6.i scored a 190/340 on it's own test with proactive on, behavior blocker set to untrusted and hips off.
I did see however someone who was running windows 7 x64 and got a perfect score. i need to try his settings with Win 8 x64.

 

Sandbox needs to be turned off and the HIPS on for that test.It wasnt designed to test the sandbox.

 

I have the latest CIS 6 on 5 PCs of different hardware, OSes. No problems.

I thought Virtual Kiosk will be something cool. It's something like a GUI for sandbox.

I find it's rather convenient to use CIS 6 to automatically sandbox all browsers and some web apps. Though it's not as convenient as Sandboxie, it has only manual "Reset Sandbox".

 

Read this and you will understand better (especially Guest10's post):

http://www.sandboxie.com/phpbb/viewtopic.php?p=68121&sid=a07abf62d83f2dbeaa5cf62611ed52e0

You see, sandboxes are great for usability. But nothing beats a classical HIPS. The leak tests didn't become "defective" overnight. Simply, just like in Sandboxie, some things don't need much to run. They won't infect, but they may successfully phone home while sandboxed for example, after catching some info from your system. No permanent damage, but there still may be a damage for the time you let it run.

It's the same thing with Shadow Defender. No popus. No infection either. However, if you run a malware during a session, the malware MAY manage to steal something.

Classical HIPS gets 100% success, because unlike policy or virtualization sandboxes, NOTHING is allowed, not even with minimal priviledges, if you haven't allowed it. With HIPS disabled, make sure you are very careful of what you let out of the firewall and modifications of already allowed proggies in the firewall.

Sorry, you can't have it all in this world.

 

UPDATE:

I finally managed to get everything working by purging registry, 3 times!
Downloaded new version and installed.

Virtual Kiosk works but takes nearly 5 mins to open, brilliant?!

With regards to VirtualBox, I normally run a MicroXP session in virtualbox when browsing, only 200MB install and 20MB RAM usage so lightning fast.
I dont run CIS6 in VB.

I used to have the VB session sandboxed in SandboxIE for added security but decided to strip it off and have a go with CIS6.
Time to draw the line in the sand and move on methinks!

I like the concept of CIS6 but not the practice, was same on wife's PC too, both running Windows 7 Ultimate (32bit).

Playing with Avast Pro's sandbox at moment but will probably wind up going back to SandboxIE/VB MicroXP with either Panda Cloud or BitDefender free.

 

The issue of keyloggers has been discussed recently on Comodos forum https://forums.comodo.com/news-announcements-feedback-cis/getting-key-logged-with-a-sandboxed-keylogging-testerand-in-virtual-kiosk-t91321.0.html
CIS's firewall will alert when a logger attempts to phone home whether it has been detected or not - so long as FW alerts are turned on
It may not be a perfect solution but it keeps your data from been transmitted and a savvy user can "follow" the alert back and hopefully deal with it then (if not actively detected)

 

Yes, that's why i said that one must be very careful about firewall alerts. It will be his only and last line of defence. I posted that link though, because it explains what each test does. I don't know in which tests CIS fails, but if one reads what they do, they may understand better the risks. Because, as you can imagine,IF CIS for example fails in a test where the malware uses an already allowed process in the firewall (because you don't have a contract with malware writers stating they will always use the "iammalware.exe" to phone out and not iexplore.exe, do you), then the firewall won't help you. Take it as a concept if you like. Kiosk has full virtualization, right? Then probably kiosk is more at risk than the policy sandbox.

Again, i haven't ran CIS 6. But some of the "fails", if put together, could, possibly represent a problem. For example, let's say it fails DDE. What will stop it from logging and using IE to send out the data, if you have already allowed IE in the firewall? Just an example, i don't know if it fails DDE. Just saying, that without the classical HIPS, you take a little risk and one must be aware of that. Sandboxes allow a few low priviledged operations to happen. The fact that you don't have at hand the POC that will try to exploit them all, doesn't mean it can't happen ever. Also, the techniques in the clt test, doesn't mean they are the only ones that a man can conceive...

Of course, it may be that all "fails" are related to techniques that couldn't possibly go past the firewall. I don't know. I just know that with the classical HIPS on, the problem doesn't exist.

 

Defense+ in Paranoid Mode and Sandbox disabled = classical HIPS, isn't ?

 

Of course. Even without paranoid, at least in 5.10, if you check all options (equal to proactive) and set it to "clean PC" mode, which is very easy on pop ups, you get 340/340 in Comodo Leak Tests. Add to protected folders any valuable folders you have that you don't want anything to be able to access and you 're heavily fortified. The sandbox IMHO is great for usability and it's a very low risk route, but not perfectly safe. It's very good against exploits from the internet, but not so great for things you want to execute locally yourself and you THINK it's legit. For example, you download a "nodvd crack" for a game. In reality it's malware. You execute in the sandbox, it doesn't do anything (sandbox is restricting it). You think "i will allow it normally,darn sandbox is impeding the crack to work correctly". You 're infected. With classical HIPS, you have more chance in detecting it's malicious if you execute it step by step. And in general, nothing can run, no matter how low priviledges it asks for, if you don't permit it yourself. It's more annoying, it requires more knowledge and some logical thinking ("why would the crack for the game want to inject iexplore.exe?Hmmm! It's not a crack!"), but it has its advantages too.

 

Ya, the golden rule is always: " deny all and allow by exception ".

 

Exactly. "Being suspicious is good!"

 

And being paranoid is funny.

 

i really want to try the firewall with the paranoid mode as i try the antivirus with D+ with paranoid mode and it slow me down a bit