HIPS & sandbox

Comodo Firewall will be upgrading next week to version 3, offering HIPS and sandbox. As a newbee to Firewall fiddling and knowing nothing about HIPS and sandbox, with the exception of what I found on Webopedia, I need a class on these two things in an easily understood way. Does anyone know where I can find info or can anyone explain HIPS and sand box as it pertains to being included in a firewall? Does it just sit there or is it interactive? Thanks in advance.

 

are they skipping version 3

...

without having the software, its hard to say how it will function. many HIPS require user interaction for decisions. sandboxes on the other hand work by isolating or restricting a program (like your browser). theres no prompts; u just use your software as normal.

 

WSFuser - Sorry, it's ver.3

 

i think it is possible for sandboxes to have some limted prompts.

 

geswall has a few prompts but i cant think of others.

 

a HIPS generally speaking acts as a very low level firewall itself granting or denying permission to processes (generally applications or bits of applications or malware) that want to access the kernel (the core bit of the OS generally always in memory that deals with memory management, process, task & disk management) they vary from highly automatic to very interactive sometimes within a single program based on how you want it to act. Its sort of an internal firewall as opposed to an external firewall that control what is going in and out of the computer.

a sandbox is a sort of container that prevents what is running in it from making changes to the rest of the system outside of the container, it can mirror some of the outside elements inorder to function but is a form of isolation of potentially untrusted code, what is in the container is (generally speaking) in memory and not written to disk, thus when the sandbox is closed everything inside is gone as well. You can think of it like a LiveCD which is loaded into memory but unable to write to a HDD (if there even is one) while what is in memory might get infected theres no chance of the malware being able to write to a CD(ReadOnlyMemory)ROM disk, so when you reboot the computer there is no malware to bootstrap back into memory again. In the case of a sandbox there is of course a HDD the malware could write itself to, but it cant find it or the real kernel.

 

I am not a technical user. Just an average Joe that likes to come to this forum. My understanding is as follows.

HIPS can cover several types of applications. There are HIPS that just sit there, protecting various entry point vectors on your machine from attack. Then there are HIPS that are very interactive, acting somewhat as a firewall for your processes/exe files. They don't let any .exe file run that is not approved in their "white list". So when an unkown exe tries to run, you get prompted to give it permission to run.

A sandbox is a vitualization tool. It pretty much just creates a space on your computer that is not accessible by other areas of your computer. Many people that use them will run their Borwser in the sandbox, sometimes their email client as well. The concept is that you don't really care what gets downloaded to the sanbox, because whatever is there, won't have access to the rest of your computer. When you are done surfing, you then just delete the sandbox and any malware that you encountered or donloaded is gone.

If you want to play with these types of application before Comodo releases theirs, download Spyware Terminator and Sanboxie. They are two free programs. ST has HIPS. Sanboxie is a sanbox application.