Can Sandboxie and Comodo be installed on the same system?

Discussion in 'sandboxing & virtualization' started by cheater87, Mar 27, 2017.

  1. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    ROFL. I get it. The biggest threat to my computer is......ME
     
  2. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Cruelsuster, Sandboxie is a lot more than a browser in a sandbox. You keep thinking of Sandboxie being.......the Sandboxie free version.

    Bo
     
  3. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,874
    i refine - futile for the mass, not in general, see
    https://www.wilderssecurity.com/thr...-to-viable-hips-software-availability.392576/

    for regular usage of a computer hips is not important. and it has been pointed out several times that HIPS as a sandbox part of an antivirus has no advantages but disadvantages. sandboxie has wiped out its problems with multiprocess e10s, i am not sure that comodo or avast as specific known trouble makers had done their homework too. comodo hips formlery known as defense (plus) ever was a culprit.

    cruelsister showed up two important facts: comodo hips is automatic - thats ok - but i consider it as not configurable as sandboxie although it seems it has some nice options:
    https://help.comodo.com/topic-72-1-451-4760-.html
    be honest - which regular user is diving that deep into comodo hips settings? or this example:
    https://help.comodo.com/topic-72-1-451-4765-protected-registry-keys.html

    but i have to admit that a friend of mine had lost its sandboxie contents when using an image. we came to the conclusion that he thought he had put its container on drive E when creating such folder \sandbox\ but was not aware he need to tell sandboxie to use it. what i want to tell is that it it pretty useless to have a security software installed but not to know its important settings. i can not say if comodo hips has more advantage because it is automatic - could also be disadvantage and i am more the type of person who is looking forward to other less-brain-using solutions. keep it simple and stupid.
     
  4. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,649
    Location:
    Paris
    Bo- Again, I mean absolutely no disrespect for SBIE which I consider excellent. But what I meant by "jumping through hoops" was in reference to the Forced Folders and Forced Programs functionality of the Paid version. CF will sandbox anything at all at default (and is free) vs setting specific parameters with SBIE (and then only in Paid mode).

    If I am in error, please correct me (and please forgive me- I twisted a knee dancing last night and am currently on pain meds- I tend to get a bit gloopy when this occurs).
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Never really thought about this, perhaps SBIE should also get a "auto sandbox" feature.

    I agree, it should get an option to alert about suspicious behavior even for sandboxed apps.
     
  6. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    I know you mean nothing bad. You should realize that with Sandboxie, sandboxing files and programs automatically is easily done, there is no "jumping through hoops" to get it done. Is pretty much set and forget. I do very little thinking about to sandbox files. I said this before, pretty much all files that are created in my computer run sandboxed during their lifetime in the PC with very little thinking required.

    I really cant see a good reason to compare Comodo with Sandboxie, they are totally different. Sandboxie is an application sandbox, you the user choose what to run sandboxed. In the case of Comodo, the program decides, based on what it thinks is unknown or on a list, whether to sandbox it or not. One program has nothing to do with the other.

    About your knee, get well:).

    Bo
     
  7. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    What you mean with "perhaps SBIE should also get a "auto sandbox" feature".

    About the line below in the quote, I know you always wanted something like that. Not me, I want Sandboxie to be what it has always being (an application sandbox) and nothing more.

    Bo
     
  8. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    Adding "features" to SBIE, especially anything as complex as behavior analysis, will do nothing but transform it into a multi-purpose monstrosity. Added code generally translates to more bugs and conflicts.
     
  9. guest

    guest Guest

    For once i agree with Bo, it is exactly what i do , separate forcing sandboxes for different uses with each having its own settings. It is how Sandboxie must be used and not so complicated to set it up that way.
    It doesn't need any other features. @Rasheed187 if you want some kind of behavior monitoring, the Enterprise version will do the job.
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Perhaps an option to auto-sandbox all apps except the ones in C:\Windows, to avoid problems. I wouldn't need it, but it would help people like CruelSister.

    The comment I made was about Comodo not SBIE. Comodo should give an option to activate the HIPS inside the sandbox.
     
  11. guest

    guest Guest

    You can do it with the paid version, just use Forced Folders feature.
     
  12. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    I cant see something like that working too well with Sandboxie. Sandboxie has many Sandbox settings. Sandboxie cant guess if you like to run all programs in one sandbox (bad idea) or in dedicated sandboxes or how to set them up. What to allow and what not to. What files and folders to block, etc. In my opinion, Sandboxie has too many variables for something like that to be a good option.

    I remember, Defense wall came with a list of programs that were automatically set to run untrusted after installing the program. But even though it had that list, it did not include every program that the user had installed. Some programs you had to set them up yourself to run untrusted/isolated. With Defense wall you had no Sandbox settings, not even the choice of deleting the sandbox like we do with Sandboxie. So, in my opinion, the way Sandboxie is designed makes an All programs auto sandbox setting non usable.

    Bo
     
  13. guest

    guest Guest

    @Rasheed187 ReHIPS is the closest to do the thing you want , but you don't like it :D
    So your only solution , is to use the Forced Folder/Program feature.
     
  14. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    What I do to sandbox all programs every time they run is I combine using Forced programs, Forced folders and the sandboxed Windows explorer. Whenever a file runs, running sandboxed is never in question, the only question really is in which sandbox its gonna run. And that depends where the file is located in the PC.

    Bo
     
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I understand what you're saying but I'm sure the developers could figure it out. And I do understand that with the "Forced Folders" feature you can already do this. But the new auto-sandbox feature would perhaps need to work like in Comodo?

    I don't really need this "auto-sandbox" feature, but for others it might be handy. Perhaps I will take a look at ReHIPS when it's released, but I will probably not like it.
     
  16. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Sandboxie has no use for something like that. That is if you take full advantage of what Sandboxie has to give. Remember, when you run a program or a file sandboxed, anything that runs or executes, runs sandboxed automatically. So, with SBIE, all you have to do is do what you are supposed to get full protection from SBIE. And that is, run most programs that you use on a regular basis under SBIE every time they run.

    Bo
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I don't see why you are making so a big deal about it? It would be an optional feature for people who would like to sandbox all apps automatically, without having to use the "forced folder" feature. And if apps don't work correctly, or can't be installed then it's their problem.

    But anyway, I just read that Comodo auto-sandboxes all apps that can not be deemed safe, and apparently it's not even using a driver to do this, it uses user mode hooks, I'm not so sure how secure this is. I believe they use this method only in CCAV, not in CIS.

    https://antivirus.comodo.com/cloud-antivirus.php
     
  18. guest

    guest Guest

    because then nobody would buy the paid version :D
     
  19. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    I am just giving you my opinion. You are always talking about wishing monitoring tools were added to Sandboxie and now, features that are perfect for programs that have a sandbox like Comodo, Avast, but not for Sandboxie.

    As a full time Sandboxie user, I don't want SBIE to become bloated with features or tools that would bring extra compatibility problems with Windows and other programs. As I understand it, maintaining Sandboxie as is now is very, very difficult. More features means more problems.

    Years ago, the thing that attracted me to Sandboxie was that it used no scanning tools, signatures, pop ups like HIPS or any kind of monitoring tool, I dont want that to change. What I am writing here is just my opinion, Rasheed.

    By the way, you can run Windows explorer sandboxed. Anything you navigate to with it, runs sandboxed automatically. Its one of the best features in Sandboxie, it sort of gives what you want (sandbox all programs without Forcing anything). Available in the free and paid version. I use it all the time.

    Bo
     
  20. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    Amen. :ninja:
    He's not. OTOH you, well... :isay:
     
  21. guest

    guest Guest

    Indeed the best feature of sandboxie.
     
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    The thing is, this feature is already there, it's called forced folders. There is nothing complex about it. So this new auto-sandbox feature would be basically a check-mark in the main GUI. It would sandbox all apps except for the ones listed C:\Windows, and would make people like CruelSister very happy. I don't need it, on demand sandboxing works for me. I don't even use a sandboxed Win Explorer, but when testing apps it might indeed be handy, thanks for the tip.
     
  23. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Rasheed, unless you are an expert with SBIE code you have no idea how complex. In any case your post here is a waste of breath. Go post it in requested features on the SBIE forum and see if it floats.
     
  24. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Perhaps you should start using it. Forget testing apps with it, there are many better uses for it. Despite being one of the best features in Sandboxie, like you do, its highly ignored by most SBIE users.

    Bo
     
  25. wolfrun

    wolfrun Registered Member

    Joined:
    Jul 26, 2009
    Posts:
    700
    Location:
    North America
    Since we have all you techies here together, up above, :D I have a question; which is the more secure way of using a sandboxed browser 1) within windows explorer sandboxed 2) run the browser sandboxed in say, a program like shadow defender, or 3) just run the browser sandboxed on it's own. P.S. am not using comodo firewall.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.