HIPS question for egg-spurts

Discussion in 'other firewalls' started by bellgamin, Jun 18, 2018.

  1. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    Dont forget a full 7% from each sale goes to charity.:rolleyes::D
     
  2. guest

    guest Guest

    comodo = 10+ years old bug when the rules made by the users suddenly disappears out-of-the-blue = unreliable.
    SS = yeah seems the best one at the moment, especially for its command line parser, but almost dying, ultra slow development and bad support. i won't bet on its future.
    NOD32= useless if not on Interactive Mode, and if on it, prepare for storm of prompts

    choose you poison.
     
  3. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Comodo in safe mode gives very few pop up alerts. And for any new program/ exe which is not in comodo safe list, I just add it to safe/ trusted list, no more alerts.
     
  4. guest

    guest Guest

    but when an unreliable comodo staff added a malware on the whitelist (it happened in the past), Comodo on safe mode is doomed. Only its Paranoid Mode saved the day.
    but to get Paranoid Mode almost as quiet as Safe Mode, you must do lot of preparation, which are out of reach of classic users.
     
  5. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    ..and then that staff UN-happened it. In the words of Garfield the cat, "No one is purrrfect."
     
  6. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    The free version of ReHIPS -- which is just as up-to-date as the paid version -- is good for most purposes. But, as guest said, it is not a HIPS product in the proper sense of the word. It isolates the problematic applications, rather than prompting them to death.
     
  7. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    1,037
    Hi

    Where do you download the free version from? What are the limitations?

    Thanks

    Terry
     
  8. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    It is officially called "demo" version
    https://rehips.com/en/

    The limitation is 10 isolated processes per session. That means you can do just about anything except for run a multi-process browser (such as Chrome) in isolation with your usual extensions and tabs. If this is a deal-breaker for you, then the free version is not for you. You can still control child processes of the browser with the demo (if you run Chrome out of isolation), but running it in isolation will probably put you over the limit of the demo.
     
  9. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    1,037
    Hi shmu26

    Many thanks for your prompt & precise reply. Unfortunately, it is a deal breaker because there are other free options. What a pity.

    Terry
     
  10. guest

    guest Guest

    no there aren't. there is only 2 real standalone sandboxing apps; ReHIPS and Sandboxie, both have free limited versions, but only the paid ones are worthy..
    Comodo's sandbox isn't even close to them, no granular control at all, no options.
     
  11. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,649
    Location:
    Paris
    Oh Lord, Spare Me! The Proof of The Pudding would be to demonstrate a Comodo Sandbox Flaw that is not seen in the others (like when I pointed out a serious flaw in SBIE a few years back -subsequently fixed by them-that Comodo's Sandbox was impervious to). Also Comodo's sandbox is automatic whereas the SBIE is manual (and I really don't think that you feel the Home User is cognizant enough to know when to sandbox things and when not to...).

    But as to your statement- Proof, my friend! Give me Proof!!!!
     
  12. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    The burden of proof is on you to show where the granular control is in Comodo sandbox. As far as I can see, all the crud and all the vulnerable programs are playing in the same sandbox, with the same one-for-all set of rules. This is not very hygienic.
     
  13. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,649
    Location:
    Paris
    No- the proof is on the person that says one product is inferior to the other. The term "Granular Control" was used. Don't just use terms- show me how one could be bypassed and the other cannot (personally I think currently both the SB and Comodo sandbox are equivalent- other than one being manual and the other automatic- as long as the option to stop sandboxed stuff from connecting out is checked in both).

    But if you guys can show any case where Comodo fails and Sandboxie protects please Dazzle me with your Brilliance. Otherwise please have the courtesy to admit that the statement is not correct.
     
    Last edited: Jul 30, 2018
  14. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I would disagree the Sandboxie isn't automatic. If you sit down at my desktop and click on the firefox icon, you will be in Sandboxied Firefox
     
  15. yeyo

    yeyo Registered Member

    Joined:
    May 25, 2018
    Posts:
    8
    Location:
    Greenwich Meridian
    In my opinion Sandboxie give you more control about sandboxed programs, but Comodo sandbox is more strong and secure due to it's use VT-x (hardware virtualization - if you have a compatible processor) and relies in other modules, for example, file reputation.

    From what I understand, SBI have "automatic" sandboxing if you configure Forced Folders or Forced Programs features (you have to add manually the folders/files) while Comodo sandbox will autosandbox every unknown process.
     
  16. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Funny how this went from a HIPS discussion to a sandboxing one.

    For the record, they are not the same. A sandbox will prevent malware from infecting your system. It can't protect against modification attempts of anything running in the sandbox whereas a HIPS can assuming proper rules have been created to prevent like activity.
     
  17. mekelek

    mekelek Registered Member

    Joined:
    May 5, 2017
    Posts:
    518
    Location:
    Hungary
    guys guys, my sand castle is better than yours!!!444!4
    oh and my potato is definetly better than your sand castles!
    jesus people.. this thread...
     
  18. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
    Free or paid sandboxie?
     
  19. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    That is also possible in free version, Azure. Just make your own shortcut :p
    I have two. One is for browsing and one is is for updating the browser which isn't possible when it runs in sandboxie, obviously. (I mean, you could change that too, but meh.)
    I tried ReHIPS, Comodo and Sandboxie. Afaik Comodo and ReHIPS work by running the software under a different user with way less rights. Only Sandboxie does some virtualization. (Someone told me)
    I chose to stick with sandboxie free, but it is WAY too costly for something that looks to be from 1995. So that isn't ideal at all.
     
  20. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,649
    Location:
    Paris
    Peter- if SBIE has been on your system for a while you may not remember the installation process. After Sandboxie installs all its stuff, there are like 5 or 6 frames introducing you to its use. One of these frames asks if you want to sandbox your browser(s), and if so to double click the browser icon(s) on the desktop. This will cause the browser(s) to auto-start in the Box AND it will allow it to connect outbound.

    If you do not take advantage of this step, you must manually set the browser to start in the sandbox as well as making a setting for it to connect out (that is, as long as you have clicked the Sandbox restriction setting not allow anything sandboxed to connect Out- which I hope that you do!!!).

    Are you serious? Of course it can.
     
  21. yeyo

    yeyo Registered Member

    Joined:
    May 25, 2018
    Posts:
    8
    Location:
    Greenwich Meridian
    Taking the strictest definition of sandbox (process isolation), in theory this may be true, but in practice, this statement is incorrect given that most sandboxing software also uses virtualization and virtualization can protect you against these modification attempts.
     
  22. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    It appears at least Cuckoo has "beefed up" its bypass protection recently:
    https://www.fortinet.com/blog/threa...koo-sandbox-detection-and-our-mitigation.html
     
  23. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Up until recently they offered lifetime licenses which I am still using. Not sure what the 1995 comment means. SBIE has been constantly updated.
     
  24. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    Judging by the high price of a yearly subscription, I would assume a lifetime licenses costs around 100-200$. But I am probably wrong.

    I was just commenting on the user interface that certainly hasn't changed since 1995. :)
    I really detest it. tbh :(
     
  25. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,782
    I still have a lifetime time subscription from back when it was offered ,it was not that expensive.
    I agree the GUI could use a makeover but can't argue with the protection it provides.
    I might just have to dust off the old license and give SandBoxie another spin.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.