New MRG test results

Hi, Allow should not matter. As long as application is running inside the sandbox, it should not be able to install the hook.

 

I think some people did not understand the CFP test video. Actually they tested the sandbox componenet, not the defence plus. In this case, once the simulator is sandboxed, it must not be able to do any harm, even if you allow all pop up alerts by defence plus.

 

Absolutely agree with you that everybody whose in a security field whether they are AV vendors or Firewall vendors or anybody else should work like a TEAM. They have to listen each other, they have to share the information with each other...They should be more flexible and should have accepting nature in case they failed to protect their consumers.

 

Well said!

 

It really should not AFFECT the system but gonna SEND the data to the internet till the system is shut down or the process in the sandbox is terminated. Thats how I understand it.

 

No.

1- It must not be able to capture the data as it is sandboxed. Any sandboxed application must not be able to log key strokes esp on a secure site( and esp when the browser is running un-sandboxed). A simple block of the hook/ dll injection might do the job in many cases.

2- A good sandbox must not allow any sandboxed application to send data out side unless a specific application is ALLOWED by the user in sandbox rules/ exceptions( for example user will specifically ALLOW for browsers/ messengers etc in order to be able to surf the internet).

 

Are we talking about Comodo personally, or sandboxing as a whole?

 

i think all sandbox type program should have such restriction,even to not to connect to the internet when trapped in the sandbox,good idea to prevent data theft

 

Anyway I would prefer a program which wouldn't interrupt me every time it needs to make a decision, whether I understand or not those popups, and that's where MRG is heading to...

and that's where the key difference from Matousec's tests is. Sorry couldn't help myself.

 

Both I think.

Most/ All sandboxes are pretty silent.

 

Prefer to listen and read, especially when I think the same way,

 

Comodo sandbox can redirect file/registry but can not virtualise behaviors which affect simulated lua, i think, this is why you get prompt, you do not have such prompts in sandboxie, you have only info about this or that api is not supported and similar..

btw. if prompt appears tester should answer accordingly, this is not sandbox test it is test for on line banking...

 

The default setting in Sandboxie is to allow any program in the sandbox to access the internet. And yet it's an excellent security tool.

Isn't the point of a sandbox to stop any programs inside it from changing the system outside the sandbox? It's not intended to protect a browser from other programs running inside the same sandbox.

 

They told their policy that they will not give credit for ordinary alerts. Policy is wrong for classical HIPS, but that,s a different discussion.

Comodo sandbox lacks interception for dll injection etc, so it obviously failed the test. IMO, it,s more of a deficient feature, rather than failure. I hope Comodo make their sandbox feature rich n more solid without any delays. It,s really frustrating that you can,t even know which applications are running inside sandbox( Am I true)?

This is sandbox test for online banking/ passpwrd stealing malware etc and pretty valid for a sandbox IMO.

 

Ok, but if we talk about test i think your thinking is wrong, because you can not look only in CIS sandboxing but in whole product... Let me explain what I think, if something gonna to escape from CIS sandbox you will receive prompt, in this particular situation (I can only guess) global hook prompt, so if you click deny, no info will escape to their server, also I think nobody with half brain will click allow for program which is unknown, especially if on prompt clearly says it can be used for keylogging and you are about to do some banking ...

Do they need to improve sandbox? yes they should, usability especially but with resources they use (MS documented/approved API only) I think they cant do much more, on another hand it is good enough protection if you willing to answer D+ behavior prompts correctly while unknown program runs in sandbox... Look at CIS sandbox like a "too many prompts suspender" and not as a unknown programs tester like sandboxie which can give enough APIs for progs to run flawlessly in isolated space

 

• my cousins would click "allow" or simply close any popups/alerts...
  
• my friends would go crazy trying to figure out about the popups/alerts which is exactly the same as when installing some other trustworthy programs that uses the same method that triggered the HIPS.

 

This is from another forum:

"PostPosted: Sat Jun 26, 2010 1:34 pm

I keep getting these popup defense alerts by Comodo firewall:

rundll32.exe is trying to execute:

Microsoft.VisualBasic.resources.dll
mscorlib.resources.dll
system.resources.dll


I don't know exactly what's going on. I don't trust that they keep popping up over and over. I allowed them once and it seemed that soon after some malware was detected on my system. I know that it looks like microsoft junk but I don't understand why something recently started to repeatedly try and access resources.

I've read that Comodo can be quite a paranoid software firewall.



Any suggestions?"


How many people out there know what to do in a situation like this one?. Some people say "if you don't understand the popups don't buy this". Can a company survive selling its products only to costumers who know Windows by heart?.

 

+1

 

The point is that there are no pop-ups when installing known trustworthy applications.
Only when an installation is of uncertain legitimacy do you get any pop-ups.Whether or not this is due to malware or a clean file is irrelevant,it just means that caution should be taken and the user should determine if it's safe or not before allowing it access to the system.

There is the argument that the sandbox should offer a complete isolation solution,but this would cause many usability issues apparently.That's not to say that there isn't room for improvement in the sandbox implementation,there are a number of areas where it could be hardened and hopefully this fact has been recognised by the devs.

 

If GesWall, DefenceWall and SBIE can work with MS OS, Comodo can work too. Their Sandbox seems in infancy, unless they are thinking on a different model/ approach of sandboxing.

 

Slightly OT, but isn't that the main issue with Comodo?
In their pursuit of building the 'free ultimate security suite', it seems it will never ever be finished.
A sw firewall, with a HIPS. And an AV. And a sandbox. And perhaps a BB is to be added in the mix? And next?

Development like this is bound to receive criticism, I guess
I'm not judging Comodo as they are free to decide whatever they want but it's their decision not to divide CIS clearly in stable vs. development branches.
Users (in their own free will) are continuously confronted with this mix of parts that are stable/finished and some 'under-construction'.

Right, back on-topic again.

 

Sveta where is the updated test list for the last 2 or 3 days!

TH

 

Hi TH,

Tonight we will be publish the updated report, testing continues as planned.

Regards,
Sveta

 

OK Thanks!

TH

 

thanks Sveta