Comodo's "Sandbox"...

https://forums.comodo.com/news-anno...tomatic-sandbox-confuses-people-t62222.0.html

an interesting thread at comodo's forum showing that what u may think is a sandbox, isnt really so.

 

Nice read
Never had a clue that those were 2 different things xD
I mean that, if you sandbox manually it does work like a sandbox but the auto one isn't really a sandbox

 

They should reword it since it seems to be a bit misleading.

 

Originally the term sandbox was used for

In that context LUA is also a Sandbox (for instance Microsoft calls protected mode of Internet Explorer also a sandbox, Chrome's internal sandbox is in fact a total isolation containment based on policy restrictions, so it is closer to DefenseWall than SandboxIE).

The succes of Sandboxie (shows great brand strength) is that the 'disposable scratch area" was introduced so no harm could be done when playing in the sandbox.

Wikipedia now uses the more narrow terminology based on the product which has set the mark for sandboxes: Sandboxie

I guess every other company should take their loss: Microsoft, Comodo, Google should drop the old broad interpretation , because general public uses new more narrowly defined interpretation.

Guess it is hard to admit that a one man band puts in more brand weight than multi million dollar turnover firms.

 

well wen i think of just the real world sandbox, i think of a self contained area that is seperated from its surrounding (just as a literal sandbox in real life is) so in the computer form i consider a sandbox to work in that same way, a completely isolated and self contained area sepperated from its surroundings (the system) where things are to be held and not spill out (as the purpose of a sandbox in real life is, u dont want sand everywhere around it)

with just a decrease in permission, thats like just have a kid play in a pile of sand with no isolation from its surrounding and asking him to not make a mess outside of that pile. (as in not really a sandbox)

i think that type of a definition for a sandbox would be the most accurate one and in fact i believe microsoft and chrome mis-represent the function of their protection mechanisms since by definition, its not "sandboxing" anything

 

Yeah, about Comodo sandbox...
http://www.youtube.com/watch?v=uEMp9TVxdCA

 

Comodo "auto sandbox" is "policy HIPS" where unknown are restricted and its technique can be compared with defense wall or even geswall,
you can add resources by placing sign "|" at the end of folder or file you want to be autoprotected additionally... very simple
%APPDATA%\*|, %PROGRAMFILES%\*|, %USERPROFILE%\*| are by default not protected, so there are room for those "malicious" traces everybody complain in youtube review videos... also regkeys e.g. *\software\* are also not protected by def., behavior techniques are covered enough by default IMO, but it can also be strengthened further

Yeah, MRG bypassed early beta... why they dont try it with final version?

 

This is the problem I've been complaining about for a while. Nice to see it being acknowledged and clarified.


Einsturzende, where do you add those resources? Are you referring to Comodo? AFAIK, the auto-sandbox feature is essentially like the Run Safer feature of Online Armor, with more granularity. There doesn't appear to be any actual sandboxing, unlike policy HIPS like GESWall.

 

in "My protected files and folders" (something like that) and then groups, create one group with those entries and then add it to "My protected files and folders", yes Im talking about CIS , and dont forget "|" at the end

some of beh. in geswall are blocked and some are virtualized so I said "even" in my previous post, also run safer of OA restrict only with LUA-like restriction set, i guess...

 

When I tried Comodo Firewall I disabled the sandbox.

 

Why would you disable to sandbox? I'm not judging, just wondering why. The auto sandbox is one of the features that keep objects from getting too far into your system.

 

some people (like me) dont want all the extra features and in my case, im just looking for a firewall

 

Quick question. I get what happens if it autosandbox but if it promt that file is not got a digi signiture and offers to be sandboxed then is that full virtulisation sandbox?

Cheers

jlo31

 

There is a little difference, read it here:
http://forums.comodo.com/wishlist-cis/automatic-sandbox-an-option-to-virtualize-fsreg-t62268.0.html

 

Ok thanks.

 

IIRC, the early incarnations of the sandbox used to virtualize all apps that were automatically sandboxed. This used to create problems with certain startup programs that would be sandboxed before you could configure Comodo after the first reboot.

 

and in comodo fashion, just take the easy way out, who actually fixes bugs anyways... /sarcasm lol

 

Either I'm not doing something right, but in default "out of the box" configuration with everything enabled and up to date, a sandboxed virus was able to modify Windows firewall (add itself as exception) and started listening for incoming connections on my test VM.

 

Do you have auto-"sandboxed" programs set to run with partially limited rights? (Execution Control Settings tab). I'm not sure if firewall rule keys are protected (they should be, but if you're using comodo it probably doesn't matter) but partially limited apps might allow that to happen. You might want to set it to Limited or manually sandbox all questionable programs instead.

 

Maybe Tzuk should challenge Melih

 

that would be funny, but an unfair challenge since the auto sandbox isnt even a sandbox