COMODO Internet Security 4.0.664.127486 BETA Released

Discussion in 'other anti-malware software' started by Dragons Forever, Jan 11, 2010.

Thread Status:
Not open for further replies.
  1. From the leading developer & project manager of CIS:

    Behavior Blocker, CIMA heurstics and so on will be in the next versions once this version launches with the sandbox (as sandbox is a huge code based release). CIS including sandbox supports both x32 and x64 platforms.
     
  2. LaserWraith

    LaserWraith Registered Member

    Joined:
    Apr 23, 2009
    Posts:
    38
    Location:
    Under your bed!
    OOPs...I posted this just 1 minute after you. >.> I'l delete.
     
  3. Np...

    There is also further improvements in the AV: MUCH better memory handling while updating for first time and also the need to no longer reboot (Probably thanks to the new CIS 4 Engine).
     
  4. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Wll it be on the tests by AV Comparatives when it leaves beta?
    Regards,
    Jerry
     
  5. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    nope. lol theyve always got an excuse tho ;)
     
  6. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    @Dragons Forever, the comodo hero formerly known as 3exist

    When running on Vista and Windows 7 the great benefit of UAC is that when running least priveledge processes they can only perform side by side infections. Combining this file and regsitry virtualisation (Vista/Win7 only offer this as a mean to deal with incompatibility, not security) is really smart and reduces the risks to a minimum

    So here a few questions:

    1. When a sandboxed program spawns a process, will the same restrictions be applied (meaning both least priveldge and virtualisaton)?

    2. When a sandboxed program creates a process, will the same restrictions be applied (meaning both least priveldge and virtualisaton)?

    3. When an elevation request is encountered, will file and registry virtualisation still be on to protect (like pseudo admin)?

    4. Great improvement to whitelist installs. I assume this precedes over the unknown program handling (since it is a trusted installer/company), is this right?

    5. What settings do I need to activate in D+. In other words would the minimum be enough (file and regsitry) or do I need some additional protection (f.i. to exclude the debugger mode route and keep least priveledge sandbox in tact?)?

    6. How is the sandbox cleared and/or promoted to real system environment?

    When I get the answers I am hoping for, this is really a break through.
     
  7. korben

    korben Registered Member

    Joined:
    Nov 5, 2009
    Posts:
    740
    Can it be freely used with Returnil?
     
  8. nomarjr3

    nomarjr3 Registered Member

    Joined:
    Jul 31, 2007
    Posts:
    502
    Of course.
     
  9. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    @3xist

    where is the download link for cis4 beta ?
     
  10. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,081
  11. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    10X lordraidens :)
     
  12. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    btw , cis 4 beta + using SB dont go along side well , a major slow down in open ie or fire fox
     
  13. korben

    korben Registered Member

    Joined:
    Nov 5, 2009
    Posts:
    740
    wondering if v4 will be more user-friendly..I mean for a beginner/intermediate users..seems like it's possible, fingers crossed
     
  14. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    basically its same as version 3 with few tabs / features adding
     
  15. korben

    korben Registered Member

    Joined:
    Nov 5, 2009
    Posts:
    740
    So... it's still going to be way too complex for new users :sighs:
     
  16. Edwin024

    Edwin024 Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    1,000
    Look at the youtube review of version 4 by Languy99 and see that CIS works much easier than 3 for new users.
     
  17. LagerX

    LagerX Registered Member

    Joined:
    Apr 16, 2008
    Posts:
    540
    You're completely wrong :)
    It's intended to beginners or so. It has less popups and so on.
     
  18. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Well that could be a surprise:

    It really does not matter what policy you set in the sandbox, because it runs least priveledge user and has file and registry virtuaisation, you only would like to check on side by side injections (= process modification) and some spyware related issues (key/screen loggers etc). So it could be very quiet.

    Next step would be to realise a reporting functionality (like buster sandbox analyser) and acquire some behavioral / intelligent malware forensics (like Hitman Pro) and most decisions can be made for the average user.
     
  19. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,561
    I found that Defense + still causes a lot of pop-ups, and it is made worse by the fact that they removed "install mode".
     
  20. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,081
    The install mode is still there but works different, you can use it but them you dont have to come back to the normal mode, comodo come back automatly
     
  21. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,561
    Ok, I will take a look. I didnt look for it before based on the info in the OP, saying that it was removed.


    EDIT: I see something called "training mode". Guess maybe they just renamed it. lol
     
    Last edited: Jan 12, 2010
  22. wtsinnc

    wtsinnc Registered Member

    Joined:
    Oct 3, 2008
    Posts:
    943
    I've been running CIS 4 since this morning and so far, no hiccups.

    Question;
    Where can I find a tutorial dedicated to the sandbox feature ?
     
  23. TheMozart

    TheMozart Former Poster

    Joined:
    Jan 6, 2010
    Posts:
    1,486
    I just downloaded the latest COMODO, CIS_Setup_3.13.125662.579_XP_Vista_x32

    I remember I tried COMODO firewall about 1 year ago but had to remove it because for some odd reason it would never save and allow the 3 Punkbuster files that's needed for me to play online games.

    Is the new version OK with this now?

    And I can I tell COMODO to allow EVERYTHING that's currently on my system so I won't get bombarded with a 1000 popups?
     
  24. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Not sure, but i think if you set it in training mode, it allows everything while in it. :D
     
  25. Yes.

    Yes.

    No it will not be.

    You are correct.

    You don't need to touch anything else.

    It is automatically cleared on reboot.

    But let me give you a better overall answer for your questions if I may...

    - CIS makes sure the installers/updaters run outside the sandbox. Here users receive a ELEVATION alert, which very simply means: I am installing something, and make sure it is installed something an do not bother me with it again. This design is made to avoid incompatible issues to avoid sandboxing such programs. This really is alot similar to how UAC works in Windows Vista and Windows 7 when you see a elevation Alert like UAC. ELEVATION Alert will only alert you once and only once. Allowing it for example will make that installer/updater fully trusted and its files that it drops. Blocking it blocks it totally.

    - Visualization is not yet activated/enabled by default. The sandboxed programs only start with limited rights and Defense+ handles these specifically.

    How It works at the moment (Sandbox)
    Unknown applications are run in the "non admin" restriction level - equal to using a non-admin account... which you probably know results in like 80% less virus damage. If you are running Windows XP, You can use Process Explorer to identify restrictions added to a sandboxed process, you can see the Job limits of the sandboxed process. So CIS4 assigns restricted tokens to processes according to the level in sandbox and puts them into a job object. It really is exploiting the full support from the operating system at this stage.

    So off course OS provides alot of security as a starting point. Then we have Defense+ which automatically blocks file system and registry access to critical keys/files. These critical keys/files are the same ones used in Defense+ groups. Remember Comodo Sandbox is a default-deny sandbox where unknown apps are run in it by default. it is NOT a on-demand sandbox just to sandbox some applications, even though you can do it.

    So this is how the sandbox works and elevation Alerts. :) I hope this helps!

    Anyway, Have a play with process explorer. Run programs in the sandbox, like a undetected malware... you don't need to install the AV. And go to proccess explorer and you will see how the malware is in the sandbox and the restrictions, tested under windows xp.
     
Loading...
Thread Status:
Not open for further replies.