COMODO Internet Security 4.0.664.127486 BETA Released

CIS4 is extremely quite thanks to sandboxing. But it is still BETA and there are still incompatible issues with sandboxing and certain software, and off course other bugs. Just be aware if you are going to test it.

 

Behavior Blocker and CIMA based heuristics, will take care of this as soon as this version launches first with sandboxing (sandbox being a huge code base release).

Btw: Not all sandboxing usability GUI is in it to see how the sandbox works. It will be done before this version goes final. This first beta is only the start...

 

hello dragon,

i really appreciated commodo company doing this extensive job of bring (cim v4) . i really appreciating the company bringing a full fetched security product like Zonealarm extreme security for free . well lastly being free software for all the time i really like to thank that commodo company , So deliver my thanks to them. i am eagerly waiting for the final version of CIS v4 soon.

thank you,

regards,
one of the commodo user (i am using it in one of my lappy. )

 

Thanks for your detailed explanations,DragonsForever,I really look forward to the new 4.0 program.

Just one question: I have had some difficulties with my Windows7 64bits (made a thread in Paragon HDM sector) because I was running CIS 3.13.126x inclusive of AV alongside Prevx.
The problem was cmdguard.exe ,defined as the 'sandbox' by WhoCrashed.
Perhaps it is just their personal definition.
I have not downloaded the beta and I was still with the previous version when I had some trouble, could it be there was a sort of error in Comodo updates and a version of sandbox was already operative in my system?
Is this possible?

 

Hmmm... This sounds like a incompatible issue. Whether it's a bug of Comodo or not is unknown.

Would you be willing to test CIS 4 beta to see if it resolves your issue? What you can do, it download and install Comodo Time Machine, Create a snapshot and then download and install CIS 4 beta. If anything goes wrong, you can simply go back in time to the last snapshot. You will be basically using CIS 4 beta in a virtual machine alike. Considering CTM is now final.

 

I will definetely install CIS 4.0 when its out of beta as ,at the moment,I'm a bit stressed by all sorts of complications i had to confront with going from my marvellous XPPro 32 system to my equally (now) marvellous Windows7 64bits one.

Problem is I just went through 15 days of trouble for BIOS,drivers and programs,and I need some respite as I need the pc.
This year I went through betas by comodo -CTM-,Prevx,Thunderbird etc.not to mention Windows7,(and learning Linux,too)so I need a few weeks to asses this pc and CIS 4.0 is not too far away.

I've used CTM for 3 months in another pc and I really like it,it was stable since the very beginning.

At the moment I'm fine and without any issue with Comodo firewall and D+
Avira on demand
Prevx 64 beta x50.
Returnil 2010 with no antivirus.

Thanks again,
karad

 

I'm trying CIS4 beta.
Is it normal that D+ in Paranoid Mode sometimes does not create popup for unknown software (= when there is no specific rule) and deny it?
I disabled the option Trust the application digitally signed by Trusted Software Vendors, and all the other options in General Settings are disabled.

Regards

 

Thanks a lot some more questios to understand the full potential.
1
This means that D+ to use the potential of the sandbox, only requires file and registry defense activated?
2
Through the sandbox, direct file access, low level keyboard and debuuging mode etc is covered (this does not need to be active in D+)?
3
Does this elevation mechanism also work in XP?

When the ansers are
1. Yes

2. YES (not active=YES)

3. YES

I will find the time to make a very user friendly rules set of the FireWall with only File/Registry and keyboard/screen protection with file and registry virtualisation in the sandbox. With this set I will set UAC in quiet mode (so only lowest right start/protected mode IE). I will use PGS to contain some internet facing programs in LUA (will never trigger elevation request, but allways stay lua), plus some folders (Guest, Public, Trash can) as deny execute and apply the ie8 anti executable tweak.

It will be a smart UAC + Applocker (Allow, with white listing) for Home version owners

Regards Kees

 

1 2 and 3 are all yes. But remember pls that this is how it works at the moment, still in beta and things could change.

 

Good enough for me

 

It won't let me install it for some reason, gets all the way to the end and rolls back, no errors or anything. At the end it states the obvious, setup ended prematurely. Installed fine on my XP machine but not on Win 7 x86

 

Pls report this on the Comodo Forums, in the CTM board so the developers can see it and be aware of this issue.

Doskey, the CTM team leader, will may offer to also help over MSN.

 

Is this new version supposed to block you from modifying/deleting files from anywhere but the user directory? I get an access denied dialog (continue/skip/cancel) that never works on the system drive but sometimes works on other drives. Some drives I can delete files at will. This happpens even with D+ disabled and sandboxing disabled.

Sandboxing doesn't work on 2008 Server x64 either.

N/M... I needed another reboot. Everything's working fine now.

 

I did. I am not too woried my self I am testing it on my XP box, so I decided to continue with the new Defensewall on my laptop. Im really liking the new CIS. never used the whole thing before, I usually just use firewall and D+ but so far its been great. Feels alot easier on the system, I think maybe the scan speeds improved, but like I said its been a long time since I tried the AV. I have seen a few bugs in the sandbox but otherwise nothing to serious.

 

Wondering, how strong, and how light is the AV now? ive heard good things for it.

 

How does comodo's new sandbox compare to Sandboxie's under 64 bit? maybe malware testing could be used to measure which is the more effective method at the moment

 

Ha,

I tried to remember, why I am so happy with the current direction of the releae path of Comodo, have a look at this old thread (one year ago) and see how much Comodo developers have looked at it (considering behavioral is still to come).

This post explains the idea behind it https://www.wilderssecurity.com/showpost.php?p=1413356&postcount=28

This is the original thread https://www.wilderssecurity.com/showthread.php?t=234443

 

It really is heading that way.

CIS 4 is going to be a awesome suite, especially in the next versions with behavior blocker, CIMA like heuristics and "acid cleaning" type abilities for the AV engine. AV detection is also getting there too.

It will be max security with minimum hassle. Sandbox is a starting point. Honestly even this first BETA with sandbox it's very very quite and strong and the default configuration "internet security" has been hardened, all D+ settings are checked now and image execution control is enabled. There is almost no difference between the default configuration and proactive! I see no reason to use proactive anymore tbh...

 

Do you mean that the behavior blocker will not be avaliable in Comodo v4.0 final? We have to wait until Comodo 4.2 or 4.3 or something like that?

 

It wont be in 4.0 final no. It will be in, as you said, 4.1 or 4.2. Sandbox is a MASSIVE code base release, and for it to work as a default-deny sandbox automatically handling malware for you and programs is a big challenge... even though it doesn't sound as big. It will be chaos if everything was added at once, since every single component of CIS is "designed to work together" in harmony.

 

culd do it the way Avast did ther beta, add features into the beta 1 by 1, once one feature is relatively bug free, implement the next, and so on. makes the beta longer, but at least u get everything in and working very well. like Avast had the sandbox in, then later added the Behavior Blocker

 

i agree, that will indeed give the users a bug free release, Avast has takeing months of testing and fixing its became a nice product for free, and i really think comodo could do the same.

 

So, anyone tested this on different aspects? How strong are the out-of-box settings for example? Footprint? Pop-ups (from AV, D+ for example)? Effectivity against malware? Etc.


Then some other questions, like what about the issue where COMODO had signed some malware or something way back, or whatever was going on..?

Last but not least, is the AV set to automatically remove by default, or will you get pop-ups from that?



Thx guys! Maybe wanna test some again.

 

Paranoid mode in CIS 4 is a joke. I want all system processes to be untrusted with full custom rules so I deleted all pre-configured rules and deleted System Group etc but it automatically assigns system processes the permissions to do any thing( except chuild process execution) during a reboot. So there is no way to fully control system processes even with max settings and 100% custom rules, same bug was there is CIS 3 ( in CIS 3 even if u don,t put it in learning mode, it will create rules automatically during system reboot marking system processes as trusted). I guess they might have made it to avoid the situition where a user might make his system un-bootable by wrong configuration but IMO this can be avoided by allowing actions ( with out permannat rules creation) during system boot up, rather than creating permanat rules even when CIS is not in learning mode.

Another bug of CIS 3 still there -- in learning mode, even with paranoid settings, the rules made by CIS are not paranoid, rather they are simple allow rules marking applications as Trusted. I remember SSM used to create paranoid rules in such situation with complex parent child relationship.

Another design shortcoming of CIS 3 inherited by CIS 4- No clear alerts for driver install/ loading, just a registry access pop up alert.

Still more, I tried brontok worm in Sandbox and it seems to make its copies here and there, rather than in virtual Hard Disk. I may be wrong as I did not read about this sandbox yet. Where it keeps its virtual regs and files?

Pop up alerts are still not user friendly in advanced mode( more options). Too many clicks needed. Also no way for on-the-fly rules creation via pop up alerts.

From a gross look, CIS 4 seems essentially same as CIS3 with a sandbox added.

 

Would be spectacular when it would keep them in Virtual Store folder of Vista/Windows7 of both File Virtualisation and Regsitry Virtualisation

Virtual Store
File <User Name>\AppData\VirtualStore.

Registry
HKey_CURRENT_USER\Software\Classes\VirtualStore
HKEY_USERS\<User SID>_Classes\VirtualStore\Machine\Software

It is possible to change process execution running virtualised through task manager, it is also possible to run programs as Pseudo admin (virtualised) with the Vista/Windows7 compatibility kit, so this is manageable

It would be very smart of a security program to make use of the OS its capabilities.