Comodo sandbox - different than SBIE

Discussion in 'sandboxing & virtualization' started by Sully, Sep 8, 2011.

Thread Status:
Not open for further replies.
  1. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Because of a topic posted here, I was checking out comodo's sandbox. While I am not a fan of comodo products myself, it never hurts to re-evaluate ;)

    Here is a link that is quite interesting if you are into this sort of thing
    https://forums.comodo.com/defense-sandbox-help-cis/introduction-to-the-5x-sandbox-t61169.0.html

    I find it interesting at how comodo decide to approach sandboxing. Sandboxie has been out for so long, and really IMO the undisputed leader in sandboxing, that I am by now fairly familiar with what it will and will not do. Comodo seems to have hybridized the approach. Good or bad, who really knows, at least I don't.

    When I think of a sandbox, I think of a real world sandbox, where I build my castles and things, and when I am done, I rake it flat, no trace left. The purpose of the sandbox is to keep the sand where it belongs, in the box and out of the yard.

    Sandboxie is just what I think of. It keeps things where it belongs, and for the most part you can do anything you want within it. The only time sand escapes the box is if you allow it to by making an exception.

    Comodo though seems to use a sandbox in a large degree like I expect, but allows quite a few different "gates" to the yard. Some gates allow direct access to the real system, others only allow partial access depending on options. Also in the comodo sandbox, you cannot apparently build anything you want, as some things are either not allowed to be built, or are just not kept in the sandbox.

    Again, not really good or bad, just different. I myself have not used comodo's sandbox. It is quite tempting to, just to see how it does things. My past experience with comodo products though are that they are very pop-up happy and require a lot of hand-holding on my part to maintain. As well, for my likings they have always been very resource intensive. Of course, things do change, and that might be the case. I am deciding if I really want to put an internet suite on my machine, even if it is only for testing. Maybe if they released a stand-alone sandbox it might be more convincing.

    Anyway, nothing major here, just rambling out loud. Maybe others have infos to add or might be interested to check something out they have not yet messed with.

    Sul.
     
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    What it really "boils down to" for me is that I can sandbox Java with comodo and I can't with sandboxie =p that doesn't mean one is better than the other. I use both.

    I know in my own tests I've seen Comodo protect from java exploits.

    I don't think it can only be a matter of direct access to areas. I honestly don't think anything IN the sandbox can access anything OUT of the sanbox. I gave my Sandboxie sandbox FULL access to the entire drive and it still crashed.

    They do make it clear that the programs are different, stating that Comodo is not for installing software to a sandbox.
     
  3. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Yeah, that much is clear for sure. I have a strong desire to see how they differ. I just might check it out as I am about to switch to x64 win7 tonight anyway. We'll see.

    Sul.
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Ah, right, the new computer. That'llbe fun.

    I have tested the manual sandbox quite a lot and nothing that I personally have encountered has bypassed it. It is not as configurable at all though and the descriptions of the sandbox are vague (Partially Limited, Limited, etc all have vague descriptions.)
     
  5. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    The upcoming version 6 of CIS will have a much more "Sandboxie-like" auto sandbox,which many,including myself will welcome.
     
  6. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    They're pretty different. I mean, one of the most obvious differences being that one is free and one isn't.
     
  7. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Now now, both are free :) You just have to put up with closing out one sandbox to open another in the free version..which really gets on my nerve. I'm thinking of switching over to Returnil, since it not only doesn't restrict you, but it's got a nice anti-executable with it and AV, if you so choose to use it (and a better AV engine, imho).
     
  8. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,248
    Location:
    Chaotic Land
    Also of course Comodo's sandbox is not a separate application like sandboxie is, so you have to deal with additional features you may not want, just thought I would add that little detail since we are talking differences. :D
     
  9. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Or you can say it has all the basics, and no need to hunt down, install, and hope there are no conflicts with other programs ;) Plenty of ways to look at it.
     
  10. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Actually, Sandboxie is shareware.

    Source: http://www.sandboxie.com/index.php?FAQ_Licensing

    Also, the shareware version doesn't allow to automatically force applications to run sandboxed, besides what you mentioned already.
     
  11. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I don't think the automatic forcing is a big deal. However, I hate having to close out one thing to open another, lol.
     
  12. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Both are big issues for me.
     
  13. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    Thats the way I see it Sully and the way its been for me. I never care
    about whats inside Sandboxies:cool: sandbox, my only concerns are what
    I recover or allow by making an exception. I allow very little.

    I never used Comodos sandbox and probably never will as I am not willing
    to take a chance messing up my SBIE but I have been told by someone
    that knows both sandboxes, that Comodos sandbox can not be configured
    as good as it can be done with Sandboxie. This guy loves Comodo but
    uses Sandboxie:) instead of the Comodo sandbox.

    Bo
     
  14. Jose_Lisbon

    Jose_Lisbon Registered Member

    Joined:
    Feb 5, 2010
    Posts:
    245
    Location:
    Portugal
  15. Jose_Lisbon

    Jose_Lisbon Registered Member

    Joined:
    Feb 5, 2010
    Posts:
    245
    Location:
    Portugal
    If you consider your USB and CD/DVD drives it may be a big deal.

    Just think how Stuxnet initially spread http://en.wikipedia.org/wiki/Stuxnet
     
  16. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    In fairness Sandboxie has been going for many years and is close to perfection.Comodo's sandbox is relatively new but certainly heading in the right direction.
     
  17. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336

    Attached Files:

  18. Jose_Lisbon

    Jose_Lisbon Registered Member

    Joined:
    Feb 5, 2010
    Posts:
    245
    Location:
    Portugal
    My apologies to mOOnblOOd. I misunderstood "shareware".
    Thanks andy.
     
  19. chris1341

    chris1341 Guest

    First off I am a Sandboxie fanboy and make no excuses for it so my view of the Comodo sandbox may be tainted by the fact that, well, it just ain't Sandboxie.

    I have no real evidence to suggest one is inherantly safer than the other but the granularity of sandbox control delivered by the talented Mr Tzur takes Sandboxie onto a different level in my opinion.

    What starts sandboxed, what is allowed to spawn from that, where it can read, where it can write, whether it can access the internet and the multitude compatibility templates lift it above any offerred as add-ons to existing suites including Comodo.

    When I tried to run the Comodo version for a short while and chose 'always start sandboxed' or something similar for my browsers and checked to virtualise files/registry etc it seemed to do a reasonable job at trapping the resultant changes in the hidden 'Virtual Root' folder but I could find no way of allowing access to download locations etc. That meant and if wanted to save something I had downloaded using the browser I had to go into the virtual root and manually move it out. Might have been good for an occassional journey to the dark side but not so much for day to day stuff. Certainly anyone other than me using my computers in my households would struggle I think.

    As for the OP having followed your extremely interesting contributions to these forums I would be very interested in your view of the Comodo version but think in its current form the granularity you build in to your Sandboxie configs would be impossible to replicate in Comodo.

    Cheers
     
  20. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,067
    +1
    I agree with you sandboxie is much more configurable and better (in terms of configuration, options...) if you want to sandbox something and control everything.

    Comodo automatic sandbox is more designed to be integrated with the HIPS so the unknown programs automatically run inside.
    I don't sandbox my browser because I don't feel comfortable with it and I consider it not very useful, if you download malware or a file that you consider suspicious because of the origins you can run it anyway in a sandbox or upload it to VT via right click. For protect my browser I prefect programs like trusteer rapport able to protect against things that the sandbox doesn't.

    The conclusion could be that sandboxie is designed to be a configurable 4x4 sandbox and CIS sandbox is mostly designed to be integrated with the HIPS, whitelists... although via right click you can manually sandbox whatever you want.

    Although the manual sanboxing in CIS already does full virtualization, CIS 6 will bring a new full virtual sandbox for automatic sandboxing
     
  21. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Stuxnet is a completely different ballgame. It wouldn't have even caused harm on a home system. Also, I don't use a USB stick (yet. I'm considering getting a good sized one for backup purposes), and my DVD drive is rarely used. Not to mention you can simply right click those drives and choose "Run sandboxed". It's an extra step, yes, but not one I feel the need to pay 40 bucks to avoid.
     
  22. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    As comodo says, their sandbox is not a replacement for sandboxie. They're different.

    I wouldn't use Comodo to sandbox a browser since I can't control allowing access to downloads. But for something like Java I really don't need to allow anything - though it would be nice to add further restrictions.

    Really, Comodo's just newer. It's not quite as amazing as Sandboxie because of the customization but it has its uses.
     
  23. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Pop-ups and resources usage are both low nowadays, unless you mess with the settings. Comodo can be custom installed, although the sandbox is part of Defense+ HIPS.
     
Loading...
Thread Status:
Not open for further replies.