Comodo's CIS6 - Opinions?

Discussion in 'other firewalls' started by Smiggy, Jan 30, 2013.

Thread Status:
Not open for further replies.
  1. Smiggy

    Smiggy Registered Member

    Joined:
    May 2, 2007
    Posts:
    209
    Location:
    The Angel Isle
    Just wanna gauge the feeling out there on this?
    I was quite taken with it during Beta but I've tried it on 3 of my PC's since it became an official release and none work 100%.

    Is this a case of you get what you pay for? Pay peanuts, get monkeys?
    Quite disappointed as 5 was great but was sold on the virtual kiosk option as used SandboxIE quite a bit.

    Beta worked great, what's happened??
    o_O
     
  2. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,871
    ive used CIS on and off for a few years and not had any problems with it.always installed and ran jsut fine.
    Ive got an image of the latest version and i quite like it.
    Opinions may vary.
     
  3. DrBenGolfing

    DrBenGolfing Registered Member

    Joined:
    Nov 29, 2012
    Posts:
    251
    Location:
    Hometown of Van Cliburn
    MalwareDoctor did a review of Comodo's virtual kiosk protection and it blocked all but one sample - that was with the av and firewall turned off. Everything seemed to run fine on all the reviews I've seen on Comodo. Run it with HIPS off/BB and kiosk on would be my choice.
     
  4. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    You might want to try the latest update which contains many bug fixes.

    In my opinion with version 6 CIS has come of age.There's been a lot of different technologies integrated over the last few versions,which have worked to varying degrees.Now they appear to be maturing nicely and I expect continued refinement over the coming months.
     
  5. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,871
    Unfortunately it appears the problem with avast web shield has not been fixed yet.Not for windows 7 users anyway.
     
  6. DIgiDis

    DIgiDis Registered Member

    Joined:
    Oct 15, 2006
    Posts:
    49
    I started using Comodo at CIS 5 and now am am CIS 6. No complaints and the automatic sandboxing of a browser is working fine. The Virtual Kiosk works fine. I actually upgraded from Win 7 to Win 8 a few weeks ago and haven't yet installed Sandboxie as CIS is doing everything I need.
     
  7. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,695
    Location:
    Zagreb, Croatia
    You don't need Sandboxie with CIS 6. That would be an overkill...
    ;)
     
  8. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,871
    I would disagree.I used both and sandboxie is time tested and solid plus its far more configurable.
    Comodo sandbox is new and not tested thoroughly yet.
     
  9. DrHaze

    DrHaze Registered Member

    Joined:
    Jan 16, 2013
    Posts:
    2
    Location:
    United States
    Cis 6 seemed ok. Until i ran their own "CLT"
    the mods say the leak tester needs to be updated for cis 6.i scored a 190/340 on it's own test with proactive on, behavior blocker set to untrusted and hips off.
    I did see however someone who was running windows 7 x64 and got a perfect score. i need to try his settings with Win 8 x64.
     
    Last edited: Feb 1, 2013
  10. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,871
    Sandbox needs to be turned off and the HIPS on for that test.It wasnt designed to test the sandbox.
     
  11. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    1,913
    I have the latest CIS 6 on 5 PCs of different hardware, OSes. No problems.

    I thought Virtual Kiosk will be something cool. It's something like a GUI for sandbox.

    I find it's rather convenient to use CIS 6 to automatically sandbox all browsers and some web apps. Though it's not as convenient as Sandboxie, it has only manual "Reset Sandbox".
     
  12. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Read this and you will understand better (especially Guest10's post):

    http://www.sandboxie.com/phpbb/viewtopic.php?p=68121&sid=a07abf62d83f2dbeaa5cf62611ed52e0

    You see, sandboxes are great for usability. But nothing beats a classical HIPS. The leak tests didn't become "defective" overnight. Simply, just like in Sandboxie, some things don't need much to run. They won't infect, but they may successfully phone home while sandboxed for example, after catching some info from your system. No permanent damage, but there still may be a damage for the time you let it run.

    It's the same thing with Shadow Defender. No popus. No infection either. However, if you run a malware during a session, the malware MAY manage to steal something.

    Classical HIPS gets 100% success, because unlike policy or virtualization sandboxes, NOTHING is allowed, not even with minimal priviledges, if you haven't allowed it. With HIPS disabled, make sure you are very careful of what you let out of the firewall and modifications of already allowed proggies in the firewall.

    Sorry, you can't have it all in this world.
     
    Last edited: Feb 5, 2013
  13. Smiggy

    Smiggy Registered Member

    Joined:
    May 2, 2007
    Posts:
    209
    Location:
    The Angel Isle
    UPDATE:

    I finally managed to get everything working by purging registry, 3 times!
    Downloaded new version and installed.

    Virtual Kiosk works but takes nearly 5 mins to open, brilliant?!:cautious:

    With regards to VirtualBox, I normally run a MicroXP session in virtualbox when browsing, only 200MB install and 20MB RAM usage so lightning fast.
    I dont run CIS6 in VB.

    I used to have the VB session sandboxed in SandboxIE for added security but decided to strip it off and have a go with CIS6.
    Time to draw the line in the sand and move on methinks!

    I like the concept of CIS6 but not the practice, was same on wife's PC too, both running Windows 7 Ultimate (32bit).

    Playing with Avast Pro's sandbox at moment but will probably wind up going back to SandboxIE/VB MicroXP with either Panda Cloud or BitDefender free.
     
  14. popcorn

    popcorn Registered Member

    Joined:
    Apr 3, 2012
    Posts:
    239
    The issue of keyloggers has been discussed recently on Comodos forum https://forums.comodo.com/news-announcements-feedback-cis/getting-key-logged-with-a-sandboxed-keylogging-testerand-in-virtual-kiosk-t91321.0.html
    CIS's firewall will alert when a logger attempts to phone home whether it has been detected or not - so long as FW alerts are turned on :thumb:
    It may not be a perfect solution but it keeps your data from been transmitted and a savvy user can "follow" the alert back and hopefully deal with it then (if not actively detected)
     
  15. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Yes, that's why i said that one must be very careful about firewall alerts. It will be his only and last line of defence. I posted that link though, because it explains what each test does. I don't know in which tests CIS fails, but if one reads what they do, they may understand better the risks. Because, as you can imagine,IF CIS for example fails in a test where the malware uses an already allowed process in the firewall (because you don't have a contract with malware writers stating they will always use the "iammalware.exe" to phone out and not iexplore.exe, do you), then the firewall won't help you. Take it as a concept if you like. Kiosk has full virtualization, right? Then probably kiosk is more at risk than the policy sandbox.

    Again, i haven't ran CIS 6. But some of the "fails", if put together, could, possibly represent a problem. For example, let's say it fails DDE. What will stop it from logging and using IE to send out the data, if you have already allowed IE in the firewall? Just an example, i don't know if it fails DDE. Just saying, that without the classical HIPS, you take a little risk and one must be aware of that. Sandboxes allow a few low priviledged operations to happen. The fact that you don't have at hand the POC that will try to exploit them all, doesn't mean it can't happen ever. Also, the techniques in the clt test, doesn't mean they are the only ones that a man can conceive...

    Of course, it may be that all "fails" are related to techniques that couldn't possibly go past the firewall. I don't know. I just know that with the classical HIPS on, the problem doesn't exist.
     
  16. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe

    Defense+ in Paranoid Mode and Sandbox disabled = classical HIPS, isn't ?
     
  17. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Of course. Even without paranoid, at least in 5.10, if you check all options (equal to proactive) and set it to "clean PC" mode, which is very easy on pop ups, you get 340/340 in Comodo Leak Tests. Add to protected folders any valuable folders you have that you don't want anything to be able to access and you 're heavily fortified. The sandbox IMHO is great for usability and it's a very low risk route, but not perfectly safe. It's very good against exploits from the internet, but not so great for things you want to execute locally yourself and you THINK it's legit. For example, you download a "nodvd crack" for a game. In reality it's malware. You execute in the sandbox, it doesn't do anything (sandbox is restricting it). You think "i will allow it normally,darn sandbox is impeding the crack to work correctly". You 're infected. With classical HIPS, you have more chance in detecting it's malicious if you execute it step by step. And in general, nothing can run, no matter how low priviledges it asks for, if you don't permit it yourself. It's more annoying, it requires more knowledge and some logical thinking ("why would the crack for the game want to inject iexplore.exe?Hmmm! It's not a crack!"), but it has its advantages too.
     
    Last edited: Feb 6, 2013
  18. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe

    Ya, the golden rule is always: " deny all and allow by exception ". :)
     
  19. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Exactly. "Being suspicious is good!" ;)
     
  20. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe

    And being paranoid is funny. ;)
     
  21. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i really want to try the firewall with the paranoid mode as i try the antivirus with D+ with paranoid mode and it slow me down a bit
     
Loading...
Thread Status:
Not open for further replies.