Comodo's "Sandbox"...

Discussion in 'other anti-malware software' started by firzen771, Sep 21, 2010.

Thread Status:
Not open for further replies.
  1. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
  2. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Nice read :D
    Never had a clue that those were 2 different things xD
    I mean that, if you sandbox manually it does work like a sandbox but the auto one isn't really a sandbox :rolleyes:
     
  3. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    They should reword it since it seems to be a bit misleading.
     
  4. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Originally the term sandbox was used for
    In that context LUA is also a Sandbox (for instance Microsoft calls protected mode of Internet Explorer also a sandbox, Chrome's internal sandbox is in fact a total isolation containment based on policy restrictions, so it is closer to DefenseWall than SandboxIE).

    The succes of Sandboxie (shows great brand strength) is that the 'disposable scratch area" was introduced so no harm could be done when playing in the sandbox.

    Wikipedia now uses the more narrow terminology based on the product which has set the mark for sandboxes: Sandboxie

    I guess every other company should take their loss: Microsoft, Comodo, Google should drop the old broad interpretation , because general public uses new more narrowly defined interpretation.

    Guess it is hard to admit that a one man band puts in more brand weight than multi million dollar turnover firms. :D
     
  5. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    well wen i think of just the real world sandbox, i think of a self contained area that is seperated from its surrounding (just as a literal sandbox in real life is) so in the computer form i consider a sandbox to work in that same way, a completely isolated and self contained area sepperated from its surroundings (the system) where things are to be held and not spill out (as the purpose of a sandbox in real life is, u dont want sand everywhere around it) :D

    with just a decrease in permission, thats like just have a kid play in a pile of sand with no isolation from its surrounding and asking him to not make a mess outside of that pile. (as in not really a sandbox)

    i think that type of a definition for a sandbox would be the most accurate one and in fact i believe microsoft and chrome mis-represent the function of their protection mechanisms since by definition, its not "sandboxing" anything
     
  6. dlimanov

    dlimanov Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    204
  7. Einsturzende

    Einsturzende Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    390
    Location:
    neubauten
    Comodo "auto sandbox" is "policy HIPS" where unknown are restricted and its technique can be compared with defense wall or even geswall,
    you can add resources by placing sign "|" at the end of folder or file you want to be autoprotected additionally... very simple
    %APPDATA%\*|, %PROGRAMFILES%\*|, %USERPROFILE%\*| are by default not protected, so there are room for those "malicious" traces everybody complain in youtube review videos... also regkeys e.g. *\software\* are also not protected by def., behavior techniques are covered enough by default IMO, but it can also be strengthened further

    Yeah, MRG bypassed early beta... why they dont try it with final version?
     
    Last edited: Sep 21, 2010
  8. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    This is the problem I've been complaining about for a while. Nice to see it being acknowledged and clarified.


    Einsturzende, where do you add those resources? Are you referring to Comodo? AFAIK, the auto-sandbox feature is essentially like the Run Safer feature of Online Armor, with more granularity. There doesn't appear to be any actual sandboxing, unlike policy HIPS like GESWall.
     
  9. Einsturzende

    Einsturzende Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    390
    Location:
    neubauten
    in "My protected files and folders" (something like that) and then groups, create one group with those entries and then add it to "My protected files and folders", yes Im talking about CIS :) , and dont forget "|" at the end

    some of beh. in geswall are blocked and some are virtualized so I said "even" in my previous post, also run safer of OA restrict only with LUA-like restriction set, i guess...
     
    Last edited: Sep 22, 2010
  10. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    When I tried Comodo Firewall I disabled the sandbox.
     
  11. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Why would you disable to sandbox? I'm not judging, just wondering why. The auto sandbox is one of the features that keep objects from getting too far into your system.
     
  12. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    some people (like me) dont want all the extra features and in my case, im just looking for a firewall
     
  13. jlo

    jlo Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    475
    Location:
    UK
    Quick question. I get what happens if it autosandbox but if it promt that file is not got a digi signiture and offers to be sandboxed then is that full virtulisation sandbox?

    Cheers

    jlo31
     
  14. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,085
  15. jlo

    jlo Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    475
    Location:
    UK
    Ok thanks.
     
  16. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    IIRC, the early incarnations of the sandbox used to virtualize all apps that were automatically sandboxed. This used to create problems with certain startup programs that would be sandboxed before you could configure Comodo after the first reboot.
     
  17. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    and in comodo fashion, just take the easy way out, who actually fixes bugs anyways... /sarcasm lol
     
  18. dlimanov

    dlimanov Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    204
    Either I'm not doing something right, but in default "out of the box" configuration with everything enabled and up to date, a sandboxed virus was able to modify Windows firewall (add itself as exception) and started listening for incoming connections on my test VM.
     
  19. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    Do you have auto-"sandboxed" programs set to run with partially limited rights? (Execution Control Settings tab). I'm not sure if firewall rule keys are protected (they should be, but if you're using comodo it probably doesn't matter) but partially limited apps might allow that to happen. You might want to set it to Limited or manually sandbox all questionable programs instead.
     
  20. Newby

    Newby Registered Member

    Joined:
    Jan 12, 2007
    Posts:
    153
    Maybe Tzuk should challenge Melih :argh:
     
  21. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    that would be funny, but an unfair challenge since the auto sandbox isnt even a sandbox :p
     
Loading...
Thread Status:
Not open for further replies.