The COMODO Sandbox - does it protect against keyloggers?

Discussion in 'sandboxing & virtualization' started by raven211, Apr 18, 2010.

Thread Status:
Not open for further replies.
  1. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    This is probably the biggest issue with respected virtualization software; they can handle all types of malicious activity except for a single one; keylogging. SandboxIE is supposed to have this problem, reading the creator's own FAQ.


    Now I'm asking about another Sandbox; COMODO. Does COMODO have the same problem?
     
  2. burebista

    burebista Registered Member

    Joined:
    Mar 4, 2010
    Posts:
    208
    Location:
    Romania
    Spyshelter keylogger test

    spyshelter_first.png

    If I block D+ alert i get this

    spyshelter_fail.png

    If I allow D+ alert keylogger is successful

    spyshelter_OK.png

    Zemana keylogger test

    zemana_first.png

    If I allow or block D+ alert I get this

    zemana_fail.png
     
  3. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Sounds good. What about disabled D+ with pure Sandboxing approach? I've seen "D+" still alerts when supposedly disabled, so that would be interesting. Otherwise I'll re-enable D+ again. :) Thank you
     
  4. burebista

    burebista Registered Member

    Joined:
    Mar 4, 2010
    Posts:
    208
    Location:
    Romania
    OK, D+ disabled. Zemana fails in sandbox and Spyshelter is successful. No popup from D+ after I disable it.

    Ah and my CIS config is Proactive security with Firewall and D+ in Safe Mode, Sandbox enabled.
     
  5. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    FW disabled and D+ in IS (default) mode then? :D
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,053

    Understand it is not the intent of a sandbox to detect keylogging behavior, it's intent is to isolate it from the system. So if a keylogger downloaded from a site, and it needed to install a driver, that should be blocked.

    But if one is installed on your system, a sandbox won't help at all.

    Pete
     
  7. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    No no, I was referring to the highest (Proactive) preset and what difference it would be to run it at its default. That's what I wanna run, hence I'd like to know his results on those settings, if he has time and will to do it still.
     
  8. burebista

    burebista Registered Member

    Joined:
    Mar 4, 2010
    Posts:
    208
    Location:
    Romania
    I'll do that today when I'm at home.
    So FW disabled and D+ in IS? Oki-doki. :)
     
  9. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Thanks a lot man, appreciate it. :D D+ in IS is correct - that's the default, middle preset. :)
     
  10. burebista

    burebista Registered Member

    Joined:
    Mar 4, 2010
    Posts:
    208
    Location:
    Romania
    Same behavior like above. Zemana blocked on both Allow/Block from D+ and Spyshelter successful on Allow and fail on Block alert from D+.
     
Loading...
Thread Status:
Not open for further replies.