Add sandbox feature into CIS

[Guest]

[salmonela]

   
So, I mean, this is a huge concern for the people who love Sandboxie because they want Sandboxie in the future, in fully patched Windows 64 or in Vista 64. But there just isn't - there is not a way to do it. I mean, it's just oil and water. You cannot make them cohabitate.

Eh, I guess you have never heard about margarine, emulsifier is the keyword for oil and water... 
BTW that brings another question, CIS already now uses user mode hooks in D+ for 64bits OSes, so is it CIS now strong on 64bits OSes as on 32bits where it hooks kernel or ring0?

btw. this is one of my first questions when I become registered uzer of Comodo forum, till today my question stays unanswered
https://forums.comodo.com/hips_host_intrusion_prevention_systems/please_feel_free_to_ask_any_questions_to_learn_all_about_computer_security-t4916.0.html;msg97695#msg97695

[evil_religion]

BTW that brings another question, CIS already now uses user mode hooks in D+ for 64bits OSes, so is it CIS now strong on 64bits OSes as on 32bits where it hooks kernel or ring0?

No, it's not as strong. Matousec SSTS can send window messages, set global hooks and can keylog what you write -> D+ is bypassed. I've mentioned that many many times but nothing happened, egemen didn't tell if they will improve that

Outpost is much better there (but has other weak points).

[salmonela]

No, it's not as strong. Matousec SSTS can send window messages, set global hooks and can keylog what you write -> D+ is bypassed. I've mentioned that many many times but nothing happened, egemen didn't tell if they will improve that

Outpost is much better there (but has other weak points).

I think it is matter of implementation only, if Matousec modify little his user mode unhooker it will bypass Outpost too, it is nature of user mode hooks it can be unhooked easy...
Did you tried that technique "send window messages" with another keylogger which do not unhook?

P.S. sorry I know very little about matter and my English is weak too, and I don't have 64bits capable processor 

[evil_religion]

I think it is matter of implementation only, if Matousec modify little his user mode unhooker it will bypass Outpost too, it is nature of user mode hooks it can be unhooked easy...

Would be sad if that was true
Is there no strong method to avoid ring 3 hooks getting unhooked?
Are the new APIs which came along with Vista SP1 a real alternative?

Did you tried that technique "send window messages" with another keylogger which do not unhook?

I meant the ddetest leaktest. It sends window messages to remote control other processes (with window).

[Rambaldi]

I believe it works with IE  and Firefox (not 100% sure on which versions it's supported)
There's a 30 day trial available here:

http://www.snapfiles.com/goto.php?id=111768&t=87463528&d=7112658&gourl=/get/forcefield.html

I think that more extensive sandboxing on 64bit would be difficult to say the least,not sure if these issues are eased at all in Windows 7 

It works on IE 6 and above and FF 2.0 and above. They claim it works on Win x64. I found it used a lot of ressources (on Win x86), I had to uninstall it and now am using Sandboxie.

[Rambaldi]

Eh, I guess you have never heard about margarine, emulsifier is the keyword for oil and water... 
BTW that brings another question, CIS already now uses user mode hooks in D+ for 64bits OSes, so is it CIS now strong on 64bits OSes as on 32bits where it hooks kernel or ring0?

btw. this is one of my first questions when I become registered uzer of Comodo forum, till today my question stays unanswered
https://forums.comodo.com/hips_host_intrusion_prevention_systems/please_feel_free_to_ask_any_questions_to_learn_all_about_computer_security-t4916.0.html;msg97695#msg97695

I also asked the same question and did not get any answer either (https://forums.comodo.com/feedbackcommentsannouncementsnews_cis/windows_x64_and_security-t38941.0.html;msg281478#msg281478).

Now that we have an answer thanks to evil_religion, I wonder how to ponder the situation planning ahead for the next PC purchase, given that on Win x64 we won't get the same level of secuirty from CIS as on Win x86. Of course there are some mitigating factors (Kernel Patch Protection should make some infections less probable), but it is obviously not hackproof either.

[andyman35]

It works on IE 6 and above and FF 2.0 and above. They claim it works on Win x64. I found it used a lot of ressources (on Win x86), I had to uninstall it and now am using Sandboxie.

With 32bit systems Sandboxie is pretty much in a league of its own,near perfection.

[salmonela]

With 32bit systems Sandboxie is pretty much in a league of its own,near perfection.

ok, but why we don't have statement from Comodo developers about D+ and 64bits implementation of D+, is it so hard to tell? or we should wait for Matoušec to start testing on 64bits platforms so Comodo devs. to tell us any peep about it?
I personally do not like silence in security of any kind, are all api's defended well on 64bits like are defended on 32bits...please answer

[Tags:]