What is it for?A sandbox (or virtual store) designed for harm prevention has the following main purposes:
- Protecting your systems and data from damage by
- isolating any detrimental effects that files may have.
- isolating detrimental effects by unskilled users (eg children)
- Protecting your privacy by:
- Isolating detrimental files/processes so they cannot steal sensitive data from the rest of your computer
- Helping you to delete sensitive data (eg banking passwords) quickly and easily. If you have chosen to segregate all your sensitive data in a sandbox, you can delete it all in one go by deleting the sandbox.
- Making access to sensitive data stored in the sandbox difficult, and inadvertent access impossible.
The Comodo sandbox currently focuses on protecting your computer from harm more than protecting your privacy. It can help with privacy issues, but it has limitations. For example, secure deletion of the sandbox is not yet supported. Currently, data erased from the sandbox could be retrieved using an undelete utility.
It tends to assume that what is to be protected is
outside the sandbox, and what it's to be protected from is
inside. You'll see why that is significant if you consider 2 b and c above. In these cases what is to be protected from access is
inside the sandbox, and any dangers are to be kept
outside or inhibited by deletion. We pick up on this apparent conflict below when we consider how secure the sandbox is.
..So what is the Kiosk for?The Kiosk provides an alternative desktop in which you can work with the assurance of knowing that everything you do will be sandboxed unless you say otherwise. So you don't need to worry about remembering to sandbox programs. (In contrast when you use your normal Windows Desktop files are only sandboxed if you ask them to be using the main CIS interface).
The relationship between Sandboxing via the main CIS interface and Kiosk is further explored
here.