About the privacy and the sandbox levels

I simulated “a user’s PC is controlled by a hacker”.

If the user sets the sandbox level as “partially limited” or “fully virtualized”,
the hacker will have ability to see any file in the user’s PC.

If the user sets the sandbox level as “limited” or higher levels,
the hacker will not have ability to see any file in the user’s PC.

logs:

2013-03-29 17:16:59 C:\WINDOWS\explorer.exe Create Process, Block File C:\Documents and Settings\All Users\Application Data\Shared Space\REMOTE\Sx_server.exe

2013-03-29 17:17:00 C:\Documents and Settings\All Users\Application Data\Shared Space\REMOTE\Sx_server.exe Sandboxed As Limited

2013-03-29 17:17:01 C:\program files\internet explorer\IEXPLORE.EXE Sandboxed As Limited

2013-03-29 17:17:15 C:\Program Files\Internet Explorer\iexplore.exe Direct Disk Access D:\

Good one! Thanks for the test! ;D :-TU

I’m glad I followed Chiron’s advice and set mine to untrusted - I did want to use fully virtualised

fully virtualized by default should isolate the real system and this version of CIS 6 does not happen, allows from simple to advanced software keyloggers to capture or modify files in real real system :frowning:

Wait, if it’s set to Fully Virtualized how would the hacker get control of the system anyway. Shouldn’t any file they install be installed in the FV sandbox, and therefore not allow them to do anything other than see?

Is there a significant vulnerability here?

Well as you read in the title it is “About the privacy” so no there isn’t any risk for your system however it’s a big one for your privacy. It doesn’t matter to me since I encrypt my files and have my webcam unplugged etc but not all users do that and then suddenly that sextape is on redtube because you didn’t answer to the blackmail the hacker made.

So if you have it set to FV can a hacker actually copy files from your computer and transfer them to their own? Shouldn’t this trigger a firewall alert for the user?

You mean unless the hacker piggybacks from the browser? I would imagine that it would be blocked if it tried to directly connect to the computer, not sure though. But then again, shouldn’t the firewall alert the connection from the hacker to begin with? Before he even sees the files?
I know that at least you are able to upload files contained on the real system from a browser sandboxed as Fully Virtualized. So if I use for example Opera as fully virtualized, I can still upload my family photos etc without any problems at all. I know that I thought this was a security risk when I tried it out but I figured it was by design, I don’t have BB on so I would just get loads of HIPS alerts.

some vulnerabilities that exist in all of the CIS modules protective measures 6 that allows attackers to quaquer thing.

https://forums.comodo.com/leak-testingattacksvulnerability-research/comodo-internet-security-bypassing-security-t93217.0.html
https://forums.comodo.com/news-announcements-feedback-cis/comodo-internet-security-6-fail-t92863.0.html

For the sandbox level, fully virtualized, the malware (remotely controlled by a hacker) can READ every files.

And, the “Blocked Files” will not work in this level if the HIPS is enabled.

So if you have it set to FV can a hacker actually copy files from your computer and transfer them to their own? Shouldn't this trigger a firewall alert for the user?

1.Yes (The reason is at the red line.)

  1. There is a problem for the firewall.

The user can not recognize “download files” and “send datas” by reading a firewall alert window.

a256886572008,
You are doing a great service for the Comodo user, and the developers, by showing them all these vulnerabilities that you find. I follow all your posts with great interest.

Keep up your great work (which I’m sure you’ll do…;)).

Later…

Bob

It’s really worrying that there are such vulnerbilities in the software we should trust, especially when people do online banking etc.,

Would this also apply to the virtual kiosk, or just the sandbox?

Virtual Kiosk = Fully Virtualized

You are totally safe. What we are talking here about is rare possibilities also you are safer with Comodo compared to any other product.

Don’t know if this is related but I always surfed with opera sandboxed by cis. I don’t now because my email account was tampered with although it could be that their password data base was hacked?

Thanks for the info - seany007

You are welcome Tony ;D :-TU Any Q’s send me PM :slight_smile:

Why am I safer using Comodo than other products - Kaspersky, Bitdefender have safe pay/transaction areas, or secure browsers???

Ignor the above I was looking at the wrong messages