No–I KNOW I have never had a breach. All my systems are and always have been checked by multiple scanning engines at least once a month. Nothing but harmless tracking cookies has ever been found. My nephew was into hacking for a time. He never did anything mailicious, but he was good at taking over people’s systems and then owning up and telling them how he was able to do it so they could remedy the situation. I had him try to get into mine when I was using Norton Internet Security and he was unable to get past my defenses. He claimed that the Norton firewall was the hardest one to penetrate. (this was back in 2006 or so however)
Bottom line—Sandboxing is not needed. CIS is fine as it is. If you want sandboxing, make it a standalone app for those who feel they need it. Do not bloat the fine product that CIS currently is.
I may disagree that sandboxing / virtualization (software or hardware) is useless. It is not.
It doesn’t solve all problems and has its vulnerabilities, but it’s proven to be helpful technology for many reasons.
I may just say if Comodo will not develop it itself I would be fine with that, because there are few very strong solutions around already.
But if the development is in Comodo’s plans anyway, I would be fine with that too unless that is intended to be deeply integrated, so users cannot have a choice of using whatever virtualization they prefer.
But here I would strongly disagree in terms of you cannot even compare such feature as sandboxing, which is workable solution (no matter whether one like it or not) with real-time e-mail scanning, which is proven to be harmful and data-damaging feature.
And it is correct that it is not implemented in Comodo, and it shouldn’t be.
If your nephew who in 2006 was an amatuer hacker was the problem, I’d agree with you. But, the scale of threats and the sophistication is much greater now and getting worse.
Your AV scans, even if using EVERY engine in existence are not guarantees. If you are compromised just once by a zero day O/S or program security flaw, all that scanning is toast. If you have malware on the machine, it can subvert the scanning and avoid it. Even if the scan finds something, the damage may be done. A sandbox can prevent the initial infection and lessen the damage done.
You make a good point Dch48 about CIS providing enough security.
But who says we are going to use sandbox for security We achieved great security starting from 3.5 onwards (of course this a continous process) and now our concentration is usability. Sandbox will give us an ability to make CIS even more usable and reduce popups to almost zero… wait and see
Well now, if that’s how it will work, I’d be for it so I will wait and see. If it will help to achieve the goal of being “granny friendly” while still providing enough configuration options to please the more advanced users , I’m for that. I’m just concerned with program bloat and keeping CIS light on resource usage and performance impact.
I heard the author say that the sandbox he has created CANNOT work on next gen Windows.
In Episode 175 of SecurityNow podcast: Steve Gibson paraphrasing says the author “indicates the early versions of the 64-bit XP had weak PatchGuard that Sandboxie was able to live with. And so Ronen went to the trouble of doing a 64-bit driver. He had 64-bit hooks. And there was a 64-bit Sandboxie which actually is still available from his site that runs under 64-bit XP. But then later, along came an update as one of those serialized-looking updates, and he shows you which one it is on his site. And the update strengthened XP’s 64-bit PatchGuard technology, brought it up to Vista strength, and Sandboxie would no longer work. It would immediately crash the system when it attempted to come in, and Sandboxie attempted to - when Sandboxie’s service started up, which is where it then hooked these API calls, it would immediately crash the system, which is what PatchGuard does. I mean, it’s a deliberate shutdown saying the OS has been corrupted. The only thing it can do is just refuse to go any further, and it just shuts down.”
This means Comodo would have to have a more robust virtualization to sanbox, and perhaps it is not feasible to duplicate the sleek functionality and keep Comodo’s product from becoming too big.
So, I mean, this is a huge concern for the people who love Sandboxie because they want Sandboxie in the future, in fully patched Windows 64 or in Vista 64. But there just isn’t - there is not a way to do it. I mean, it’s just oil and water. You cannot make them cohabitate.
Sandboxing is not useless and I can’t wait to see Comodo’s version. I however understand the concern that CIS may start being too much of a “single solution”. By this I mean that in order to use only one feature of CIS you have to install the whole suite. Take BoClean, you could run it with any other AV, now you must run CIS AV and have it active to get the BoClean advantage, which may conflict with other AV’s that some prefer to run.
If sandbox or Time Machine can be installed as standalone, then fantastic but if these become integral part of the suite and require other components to run, then it could be a concern. As per the bandwidth overheads to download the full suite and only use 1 feature, I can live with it.
This shows that working with unsupported functions is dangerous as OS provider has not promised to keep the functionality compatible between releases. So if you use undocumented functions that is not supported by the OS provider you are running the danger of OS provider changing the game at every update and disabling the product.
Melih knows this problem well since the firewall programmers faced it when Windows came along with new treatment of the boot sector and many products were suddenly not able to hook in and protect the user since Windows was preventing such activity I think in the name of making rootkit malware technology more difficult.
Its very important to work with OS providers. Afterall what you are creating as a security product is tightly integrated with the OS. This is why www.ccssforum.org exists. To get all the desktop security vendors, OS providers, browser providers to work together. Only thru working together can we achieve better security.