I may disagree that sandboxing / virtualization (software or hardware) is useless. It is not.
It doesn’t solve all problems and has its vulnerabilities, but it’s proven to be helpful technology for many reasons.
I may just say if Comodo will not develop it itself I would be fine with that, because there are few very strong solutions around already.
But if the development is in Comodo’s plans anyway, I would be fine with that too unless that is intended to be deeply integrated, so users cannot have a choice of using whatever virtualization they prefer.
But here I would strongly disagree in terms of you cannot even compare such feature as sandboxing, which is workable solution (no matter whether one like it or not) with real-time e-mail scanning, which is proven to be harmful and data-damaging feature.
And it is correct that it is not implemented in Comodo, and it shouldn’t be.
If your nephew who in 2006 was an amatuer hacker was the problem, I’d agree with you. But, the scale of threats and the sophistication is much greater now and getting worse.
Your AV scans, even if using EVERY engine in existence are not guarantees. If you are compromised just once by a zero day O/S or program security flaw, all that scanning is toast. If you have malware on the machine, it can subvert the scanning and avoid it. Even if the scan finds something, the damage may be done. A sandbox can prevent the initial infection and lessen the damage done.
You make a good point Dch48 about CIS providing enough security.
But who says we are going to use sandbox for security We achieved great security starting from 3.5 onwards (of course this a continous process) and now our concentration is usability. Sandbox will give us an ability to make CIS even more usable and reduce popups to almost zero… wait and see
Well now, if that’s how it will work, I’d be for it so I will wait and see. If it will help to achieve the goal of being “granny friendly” while still providing enough configuration options to please the more advanced users , I’m for that. I’m just concerned with program bloat and keeping CIS light on resource usage and performance impact.
While sandboxing and vms are certainly useful (anyone testing untrusted sw without them is a fool), I’d rather stick with my current apps and not see comodo become bloatware.
I heard the author say that the sandbox he has created CANNOT work on next gen Windows.
In Episode 175 of SecurityNow podcast: Steve Gibson paraphrasing says the author “indicates the early versions of the 64-bit XP had weak PatchGuard that Sandboxie was able to live with. And so Ronen went to the trouble of doing a 64-bit driver. He had 64-bit hooks. And there was a 64-bit Sandboxie which actually is still available from his site that runs under 64-bit XP. But then later, along came an update as one of those serialized-looking updates, and he shows you which one it is on his site. And the update strengthened XP’s 64-bit PatchGuard technology, brought it up to Vista strength, and Sandboxie would no longer work. It would immediately crash the system when it attempted to come in, and Sandboxie attempted to - when Sandboxie’s service started up, which is where it then hooked these API calls, it would immediately crash the system, which is what PatchGuard does. I mean, it’s a deliberate shutdown saying the OS has been corrupted. The only thing it can do is just refuse to go any further, and it just shuts down.”
This means Comodo would have to have a more robust virtualization to sanbox, and perhaps it is not feasible to duplicate the sleek functionality and keep Comodo’s product from becoming too big.
So, I mean, this is a huge concern for the people who love Sandboxie because they want Sandboxie in the future, in fully patched Windows 64 or in Vista 64. But there just isn’t - there is not a way to do it. I mean, it’s just oil and water. You cannot make them cohabitate.
Sandboxing is not useless and I can’t wait to see Comodo’s version. I however understand the concern that CIS may start being too much of a “single solution”. By this I mean that in order to use only one feature of CIS you have to install the whole suite. Take BoClean, you could run it with any other AV, now you must run CIS AV and have it active to get the BoClean advantage, which may conflict with other AV’s that some prefer to run.
If sandbox or Time Machine can be installed as standalone, then fantastic but if these become integral part of the suite and require other components to run, then it could be a concern. As per the bandwidth overheads to download the full suite and only use 1 feature, I can live with it.
This shows that working with unsupported functions is dangerous as OS provider has not promised to keep the functionality compatible between releases. So if you use undocumented functions that is not supported by the OS provider you are running the danger of OS provider changing the game at every update and disabling the product.
Melih knows this problem well since the firewall programmers faced it when Windows came along with new treatment of the boot sector and many products were suddenly not able to hook in and protect the user since Windows was preventing such activity I think in the name of making rootkit malware technology more difficult.
Its very important to work with OS providers. Afterall what you are creating as a security product is tightly integrated with the OS. This is why www.ccssforum.org exists. To get all the desktop security vendors, OS providers, browser providers to work together. Only thru working together can we achieve better security.
actually why windows has such strong hold in the market, although there are other OS providers, is because of all the applications built on windows. It is those applications that make windows interesting… afterall a consumer doesn’t care which OS as OS has no direct value to an end user. Its the applications that run on the OS is the key. So MS do try, from my experience, to accomodate software vendors and compatibility is important to them. The more apps on windows the better for them. But you are right also when you say vendors should write compatible software.
MS should have only a few goals, they should make a stable and hole free OS and make it easy to develop software for it while also making sure that the software does not compromise system stability and security.
Yes, Microsoft’s focus should be on security and stability. They do try to maintain compatibility with software but if a necessary patch to the OS breaks some other vendor’s application, then so be it.
actually the only way i know to get a sandbox into vista 64 is using VMware, that’s very big app to get a sandbox.
u need to install VMware that is very big, then install an OS (like xp 32bit) that takes lot of space but it works fine, except it takes sometimes to launch the virtual OS but i dont know other way to run something that will not corrupt vista 64 but only the virtual one, and u just need to take a snapshot before u launch any app to get back to clean virtual OS before u launched some bad application.
hope there will be a way to run a smaller sandbox on vista 64.
I checked ForceField, i see it’s virtual browsing only, would be nice if it was able to run files like sandboxie but working for vista 64.
it’s not free too : 29.95 US$
maybe i’m going to try it, does it work with any browser ?
We achieved great security starting from 3.5 onwards (of course this a continous process) and now our concentration is usability. Sandbox will give us an ability to make CIS even more usable and reduce popups to almost zero… wait and see 