an alternative to sandboxing

what if instead of sandboxing, comodo could install a secure user account. The purpose of said user account the same as virtual desktop as I have noticed, comodo tries to prevent everything from windows update to installing device drivers as you plug them in.this creates a problem from the user experience end and not the security. If comodo were to have its own user account, it could run a windows account with the same security potential as the virtual desktop butinstead of doubling or tripling the processing power required by running the virtualizing process on top of the windows desktop, instead, the main user account would be the base of the comodo user account (like the current virtual desktop), but the virtual desktop would be run as the desktop of the comodo user account instead of the windows desktop and would be controlled from the main user account should the user need to log into that account to change anything. I am not sure if this is possible, but just by comodo with nothing else open right now, it already makes typing difficult because I can not see what I am typing due to the large amount of resources comodo requires, even though I easily have double what the program is supposed to require. The issue to adddress for another user account would probably be accessibility to the operating system, like virtual desktop minimizes access to, but if comodo were preventing without interfering as claimed, this would be a large boost toits user base while providing the same functions as the current security

I would appreciate feedback on the idea

alternatively, instead of the complications above, comodo could offer to sandbox applications it doesn’t recognize but ultimately put the user in charge of what applications executed or etc are sandboxed. being unable to use mouse, keyboard, webcam, etc because comodo sandboxed an important part of the operating system (or at least that’s what I can only hope happened since it was a clean install) makes security pointless when the user can not “use” their computer

The way CIS currently protects the user outside the sandbox is by running the unknown apps under certain restrictions. The level of the restriction is currently up to the user. Partially Limited is default, but Untrusted or Restricted will prevent them from performing most actions. Thus, to me I don’t see how this would be significantly different than your first suggestion. What are your thoughts on this?

As for the second idea, this wish, if fulfilled, may go a long way towards helping with that. Would you agree?


PM sent.

As there has been no response as of yet, I will move this Wish Request to Resolved.

securityenthusiast, if you believe that this wish is unique, and is not a combination of previously submitted ones, please respond to this topic and let me know. We can continue this conversation then.

Thank you.

Using Strip My Rights is an alternative but partially

it limit rights to user level but only for exe file, not for dlls or ax files etc
and for XP but I don’t know for the Vista and all that stuff