Application isolated and restricted Sandbox [M1940]

Comodo Internet Security - CIS Verified Wish Reports - CIS
1

This is an improved but different idea from:
https://forums.comodo.com/wishlist-cis/multilevel-sandbox-t107924.0.html;msg796594#msg796594
It is supposed to replace the idea.

1. What actually happened or you saw:
Most programs run directly on windows when i install the wrong program i might still have to reinstall windows.

2. What you wanted to happen or see:
Run all programms that are not windows, system driver or comodo software in a sandbox with different levels of restrictions that can be manually or automatically set so in the case something gets messed up i can just clean one of the sandboxes instead of reinstalling the system.
Programs that are safe and needet by other programs would run with a more open sandbox while unknown application would get each an more restricted sandbox.

Add an easy maintain and clean interface to the sandbox system

3. Why you think it is desirable:
It would make the os much more safe, easy to maintain and would keep the os free from virusses as long it cannot break out of the sandbox

4. Any other information:

Technical details for the implementation:

  1. Implement a way to create multiple sandboxes each with its own name and own level of restrictions.
    Possible restrictions are here:
    Access to nonsystemfiles outside of the Sandbox: Allowed readonly / writeonly / full / Disallowed / Ask on accessing.
    A little note here: The filestructure of the computer should be visible from the sandbox.
    Maybe also the files inside the sandbox should be visible for other programs outside the sandbox.
    But the access to the files themself should be restricted.
    Restricting access to files outside of the sandbox depending on the folder,
    Access to SYSTEMfiles outside of the Sandbox: Allowed readonly / Disallowed / Ask on accessing. (Programs that need write access to Systemfiles and driver must get a different way of handling)
    Access to internet Allow/deny/ask on connection
    Anythings else you come up with.

The Interface would use the same popups for ask like HIPS does now.
The interface on the settings would again be similar like that from hips.

  1. Give every new program an own Sandbox, but give the possibility to run a Program in the sandbox with an other program.
    This is needet when as example you install an expansion to a game where then registry keys are needet.

  2. Add some auto permission rules how restricted the sandbox is, lets say for Trusted programs.
    Every sandbox should also get settings for proxy server and the firewall

  3. Make the Sandboxes as compatiple as possible (as example when using stuff like starforce and other copyprotection things)

Thats it, essentially much copy paste.

Thanks Andreas

2

If there are no further questions please add a poll and move the topic to cast the votes

3

Thank you for submitting this Wish Request. I have now moved this to the WAITING AREA.

Please be sure to vote for your own wish, and for any other wishes you also support. It is also worthwhile to vote against wishes you think would be a waste of resources, as implementing those may slow down the wishes you would really like to see added.

Thanks again

4

It seems to have been burried too deep for people to find it.

5

I would like the developers to take a look at sandboxie and copy the functionality to comodo.

6

And to toolwiz timefreeze