Bug By design in V4 (vulnerable by default)

Comodo v4 has a bug in the design one possible solution is disable the sandbox and the firewall rule that allows to any program to connect to internet or more easy come back to the v3.14, or use online armor or agnitum outpost.

A ‘sandboxed’ application, as untrusted, can achieve internet access without even noticing a user.

https://forums.comodo.com/feedbackcommentsannouncementsnews-cis/comodo-internet-security-40135239742-released-t52402.0.html;msg373860#msg373860

Old bugs still in v4:
https://forums.comodo.com/defense-bugs/defense-system-freez-x64-not-resolved-t36495.0.html

Problems with the firewall:
https://forums.comodo.com/feedbackcommentsannouncementsnews-cis/comodo-internet-security-40135239742-released-t52402.0.html;msg373886#msg373886

Also this final version shares all the bugs that the latest RC had (obvious because nobody from comodo was worried about the reported bugs during the RC). From the RC to the FINALv4 they only added an option for view the process inside the sanbox.

Sandbox have no deal with network at all. It is default Firewall policy. If Antivirus is installed - we allow OUTGOING traffic. Anyway even if a malware is not found by AV - it is sandboxed and can not do any harm to the system even having Internet connection.

So a malware can copy my password and personal info and send it to internet but I dont have to be worried because nothing is going to change in my computer?

Wait!!!It’s not true at all!

I think there even more vulnerabilities…

  • If I allow a program to run with elevated privileges, Defense+ and the firewall should still alert me if the program is doing something. Currently it runs without any kind of popups.
  • If I don’t allow elevated privileges for a program, it should still run sandboxed, not to be closed (it runs fine if I run it in sandbox from context menu)…

This is the part that i also fear more then the Firewall “design concept” to allow All outgoing if AV is installed.

The elevated prompt, gives not enough control over the process, if you don’t wish to elevate it it should at least have an option there to run it sandboxed at a user desired level… Or fallback to the normal Firewall/Defense+ alerts at the users liking…

+1 here.

This is extremely risky.
I really hope Comodo team will do something in this matter.

This final version should be another beta, anyway the are dozens of bugs reported the in RC that still appears in the V4.

From wilders forums:
With default settings I was able to run/install Win 7 2010 rogue antivirus. CIS gave me a prompt to block the process so I said yes. THen I got a pop-up saying CIS was going to sandbox the rogue because it was unknown, i agreed. Then I was unable to get to Task Manager. CIS got jacked.

Let me clarify this outbound network access issue:
First of all, it has not been disabled. If a use would like to see the outbound alerts for firewall, all he needs to do is to remove the “All Applications” rule.

This product is NOT intended ONLY for security concious people like yourself. It has to be used by my mom too.

So when an average user installs CIS, he will get an auto-sandboxing, default denying, silently protecting anti malware software that will prevent virtually every threat fom infecitng your machine. It is not just a random security decision. It has been designed so that 90% of the users DONT HAVE TO ANSWER these alerts. Malware do NOT just come and get your passwords. Practically, they have to infect your PC first.

If you install ONLY firewall, you will get classical COMODO Firewall with no problems. And please do not assume CIS4 is not capable of CIS3. By NOT using the new technologies in it, you can easily make CIS4 be good old CIS3 with all the popup alerts.

Elevation Alerts

We will be watching the user experience about this situation and if it causes problems, we will definetly address the issues arising.

I know all this but I think that you didnt get the point, anyway good luck if you trust in the sandbox.

The pronlem is that the sandbox can be easily by pass with any malware without know it (test it please) and also any process in the sanbox have total access to internet.
The problems is that any of the bugs reported during the RC have been fixed.

I hope that your mom dont need to deal with a real malware with Comodo V4 installed, she will probably have a default deny infection without know it, no alerts, this new silently protection infection technology is amazing ;D

How do we do that?

Disable the sandbox, AND remove the “all applications” rule in the firewall?

Or use Proactive Configuration, disable the sandbox and enable to make rules for safe applications.

Thanks :-TU

EricJH,

How come app when sandboxed arent marked in the Tiltle bars of windows? just curious.

also will there ever be a default list to always be sandbox like internet browsers ? i think it would help maybe or cause more harm.

what do you think?

I don’t think I know what you mean. Can you describe in more detail what you mean? Is there a topic with a test case I can take a look at?

also will there ever be a default list to always be sandbox like internet browsers ? i think it would help maybe or cause more harm.

what do you think?

That sounds like a good idea to me. Please make sure to post it in the Defense + wish list board; that way you will know it will be seen by the Comodo staff and people can reply to it.

And of course you can sandbox your browsers yourself; but something tells me you already figured that one out.

as an example,

sandboxie uses # to mark the sandboxed app.

so in the tiitle bar of Internet Explorer would like like this

#Microsoft Internet Explorer # all the # does is tell the user that the app is sandboxed.

I see now. Please make that a wish in the wish board that sounds another good idea.

Lol that made my day lol :smiley: God bless CIS V3!

The problem with the Global rules is more with the one that blocks all incoming connections. That prevents uTorrent from uploading to other users as well as probably causing other problems since there seems to be no way to fix it except to disable the firewall. I really don’t think V4 is any easier to use than 3.14 was and I don’t think it’s as secure either.

If you’re going to block all incoming by default in the way the Windows Firewall does there needs to be a way to create exceptions for certain apps. (Again in the way the Windows Firewall does). I do not mean creating application specific rules by hand. That would totally defeat the stated goal for CIS4 which was to enhance usability.

Have the old D+ alert for attempted connection to the internet come up and tell you that the firewall blocks this by default and asks if you wish to make an exception for this program. This is a case where an alert can enhance usability more than not having one at all.

Sound a bit like that old saying you don’t know what you got till it’s gone.