I have been reading up a bit on how CIS works in terms of its Sandbox and can see that Sandboxed applications are not refrained from reading any file outside of the sandbox. As I see it, this poses a significant privacy risk.
The Comodo Sandbox protects against persistent threats that attempt to embed themselves within the OS by traditional means, but does not seem to prevent against one-off runs, such as via a browser exploit, Trojan in a safe looking application or file etc, or runs on each startup if the user has not unchecked the ‘Enable automatic startup for services installed in the container’ checkbox.
Therefore currently it would appear that malicious code is able to run inside the Comodo Sandbox, read sensitive files in the user directory and then furthermore connect to the internet in order to send this data out to a 3rd party.
**Workarounds such as Blocking files that would otherwise be Sandboxed would greatly reduce the usability that the Sandbox is attempting to provide. Furthermore asking the user to allow each individual process is not a useable option either as the majority of users will not know if a particular process can be trusted or not. Therefore something else needs to be implemented so that the software remains easy to use, unobtrusive whilst providing a good level of protection.
In order to better mitigate malicious process in the sandbox from reading and sending sensitive user data I suggest the following features are added into CIS (Including all other products with the Sandbox built into it e.g. Firewall, Anti-Malware):
Method:
Add a ‘Private User Directories’ group into the default ‘File Groups’ list.
(This will contain a list of all folders considered private by default on the user’s system and ones that are not normally required by an application to run).
Add a ‘Custom Restriction Levels’ option to add and customise what Restrictions levels do.
2.1) Add the option within ‘Custom Restriction Levels’ to prevent the processes from reading data from certain ‘File Groups’.
(If a process would like access, display a popup in order to ask the user if they would like it to access their [File Groups Name Here]. As this will be set by default to ‘Private User Directories’ (File Groups), the user should know if an application should need access to their personal files and furthermore should not popup too many times as this is hardly ever needed for an application to simply run.
2.2) Add the option within ‘Custom Restriction Levels’ to prevent the processes from accessing the internet.
2.3 [If Firewall is part of Security product]) Add a the option to include ‘Custom Restriction Levels’ in the ‘Firewall Global Rules’ to keep the settings consistent.
3.4 [If Firewall is part of Security product]) When a ‘Custom Restriction Level’ is set to block access to the internet, also add this into the ‘Firewall Global Rules’ automatically. If removed do the reverse.
By default set: All Sandboxed processes to use a ‘Custom Restriction Level’ that prevents them from reading any data from the ‘Private User Directories’ (File Group) and Connecting to the Internet.
Protected Data folders does just that to block read access from contained applications. The firewall will always alert when any contained application trusted or otherwise, tries to make an outgoing connection unless a firewall application is set to allow the request for the application making the request. Despite what the help doc says, services installed in containment will only start again the next time the containment service is started assuming you haven’t reset the containment. So if you restart the computer without ever using the reset containment task and an application is contained by auto-containment or you manual run an application in containment, then whatever service was installed in the container will also start inside the container.
The above was based largely upon this forum post by mouse1 on February 10, 2013 Comodo Forum for CIS6 and as I can see from what you have said, it is at least somewhat outdated now.
Few questions then:
Is there any detailed documentation for CIS 10/11 that explains on a more technical level (like what mouse1 had written) how the Sandbox currently works and what the current vulnerabilities in it are (even if the technical information on how to bypass it is omitted)?
Is there any documentation I can read about the 4 restriction levels to understand in detail what each one does?
Untrusted
Restricted
Limited
Partially Limited
Are Sandboxed processes able to read the memory of none-sandboxed processes?
Has there been any further advancements regarding preventing Sandboxed Processes from Screen Capturing, Key Logging, Listening to the Microphone and Keyboard Logging from CI6? If so, are there any knows vulnerabilities regarding these?
P.s. Reading up on how CIS functions is proving to be extremely interesting to me!
Also, is it possible within a File Group to exclude certain child directory, within a parent directory?
For example:
Say I want to have my ‘AppData’ (\Users\Bob\AppData) directory protected under the ‘Protected Data’ option, but within this directory I would like my ‘.minecraft’ (\Users\Bob\AppData\Roaming.minecraft) sub-directory unprotected. Is there a way to easily do this without manually adding every single other directory?
1) Is there any detailed documentation for CIS 10/11 that explains on a more technical level (like what mouse1 had written) how the Sandbox currently works and what the current vulnerabilities in it are (even if the technical information on how to bypass it is omitted)?
No but most of what is said of older CIS versions is still somewhat relevant to current versions.
2) Is there any documentation I can read about the 4 restriction levels to understand in detail what each one does?
- Untrusted
- Restricted
- Limited
- Partially Limited
Other than what is mentioned [url=https://help.comodo.com/topic-72-1-766-9170-Auto-Containment-Rules.html#as_step3_options]here[/url] no as I am aware of.
3) Are Sandboxed processes able to read the memory of none-sandboxed processes?
No they can't access non-contained processes in any way.
4) Has there been any further advancements regarding preventing Sandboxed Processes from Screen Capturing, Key Logging, Listening to the Microphone and Keyboard Logging from CI6? If so, are there any knows vulnerabilities regarding these?
I believe only foreground applications can access the screen directly for screen capture, all forms of keylogging should be prevented unless anyone can provide a key logger that can still log keystrokes while being in containment. Blocking sound recording can be done by blocking access to the Audiosrv COM interface via HIPS rules.
Say I want to have my 'AppData' (\Users\Bob\AppData\) directory protected under the 'Protected Data' option, but within this directory I would like my '.minecraft' (\Users\Bob\AppData\Roaming\.minecraft) sub-directory unprotected. Is there a way to easily do this without manually adding every single other directory?
Nope you are going to need to add each folder independently to exclude the one sub folder you don't want added.
Thank you kindly for your response to those questions futuretech.
I appreciate that very much!
Please feel free to move this post to the ‘Added/Rejected Wishes - CIS’ section as I believe most of what I was requesting has already been addressed enough.