CIS 5 failed to detect probable malware, while other antivirus detected it.

The problem is that people identify sandboxing as defined by Sandboxie. It is like saying Volvo defines what an automotive vehicle is and should do… 88)

You can not blame the people for that and you can not change it xD

I think comodo should change to name from sandbox to jail, that is actually much more closely related to how it works in comodo.

and a bit scary,but a good idea though :smiley:

Thanks Melih I’ll watch the video. In previous ver 4 I always disabled sandbox having no clue what it actually does and doesn’t do and thought it was going to be less secure with it enabled. In ver 5 I’m giving it a try but been confused by it.

Eric said the automatic sandboxing doesn’t virtualize system and registry but most if not all sandboxing are done by automatic sandboxing.

Does it mean automatic sandboxing is less secure than manual sandboxing? what’s the benefit from protection already given by windows UAC?

The help file didn’t provide information that automatic sandboxing doesn’t virtualize anything and the consequences of that so I think it is kind of misleading by holding some facts from the readers.

I don’t mean to be overly critical I just need to understand this new facet of CIS i.e the sandbox so that I know what it does and doesn’t do. :slight_smile:

Hi languy99 ,

Well I don’t think so … unless by the “jail” term (…hmmm… dual interpretation 88) ) you mean:

1) some criminals still have decent sources & connections in order to communicate with outside world and even continue to run major criminal operation;
2) Escapees. There are too many cases of criminals escaping with or without “internal” help
3) I can provide some other similar “associations”…

If you mean something like the above - then, yes you can call it “jail” ;D
…anyway that’s not a “sandbox”

Cheers!

look here, Sandbox (computer security) - Wikipedia

A jail is a set of resource limits imposed on programs by the operating system kernel. It can include I/O bandwidth caps, disk quotas, network access restrictions and a restricted filesystem namespace. Jails are most commonly used in virtual hosting.

The report was updated a few minutes later in which Comodo did indeed catch the file.
http://www.virustotal.com/file-scan/report.html?id=d16bf556adcf222d9ea81116d86e070fd77b1178044d8e540e9f24419467940c-1284626705

Beautiful to see it sammo thanks for the update. simply superb.

You mean there’s a chance that sandboxed program to still able to harm or damage the host PC? I read about this mostly when CIS ver 4 came out.

I think SiberLynx owes us an explanation for his accusations and views. He is lacking corroboration. If I understand his abstract discourse he seems to be referring to v4.x rather than v5.

Melih, sorry for the vote of confidence in calling you by your first name, thank you sharing your view and understanding in that video. I understand much more clearly the philosophy behind Comodo. Keep up the great job you are all doing, I’m sure you will continue the path towards a computer safety revoluion. :slight_smile:

My regards from Ecuador.

Hi Eric,

Neither you owe me anything nor I owe you something :wink:

The v4 was tested.

  • the processes can be run outside this sandbox” ;
  • the files will be created ;
  • the registry will be tempered

Your own words in one of the (or many) threads were (not a word by word quote) :

”Comodo’a sandbox does not work as Sandboxie“ - True and too bad!
“neither it is by any means a virtualization”- True again

Therefore, after testing it I am not interested whatsoever in this implementation
(which I said actually even before that was implemented/released)

As for v5 I asked several questions. You know the thread, since you answered very superficially, basically giving info that there is nothing new/enhanced in Firewall only (I posted “thanks” :wink: )

But my questions were mainly about completely disabling all features like Sandboxing/Cloud/CIMA/and sure not using Comodo’s AV
and using just the Firewall and probably the Defense+

==========

My answer is - Yes. Pretty much and for sure

Partially (stressing!) limiting the application that is just “unknown” is not completely blocking it and its processes (not a real danger when it is just unknown, but if it is a malware …. many dots – it will trick this sandbox )

But again that was v4 and you read about that in many threads where I did not post many (if not any) messages
So, that cannot be seen and judged as and “abstract abstract discourse” by SiberLynx.

Cheers !

p.s. Finally, we are in this thread and the original poster’s request & the topic title probably is more important than “me owing ??? something”

Still, you can install another antivirus. Using Comodo Firewall + Your antivirus.

Greetings.

Hi MinDokan
Welcome to the forum.

Unfortunately your suggestion is at least not clear

Sure, if one have an experience to manage another AV in addition to the existing one - you can do that

… but…

1)
you must not have 2 (or more) AVs with their real-times residents;

2)
as far as I know devenroy is a devoted user of a whole CIS Suite (not judging him - that is his choice) ;

3)
the concept behind using the whole CIS suite is completely different,
therefore users having so many questions, because with current implementation of v4 and now v5 that is not clear whether the Firewall only would work the same perfect way as it was working before;

4) in order to use just a Firewall one has to be sure that it is possible to disable Cloud/CIMA/Sandbox… and be fine having just a firewall that manages outbound connections without doing any tweaks. Most of ordinary users are not aware of that

So basically if outbound traffic control is not in place by default - use the pathetic MS Windows firewall and try being a happy surfer :smiley:

My regards

Yes i m devoted CIS user, I m using CIS complete suite now a days.
SiberLynx i see u for many months/year u did not judge me in any way ever.
I want whole CIS including antivirus to be best in every way, firewall is already best, antivirus also improved so much with all the new features, detection is also improving more than even paid antivirus solution like kaspersky, norton, nod32, etc. still there is room for improvement in antivirus section in the faster detection in cloud :slight_smile: it can be quicker than now (its like an wish i know it takes sometimes for them to really see that).

I m doing my best as other users to improve CIS in everyway, i also thank you all for your sincere efforts too, let us all help comodo to be best in industry.

If you know ways how malware can jump out of the sandbox or damage the system or have malware that does so please post it here at the forums. Without corroboration you are simply making too big a statement.

As I have stated in several other topics during the development of v5 the new default settings for automatic sandboxing were tested by Comodo by throwing 15,000 malwares at it and none of then did compromise the system’s integrity. In practice that means reboot and it is gone; it could not start with Windows.

I find the above very promising and think it is doing better than the v4 sandbox. To but add some anecdotal evidence. I have seen more than just several reports where users tested CIS by throwing the latest, often not detected malware at it, where the sandbox would contain the malwares and would be gone after a reboot.

But again that was v4 and you read about that in many threads where I did not post many (Iif not any) messages So, that cannot be seen and judged as and “abstract abstract discourse” by SiberLynx.

Cheers !

I see your point. You have not been posting much but I do remember having similar comments by your hand in the past. One could argue whether that would suffice for the use of the word discourse. May be the word reasoning would have fitted better.

[i][b]p.s.[/b][/i] Finally, we are in this thread and the original poster's request & the topic title probably is more important than "me owing ??? something"
This topic is about v5 sandbox. Your comments were about experiences with the v4 sandbox. Answering a worried user with arguments that are true for v4 is doing a disservice to the user.

Even though I know what experiences with the v4 sandbox are supporting your views but not all users may know the history of v4. That’s the reason for asking you to be more clear.

Bringing in arguments that were true for v4 in a topic about v5 that does not bring any clarity. You most likely know what they say about generals. They tend to be fighting the previous war. Please don’t become one. I mean that from the bottom of my heart. No sarcasm or other smart ■■■ comment here.

Until further notice I think that with v5 Comodo has reached a milestone for protection with the new sandbox. Let’s see in the upcoming weeks how the new concept works in the real world. For now I am very positive about it.

But that being said. There is no such thing as 100% security.