CIS 6 Fever

udady · April 4, 2012, 2:30am

defense wall HIPS default rule could merge into CIS D+ rules >:-D
if CIS6 have cloud rules like qihoo，it will be more powerful >:-D

wasgij6 · April 4, 2012, 4:44am

what makes cloud rules more powerful

3link9 · April 4, 2012, 4:57am

Can’t wait for CIS 6! Going to be awesome… would love to beta test it.

Maniak2000 · April 6, 2012, 10:20pm

I was wondering about CIS 6 for a while now… One of the biggest features of CIS 6 is replacing current auto-sandbox (which is rights drop currently) with true auto-sandbox (sandboxie style), meaning that every unknown application will be run in full sandbox automatically, so it won’t touch actual system, am I correct?

But the sandbox is clears itself upon restart (at least that’s what current manual sandbox does)… So there are couple of problems I can see with it.

Let’s say you’re installing unknown (unrecognized) software, so it installs in the sandbox correct? Now what if said program requires restart at the end?.. Upon restart sandbox clears itself thus deleting program you’re trying to check out… actually when you think about it this whole “Run unrecognized files in full sandbox” and “Clear sandbox upon restart” can cause many problems… like loosing all your unrecognized files on restart, but on the other hand if you for example run unknown file (that will be automatically sandboxed) and this file will turn out to be, let’s say, Winlocker type virus, then after restart you’ll be safe and clean (again) since sandbox clears itself on restart.
Let’s say you installed \ run unrecognized program in autosandbox and let’s say you tested and configured it…without restarting… and it works fine and seems to be safe, now… how do you get it out of sandbox to the actual system?

So here are my thoughts, maybe I am misunderstanding how CIS 6 Defence + will work?

HeffeD · April 6, 2012, 11:04pm

I would hope that with full virtualization of the automatic sandbox, more configuration options are available.

We’ll just need to wait and see.

wasgij6 · April 6, 2012, 11:22pm

egemen said specifically the autosandbox will fully virtualize SOME applications. Idk what the rules will be for the determining whether an application is virtualized or not. Im sure we will find out soon with the beta.

Solarlynx · April 7, 2012, 2:23am

Can it then replace the great Sandobxie?

Maxxwire · April 7, 2012, 3:05am

I first discovered Sandboxie right here on the Comodo Forums and I am looking forward to using the new and improved Sandbox in the upcoming Comodo v6, but in order to fully replace Sandboxie the Comodo sandbox would need to be able to set recovery parameters including which locations on which drives are allowed to be recovered to and which can not be recovered to in the computer, offer different types of user selectable deletion including different methods of secure deletion, let the user choose which programs and folders will be forced to start in the Sandbox, the automatic termination of lingering programs, the detection of new program compatibility, the ability of the user to select which of the updated information in the browser can be sent to the computer from the Sandbox, let the user set file migration size limits as well as the drive location where the Sandbox will run, allow the user to set restrictions for Internet Access, Start/Run Access, Hardware Access, File Access, Regisrty Access, APC Access, Window and COM Access as well as being able to deploy the Drop Rights Invocation in 64 bit Windows and the ability to set up different user and Group Accounts just to name some of the features in Sandboxie that the upcoming V6 Comodo Sandbox will need to have to be able to directly replace Sandboxie.

~Maxx~

Maniak2000 · April 7, 2012, 9:50am

My guess is that so called “entry points” will be virtualized. By entry points I mean ways viruses usually are introduced to the system, that is browsers, IM clients, P2P clients and Email clients… I think that is DefenseWall tactic.

NSG001 · April 7, 2012, 10:02am

Oh the suspense … not long to wait now :-X

trscsaeg · April 7, 2012, 2:10pm

Maniak2000 post:336:

I was wondering about CIS 6 for a while now… One of the biggest features of CIS 6 is replacing current auto-sandbox (which is rights drop currently) with true auto-sandbox (sandboxie style), meaning that every unknown application will be run in full sandbox automatically, so it won’t touch actual system, am I correct?

But the sandbox is clears itself upon restart (at least that’s what current manual sandbox does)… So there are couple of problems I can see with it.

Let’s say you’re installing unknown (unrecognized) software, so it installs in the sandbox correct? Now what if said program requires restart at the end?.. Upon restart sandbox clears itself thus deleting program you’re trying to check out… actually when you think about it this whole “Run unrecognized files in full sandbox” and “Clear sandbox upon restart” can cause many problems… like loosing all your unrecognized files on restart, but on the other hand if you for example run unknown file (that will be automatically sandboxed) and this file will turn out to be, let’s say, Winlocker type virus, then after restart you’ll be safe and clean (again) since sandbox clears itself on restart.

Let’s say you installed \ run unrecognized program in autosandbox and let’s say you tested and configured it…without restarting… and it works fine and seems to be safe, now… how do you get it out of sandbox to the actual system?

So here are my thoughts, maybe I am misunderstanding how CIS 6 Defence + will work?

I think once It’s sandboxed they will give an option to run it outside the sandbox with a seamless transition without requiring a restart

dave1234 · April 7, 2012, 4:12pm

The suspense is nerve jingling…i am pulling out my imaginary hair in anticipation of the best thing to come out of 2012…hopefully!!. ;D

Regards
Dave1234.

stormer · April 7, 2012, 4:51pm

I wonder if it will be simpler to understand the settings/configuration.

And maybe a Simple and Advanced View Modes.

kazza5 · April 8, 2012, 3:24am

Hopfully they add dacs and the file reputation as well.

wasgij6 · April 8, 2012, 3:36am

i wouldnt expect DACS but maybe we will see a file reputation. I honestly dont think we will get those till later 6.x versions. v6 already has a ton of new stuff

atomas31 · April 8, 2012, 2:34pm

I also hope to see the return of DACS… When can we expect the first screenshot of version 6 (Alpha or Beta)?

stormer · April 8, 2012, 3:21pm

What was DACS again?

What new stuff is coming to v6, I know bits and bobs only.

Thanks

Maniak2000 · April 8, 2012, 5:46pm

DACS is a multi-engine virus checking, like virustotal.

wonderlust76 · April 8, 2012, 7:18pm

I was wondering…actually there’s no need to change/make stronger the automatic sandbox, cause CIS already has a feature, that in my opinion hadn’t been properly developed, but is powerful: the manual sandbox.
It works like sandboxie (full virtualization), but for the moment I use sandboxie, cause CIS manual sandbox has not several features (direct files recovering etc…) that are very important.
So, thinking about CIS 6, couldn’t developers make CIS manual sandbox just like sandboxie (who uses sandboxie knows what I’m talking about)??
You would start everything you want in the sandbox, like the browser…so everything downloaded by the firefox, ie, opera, cd etc…would be totally virtualized…and in the meantime its behaviour would be analyzed by D+ and in the cloud (in case of unknown file, otherwise there’s no need of that).
If the .exe analysis would be ok, than you would recover the file, if you would want to try the new software in the sandbox, then you should only to install it in the sandbox, and check its behaviour…
I don’t know if I made me understood…my opinion for CIS 6 is: there’s non need of the automatic sandbox. The only important thing is to develop tha manual one, and make it like sandboxie…

wasgij6 · April 8, 2012, 7:49pm

wonderlust76 post:351:

I was wondering…actually there’s no need to change/make stronger the automatic sandbox, cause CIS already has a feature, that in my opinion hadn’t been properly developed, but is powerful: the manual sandbox.
It works like sandboxie (full virtualization), but for the moment I use sandboxie, cause CIS manual sandbox has not several features (direct files recovering etc…) that are very important.
So, thinking about CIS 6, couldn’t developers make CIS manual sandbox just like sandboxie (who uses sandboxie knows what I’m talking about)??
You would start everything you want in the sandbox, like the browser…so everything downloaded by the firefox, ie, opera, cd etc…would be totally virtualized…and in the meantime its behaviour would be analyzed by D+ and in the cloud (in case of unknown file, otherwise there’s no need of that).
If the .exe analysis would be ok, than you would recover the file, if you would want to try the new software in the sandbox, then you should only to install it in the sandbox, and check its behaviour…
I don’t know if I made me understood…my opinion for CIS 6 is: there’s non need of the automatic sandbox. The only important thing is to develop tha manual one, and make it like sandboxie…

the auto sandbox is a very important component to CIS, and in my opinion needed the most improvements. The sandbox is the backbone to CIS, it is a automated defense + and stops all the zero day malware. So to make it stronger it needs full virtualization so no remnants of malware are left on the system. The current auto sandbox leaves remnants and allows the malware to do certain things to the system.