From that info, I personally think I would prefer something like sandboxie over geswall.
Sounds like the virtualization route would be more secure, and safer to use.
I say “safer” based on geswall’s description of how it works. They say there’s no configuration, that it automatically blocks all activity that is not known safe. That, and that their “safelist” of files/processes are all generic and are not contingent on any updates. Those two things combined would make me concerned about things being blocked (without my knowing) that shouldn’t be blocked. Sounds unreliable. Probably isn’t, and probably works fine, but by their explanation, I think I would prefer a blacklist to a safelist, if it meant that things were automatically blocked without my say-so.
However, the virtualization route seems like it would be memory/resource-intensive, which is a downside there. Maybe it’s not. I can see the benefit of running the browser thru the sandbox, but then it appears if you actually want to save any changes, you have to redo it all over again, outside of the sandbox.
If the sandbox would allow the user to transfer that “sandboxed” stuff out to the system, that would be better than having to redo it all over again (which is what the sandboxie site seemed to say).
You’re getting my point. BUT, i installed SandboxIE yesterday ;D. First impression: AWESOME! This is it, the real deal! I close the browser, delete the contents, and GONE! Nothing’s there, no files, no new bookmarks (i tested to see), no nothing!
Memory: working set- 1.960k (SandboxieServer.exe) + 3.156k (Control.exe) + 2.904k(SandboxieRpcSs.exe) + 1.968k (SandboxieDcomLaunch.exe)
About 10k running FF sandboxed (:CLP)
And i must say, now that i’m using it, you can add some folders to the “Quick Recovery”, which is a (quick) function that you can invoke to recover files. For instance, add the folder “c:\downloads”, and now when you download things and save them here (redirected to the sandbox with the same path), you can quickly recover them. Like when deleting the contents, SandboxIE alerts you that you saved something in c:\downloads , and asks you if you want to keep them. If you say yes, it will be copied to the right folder (the real C:\downloads).
You just have to configure it, which so far wasn’t that hard. You can customize it a lot.
By the way, what up with these arrows in Comodo’s tray icon? I have to check the other topics.
Sandboxie uses the two programs [u]SandboxieRpcSs[/u] and [u]SandboxieDcomLaunch[/u] to provide a sandboxed instance of the COM framework. The Windows-provided COM framework can connect only non-sandboxed instances of applications to each other, while the Sandboxie-provided COM framework can connect only sandboxed instances of applications to each other. This strengthens the isolation of the sandbox, and makes for better sandboxing.
Note: These programs are not started until a sandboxed program makes use of COM. For instance, notepad does not use COM, so running it sandboxed will not cause SandboxieRpcSs and SandboxieDcomLaunch to start.
[u]SandboxieControl[/u] is the graphical user interface component of Sandboxie.
Will Sandboxie protect me from malicious key-loggers?
Yes, to some extent. First of all, your system (outside the sandbox) must not have been already compromised by an installed key-logger. Sandboxie can not protect against key-loggers that are already running outside the sandbox.
You may want to consider always browsing sandboxed, so you don’t accidentally get any key-loggers into your system.
It is very difficult to reliably detect a key-logger. For a lengthy explanation, please see DetectingKeyLoggers. So the most important tool Sandboxie offers you for protection against key-loggers, is to delete the sandbox.
When you stop all sandboxed activity (in all sandboxes), then proceed to delete the sandbox you’re about to use, you can be fairly certain that all key-loggers are dead.
More detailed here - http://www.sandboxie.com/index.php?DetectingKeyLoggers
Apparently some keyloggers can do their work (“Windows Message Key-Loggers”), but before you clear the sandbox. Clearing them will solve the problem. “Rootkit Key-Loggers” and “Windows Hook Key-Loggers” should be stopped if you downloaded them from a sandboxed session, and ran them also in the sandbox (the sandbox’s purpose, anything outside is out of its scope).
when Comodo PF includes a sandbox, this is what i would like to see:
*application list - so u can set which apps to always/once/never start sandboxed
*separation of disk virtualization/policy restriction - some apps i want to have disk virtualization only or some apps i want both protections
When you download, everything is going to the sandbox except if you open an “OpenFilePath” which
“is a sandbox setting in SandboxieIni. It specifies a point in the file system, below which Sandboxie will not apply sandboxing for files. This lets sandboxed programs have direct access to update files and folders outside the sandbox. This setting essentially punches a hole in the sandbox, at a particular folder location.”
Oh, now i re-read the end of your post. If you keep the contents, they will remain in the sandbox. If you recover some or all the files before you delete the rest, you can choose where to recover or recover to the same folder (the real folder, the one the sandbox duplicated from). That’s the function of “Quick Recovery”, that you can fine tune to recover specific folders. Alternatively, you can always explore the contents of the sandbox and do whatever you like (this can be tedious, but you can do it). You can explore the contents by opening the “sandbox” folder, either with the explorer, or directly by right clicking the icon-contents of sandbox-explore contents (this one opens the explorer already inside the sandbox).
anonymous: check my post (#13), it’s close to what your saying.
The "too restrictive" part could be overcome if we have the option to [i]save to disk[/i] as i mentioned before. For those downloads we know to be safe, like Foxit Reader that i got the other day (threw Adobe out the window by the way; hope i won't regret it). And an easy way to search through the sandbox, if we want to.
No too restrictive has nothing to do with ease of searching sandbox which is a UI feature. Bufferzone for example is pretty much Sandboxie but prettied up. Everything downloaded and sandboxed appears normally, but with a red border.
Too restrictive simply means that for sandboxes to maintain their integrity certain functions cannot be allowed to be used by the sandboxed program. For example no sandbox in the world will allow you to install a firewall in it because this requires a driver to be installed.
Don't understand the [i]"sandboxed programs might fail to run"[/i] part though.
Well, you have to agree it’s not easy to categorize all this. It’s HIPS in categories, and the opinions diverge as you said. It’s a good attempt, but the author should revise it, for clarity.
And yes, as my opinion is changing :P, i tend to think that the option to “save to disk” is redundant.
The GUI simply has to make it simple to explore the sandbox contents, and allow a good configuration for “quick recovery” (in SandboxIE’s lingo).
If you use(d) SandboxIE, one thing comes to mind: when Quick Recovery pops, it should have boxes to tick for each file, and remember the ones ticked for next time (not saving them by default, but when it pops again, they’re ticked already, just need confirmation). It’s easier this way for those files in FF’s profile for instance, where i don’t want to keep cookies, but i do want bookmarks, etc.
I have to clear my head, and re-write my proposal
What about you, how do you think it should work, in general?
:■■■■
It’s a wiki. Anyone can revise it. I’ll try to fix it based on the comments here on what confused you guys.
And yes, as my opinion is changing :P, i tend to think that the option to "save to disk" is redundant.
The GUI simply has to make it simple to explore the sandbox contents, and allow a good configuration for "quick recovery" (in SandboxIE's lingo).
If you use(d) SandboxIE, one thing comes to mind: when Quick Recovery pops, it should have boxes to tick for each file, and remember the ones ticked for next time (not saving them by default, but when it pops again, they're ticked already, just need confirmation). It's easier this way for those files in FF's profile for instance, where i don't want to keep cookies, but i do want bookmarks, etc.
All this is trival. For ease of use, have you tried the free Broadcom Inc. | Connecting Everything? The ‘virtual layers’ interact seemlessly with your system. If the virual layer is added, everything appears as normal on need to do dumb things like searching through the sandbox (basically just another file directory where the contents were shunted to). If you install programs, the shortcuts will appear normally in the start menu, unlike in Sandboxie where they don’t work at all.
Dismount the virtual layer, and everything is done… But it’s not really meant for security…
I have to clear my head, and re-write my proposal :D
What about you, how do you think it should work, in general?
:■■■■
I’m personally not in favour of the kitchen sink approach, which is basically what your proposal is.
I should say this again: i don’t want the HIPS, if that’s what your wondering. But it’s going to happen, and before the sandbox. I prefer the sandbox, since i think it’s the natural addition to a firewall. It contains/sandboxes some programs that connect to the internet.
The HIPS is strictly internal. I have that covered.
But to summarize what would be the options to install, after all this, that’s what i wrote:
Comodo either doesn’t go virtual, and adds sandbox capabilities to HIPS (or HIPS simply covers the benefits of policy based sandboxing), or adds that sandbox/virtualization module, a true sandbox.
With the latter, and the reality that you can install HIPS, the options are those that i wrote.
(in principle, you can choose what to install with future versions, so if you don’t want HIPS, just the FW, you do just that)
I’m looking at that Altiris. It seems very interesting, but i have to read more on what security it provides. So far i’ve only seen benefits for testing software, or managing program installations better.
In that department, it seems to rock indeed. A different approach than VM, which creates a whole new virtual computer. It’s for different purposes, where you can decide what to have installed on your “real” computer.
But i don’t see how it would help CPF…
SandboxIE isn’t for testing software, it can do that, but it’s not built for that. So naturally some programs won’t install. SandboxIE allows you to drop a session. Whatever got in, goes out the window.
I will read more on that Altiris. Seems a very good concept.
The free version is obviously limited, but the full version (paid) has what would appear to be some good features, as far as system protection. What might be an apt definition is CFP’s Application Behavior Analysis on steroids…
It seems a keeper so far. You should add that one to the freeware collection:
https://forums.comodo.com/index.php/topic,1731.0.html
LOL, what a mess. Why do people think long unwieldy threads are a useful way to store information? Try a wiki instead. I have my own list of freeware but I’m not going to post the link, lest Mac accuses me of link spamming or something. (:NRD)
Very good Lusher
very good someone. (:TNG)
Comodo either doesn't go virtual, and adds sandbox capabilities to HIPS (or HIPS simply covers the benefits of policy based sandboxing), or adds that sandbox/virtualization module, a true sandbox.
With the latter, and the reality that you can install HIPS, the options are those that i wrote.
(in principle, you can choose what to install with future versions, so if you don't want HIPS, just the FW, you do just that)
Yes Little Mac, PG was intuitive. Ask Melih in twl’s thread maybe. Seems to me a good approach to HIPS.
Too much. I’m registered here, don’t even know how one can write a wiki. Some day i’ll look into that, i don’t have time for everything.
Why is it a mess? It’s just a list of free programs for Comodo members to look. Don’t take it for something it isn’t.
Anyway, i’ve checked SVS, and besides being bought by Symantec, its nature doesn’t seem to fit here. And i personally like the sandbox to be one folder, not everywhere. If i’m to use something, and trust it, i’m not going to sandbox it. For a sandbox addition in a Firewall, SandboxIE method is suffient, simpler and better IMO.
SVS is very good, to manage programs in another way. I’ll download it when i see it resolved a particular bug.
SVS not for security.
Well, I was reading this topic and discover a new kind of (fantastic) software that until now I don’t knew. My question is, Comodo Firewall Pro v3 will include, apart from HIPS, a sandbox software? If no, there is a plan to do it?
Congratulations for the excelent firewall!!! :BNC :BNC :BNC
