I have been using the full CIS for several years. I am concerned that CIS doesn’t protect against many actions by script malware executed by Firefox plugins. Examples include deleting or reading data files with financial or other personal info. I use the NoScript extension, but I share my PC with someone who allows too many scripts due inexperience.
I am considering moving to Sandboxie, which allows tight control over many Firefox behaviors, including which folders can be read and written. I am sticking with a 32-bit OS (WinXP and Win7) to ensure Sandboxie has kernel access for max protection.
The problem is that Defense+ causes serious problems for some Sandboxie users, both now and historically. See:
https://forums.comodo.com/format-verified-issue-reports-cis/cis-2011-free-breaks-sandboxie-346-350-nbz-t64640.0.html
https://forums.comodo.com/orphanedresolvedoutdated-issues-cis/dont-update-if-you-use-sandboxie-t57169.0.html
Thus, I would rather not plan on using D+ and Sandboxie together in the long term. Since I already use a LUA for everything except installations, and I have an SRP, I am considering disabling D+ and replacing it with Sandboxie. Here’s a website promoting Sandboxie+LUA+SRP+DEP as being highly secure and trouble-free:
I would like to get a dialog going here on the forum about comparing:
(a) LUA+SRP+Full CIS
(b) LUA+SRP+Sandboxie+Comodo AVS+Firewall+DEP
Comodo’s market includes inexperienced users who administer their own PCs, but I would like to focus this discussion on savvy users, especially those who administer for inexperienced users.
I have experienced frustration with (a) because CIS upgrades often require a clean re-install to avoid problems (the mods usually suggest a clean re-install as a first remedy), then I have a long, painful process of retraining D+ and re-entering custom rules. If I just keep the firewall from Comodo, maybe I never have to upgrade it. In fact, dumping the AVS would make (b) a quiet, unobtrusive security solution. I rather like the idea of security through rules rather than signatures. Automatically deleting a Sandboxie sandbox when closing a browser session seems like a reliable rule. Using a special configuration (admin account) while installing software also seems like a reliable rule. When I download software, I don’t want to wait days for humans at Comodo to declare whether each is safe. I would rather use CIMA online and install updates in a Sandboxie sandbox that totally erases changes if I find it is malware.
One concern about (b) is that DEP does not catch ret2libc buffer overflow attacks like D+ does. I can use Comodo Memory Firewall for WinXP, but I assume I have to rely on DEP only for Win7.
Another concern about (b) is that protection of autostart folders and registry keys is through permissions changes, which is not as convenient as D+'s pop ups for single changes.
In case anyone wonders why I want to keep the Comodo Firewall, one reason is to prevent spying by software I trust. I found one reputable application sending info to Google and Yahoo. Another reason is to prevent auto-updates. See
Looking forward to the discussion!
Edit: correct typo
)