V3 behavior (and i am still running V3 firewall-defense+ for this very reason): i don’t want any sandbox to take whatever decision i have to take myself, and i therefore want to know everything of what is going on.
The poll choice is however ambiguous: once your outbound and inbound rules set according to this behavior, and it only means a few days, the firewall alerts become very parcimonious, while defense+ keeps monitoring unusual requests; this behavior somewhat sounds as an installation routine, even if i do it myself by trial and error.
However, and this has been stated by myself some time ago and by others these last days, one should be able (right click) to customize from a initial one the firewall alerts to some range of ip, ports, protocols… on the fly, leading to a very significative time spared in writing the rules you need for yourself, never the same that your neighbor’s ones as you are not using the same configuration and software.
I have been very comfortable (and safe) with v-3. I do not do many installs, nor do I go to any questionable sites and therefore feel that I do not need the sandbox. I have very few alerts with v-3 set at stateful, custom and clean PC mode in Proactive config. Only when I install something or update some applications do I get alerts and then I can use installation mode.
I voted for #1.
it will be interesting…
the question is: people voting for 1, are they doing so cos they are just comfortable with it and not checked out v4, or they have really checked out v4 etc…
also how are the real novices dealing with it…would they choose 1 or 2 or 3?
I think we have to have both advanced and novice users in mind in our solution
If we did have a novice mode and an advanced mode…I have a feeling this may cause trouble when testing organizations test CIS. Will they choose the novice mode, and maybe some things will get passed CIS? 88)
What I am unsure about is how the firewall, defense+ and sandbox link together in protecting my computer. So if an unknown process was to run from my computer (that is, if I got infected), defense+ would alert me first or would it run “limited” if sandbox was enabled and make the outbound connection?
i voted for 1st option. outbound connection is allowed coz of sandbox. but what when an average user dont like the sandbox and disables it. and he dont know that outbound connection is allowed coz of sandbox and if he disables sandbox, he has to remove the outbound rule too.
I don’t know but sandboxed application should be controled when and how they access the internet , sandbox application can reach the user’s cookies therefore may hack the privacy ,!! << even something much worse than that , what about screen logging ! we saw that in one test out of 4 comodo failed to block the snapshot !! ) that doesn’t matter as long as those captures stayed in the computer >!
I’m not an expert I’m just some1 who expects the worst and plans for the best