I read and re-read the CIS user manual; however, Comodo did not any detailed information with respect to the way an isolated application should behave, for example a web browser. I know it may sound redundant not understanding the concept behind software isolation, please forgive me :'(.
Nonetheless, I’m trying to see if I isolate my browser, like firefox, would I be protected from drive by downloads? If the answer to that question is affirmative; then the CIS isolation feature would be quite similar to DefenseWall or GesWall. Am I right or wrong?
The reason I’m asking is that I’m trying to find another good way like the parental control feature that can provide me with a similar level of protection while allowing me to update windows as well as my software without any impediment.
There is no need to set your browser to Isolated App. Even Internet Explorer can be set to ‘trusted application’. The Buffer overflow protection in CIS can prevent drive by downloads and any other unknown file that tries to modify your browser, you will get a D+ alert for.
Thanks for your reply; however I still want to know that irrespective of buffer overflow protection, will an isolated browser in CIS protect me from drive by downloads? Comodo needs to update its user manual and provides more explanation on the subjects and other similar ones.
From what I understand, to prevent a drive-by-download, you have to block your web browsers from running executables and accessing critical registry keys. If you implement a access restricting policy - for your internet facing applications - in such a manner, I believe BO protection becomes unnecessary.
As far as “isolated application” policy is concerned, isn’t it’s function identical to that of “My Blocked Files”?
I’ve been running firefox as an isolated application since yesterday and I can tell you that firefox is not blocked. However, based upon the GUI I can also say that firefox as an isolated app does not have access to critical registry keys. Nonetheless, I need more information.
One thing I can say for sure is that, the isolated application policy is in no way similar to how GeSWall and DefenseWall function.
I might be wrong, but the “Isolated application” policy blocks complete access to the system, so that the blocked application can, in no way, communicate with the system. Set your PC to paranoid mode and run any application on your PC that doesn’t have a policy set to it in D+. When you get the alert for the application trying to execute, treat it as an “isolated application”. It should prevent the application from running.
I don’t know how Firefox is able to function, even after you treat it as an isolated application.
I think perhaps the isolated application function is broken, but as Jaki stated, the help file is less than helpful, so only a dev could tell us what it is actually supposed to do.
There was a thread not long ago questioning its function. Someone was also asking what it did because they could classify notepad as an isolated application and could still save/edit/open files.
I mentioned the same thing then. Since the help file doesn’t specify what the intended result for an isolated application is, only a dev could help shed some light on the subject. And of course, they never did…
That has always been a big strike against Comodo IMHO. Questions like this are never answered by the only people that know how it is actually supposed to operate. 88)
I think it is broken, because, except for firefox, every application I treat as “isolated” isn’t able to run. The only difference is, doing it manually, through the “computer security policy” has no effect. But, when I do it through the pop-up, the application gets completely blocked.
Maybe CIS has a pre-built list of safe applications, to which it grants a minimum level of freedom, regardless of the policy applied. One more reason why a terminate option within the alert is necessary.
I set FF as Isolated program and set the download folder to system32 and tried downloading from Filehippo.com. It could not get saved.
Notice that isolating a program is not the same as blocking program. The only way to block a program is to not let Explorer to start it.
The fact that it is able to run means that FF doesn’t need to access system areas in order to function properly. I have seen a key generator run as isolated application.
To know what the Isolated policy does not allow look at the image
Also thanks for testing. If the result of your test is true therefore, I can say CIS with its isolated browser feature is better than GesWall, DW, and ForeceField. I think the devs at Comodo should do a better job not only in updating the user manual with more clarity and details but also to find a way to provide some tutorials (video or otherwise) on youtube in explaining CIS features, the concept behind them and how they function.
It was not that long ago that most of the forums members have discovered the default deny feature in parental control. Anyway if it is not too much to ask every forums members to brainstorm on this.
Thanks to everyone who has replied on this subject.