So, currently we have HIPS (disabled by default) and BB (A.K.A auro-sandbox \ rights limiter). Hips generaly asks you every time a program wants to do something untill a ruleset is formed (unless program is considered safe \ trusted). BB appears to be a set of pre-set HIPS rulesets (depending on the level) of what an unknown program can and can’t do, and BB doesn’t bother the user…auto-HIPS of sorts.
I was wondering, will BB change somehow? I heard that current BB isn’t really what it was supposed to be.
So, if it will change, then how exactly? And will it work together with HIPS, or will it remain disabled by default?
Well in futures, BB will gain more strength, and some part of HIPS, but nothing is 100% clear, we will see, as for HIPS I believe will remain disable by default only in Comodo internet security profile, if you change to Proactive security you will have HIPS enable. I don’t think Comodo would give up on HIPS(IMHO).
We are hoping to see a full/traditional behavior blocker in future versions. A BB that works like mamutu or threatfire. Currently the BB (autosandbox) isolates all unknown apps and restrictions what they are allowed to do. A traditional BB watches all apps running and keeps a checklist of certain actions once it hits a certain amount it will alert the user. Since comodo believes in default deny its unclear how their BB would work since they dont allow unknown apps to run.
What about full virtualization? I mean, this could be implemented within the fully virtualized environment which means that it could check the things it does and if found to be of questionable nature the user is alarmed and can clear the sandbox. Though perhaps it would not be a behaviour blocker but rather a behaviour scanner/analyser. 88)