Hips & Sandbox

Bluesman · January 1, 2007, 6:03pm

Then use that, if you prefer that program, it will be possible to turn off the HIPS-feature in the firewall (if I remeber correctly)

system · January 13, 2007, 4:39am

Melih:

About the HIPS, got it. I was thinking about not installing the HIPS, but that approach looks promising. HIPS that can learn what’s on my system is THE ONLY WAY i see it practical. Pop-ups to allow or deny Windows is ridiculous (i’m not an expert, but i fail to see the logic nowadays).

But the sandbox Melih, the sandbox! ;D
Before all that comes to place, the sandbox can take care of most malware. How is it going to be done?
(:NRD)
The way i see it as of now, it would be great to act like GeSWall (or DefenseWall), with the option to drop everything from a session (when closing the browser, for instance), except what is saved by the user (either as untrusted, or trusted, defined by the user per download).
The problem is how would this interact with the HIPS? Or will it be the same “module”?

Keep up the good work!

Cheers :■■■■

edit: and as cheater87 mentioned, test it with Prevx1 and tells us what to expect! Prevx1 also rocks!

system · January 13, 2007, 7:59pm

(:NRD)
When saving as untrusted, pop-ups from the HIPs; saving as trusted, meant as added to HIPS whitelist. Functionality and total security!!

Also, i’m thinking about “Save as trusted”, or “Save as untrusted”, and wondering if alternatively it would be ideal to virtualize the sandbox. Like everything virtualized (SandboxIE alike), but when saving, “Save to Sandbox” (or whatever) / “Save to disk”. Save to sandbox would do just that, and on closing the browser session, pop-up - clear session? (would clear this file too). Saving to disk, and when clearing the session, this file would be kept (saved outside the sandbox).

Any thoughts guys?

Melih · January 13, 2007, 8:34pm

Someone post:22:

Melih:

About the HIPS, got it. I was thinking about not installing the HIPS, but that approach looks promising. HIPS that can learn what’s on my system is THE ONLY WAY i see it practical. Pop-ups to allow or deny Windows is ridiculous (i’m not an expert, but i fail to see the logic nowadays).

But the sandbox Melih, the sandbox! ;D
Before all that comes to place, the sandbox can take care of most malware. How is it going to be done?
(:NRD)
The way i see it as of now, it would be great to act like GeSWall (or DefenseWall), with the option to drop everything from a session (when closing the browser, for instance), except what is saved by the user (either as untrusted, or trusted, defined by the user per download).
The problem is how would this interact with the HIPS? Or will it be the same “module”?

Keep up the good work!

Cheers :■■■■

edit: and as cheater87 mentioned, test it with Prevx1 and tells us what to expect! Prevx1 also rocks!

Well, Sandbox is the drawing board but we haven’t started yet. We are in the middle of developing HIPS though. Once we have HIPS we can do some funky stuff with browsers… don’t want to say any more than that at the moment

Melih

system · January 13, 2007, 8:46pm

OK. Take your time to make things work properly one by one. Improve firewall, then HIPS, then Sandbox.
So it’s open for discussion? Please take my thoughts into consideration, when it comes to build the sandbox… Both my posts above :). Maybe a new thread to discuss this with all the forum members?

:■■■■

system · January 14, 2007, 11:23am

How do you plan on blocking “forged” signatures? It sounds like you are replacing a CPU problem and putting an ID one in. Someone could try to clone a signature of a commonly used program and then get access to the CPU, or is this kind of stuff only in the movies? ;D
Why don’t they do something like this with email? It seems like email services bring in email and then stamp it as spam. If you checked the email at the door first, you would never have spam unless you OK’d it.

In the end, from points 1 and 2, I think you should make a firewall that asks the user:

“Good morning, have your coffee yet? Yea? GREAT!!!, what programs do you plan on using today? Do you want to put in a new access code for the day? Just checking your email, ok then, we’ll keep the same. See you tomorrow.” - computer :■■■■

This way there is NO CONSTANT signature, and the person making any bad virus would have to unleash its demons within a shorter time than any anti-virus programmer could dish up the antidote.

Melih · January 14, 2007, 4:13pm

of course its open to discussion… this is Comodo… (:KWL)

its a good idea to start a new thread with sandbox and start discussions…

Melih

panic · January 14, 2007, 10:25pm

Its almost impossible to fake a cryptographic signature. The crypto signature are not assigned by anyone, they are derived from the actual executable itself. Almost impossible.

Cheers,
Ewen

system · January 14, 2007, 11:42pm

Can this signature be found somewhere like the registry?

panic · January 15, 2007, 12:32am

We don’t want to make it that easy, do we?

Ewen

system · January 15, 2007, 1:11pm

Thread started here - https://forums.comodo.com/index.php/topic,5316.msg39242.html#msg39242

Don’t leave me talking to myself guys. Even if you totally agree with me, or find it stupid, drop in a line or two…

system · January 25, 2007, 6:11pm

You misremember, I posted that link once certainly not at a “a couple of places” in this forum. But there were postings of that link at least half a dozen of times before I even joined here you must be thinking of those instances.