OK finished testing in the Comodo Sandboxed browser, Virtual Kiosk and Sandboxie. CIS detected the malware in only sandboxie but NOT the others. Tested same link in the Virtual Kiosk and Comodo sandbox and still no detection. I downloaded the exe in sandboxie and it got an instant detection, no detection at all with either kiosk or Comodo sandbox. Went back to sandboxie and tested it out again where it DID get detected by the antivirus. From what I can tell the firewall doesn’t alert you as well, don’t think D+ will do anything if non of this other stuff goes off as well. I find this to be a very troubling flaw in the sandbox.
Right: Sandboxie, a software of another vendor, is perfectly integrated whit CIS 6.
CIS 6 sandbox, on the other hand, seems a world apart…totally disconnected from CIS AV, BB…why??
This is the problem…I hope you’ll fix it guys, cause this is a great product, but actually we need to know what’s going on in the sandbox
Whe you have virtual kiosk open and when I downloaded a couple malware samples. I noticed that comodo detected it. are you talking about running a browser fully virtualized in sandbox?
I tested in BOTH the virtual kiosk AND the virtualized browser. No detection.
The Virtual Kiosk needs to be either,
(a) monitored & protected by CIS like any other application (which it appears it is not), or
(b) completely isolated from the host system with no possibility of any activity within it being made permanent or files being written to it (which we know it is not, by design).
Definitely we would need a new beta, but CIS6 developement seems freezed at the moment… :-\
Just because there hasn’t been a second public beta release definitely doesn’t mean there is no development happening… 88)
There have been delays in the pipe line according to Melih:
Please bear with us and wait patiently. Developers are working very hard to provide us with another beta.
I think comodo intends for nothing to be detected in kiosk for the sake of usability but I think they should give an option to show alerts in the kiosk if the user wishes. that way they can keep the kiosk clean instead of resetting the sandbox all the time when they switch from a dangerous site and a bank site or they could give an option to auto reset sandbox when going to certain sites like banks, social networks, email. but it could be user specified. this way the users work flow isn’t broken. they could seamlessly go from a malicious site to a sensitive site like a bank site.
So how would one know if malware snuck in or is trying to modify something?
the way it works now you wouldn’t. comodo wants users to reset the sandbox to keep it clean. that’s why I’m agreeing with you and also suggesting another rout
If that’s the way it ends up I’ll stick with Sandboxie for my sandboxing needs.
I sent a pm to Egemen regarding this issue, but probably he’s quite busy now…anyway, surely they now about that. It depends on how they intend the sandbox has to work. Technically shouldn’t be so difficult to make CIS able to scan inside the sandbox…lets wait and see what happens
OK I have been exploring the Kiosk & my tests suggest the following is probably what is intended:
- AV is on. I tested by downloading in IE from Download SpyShelter - The most effective Anti Key logger
- HIPS is off, even if switched on (except the installer updater policy)
- Some aspects of the BB are on: screengrab and keylog prevention
- FW is on, but alerts show outside not inside KIosk for actions inside the Kiosk(bug? not reported yet, I will do so), and there appears to be a bug in relation to IE (reported). Try it in proactive config, or untick the allow all alerts setting
If you find different to this please post a bug report. It is probably not intended.
I personally would like a way to turn HIPS on (excluding protected * rules, which don’t make sense when virtualised.). THhs would allow some control (not ideal) over comms between virtualised and non-virtualised environments.
I think we should probably lock this after a little further discussion as Comodo intentions are almost certainly different from what you suggest, and if your installation differs from the above it would be more helpful to report this as a bug.
The risk of keep[ing it open is that Comodo’s intentions may be mis-understood by more people which may lead to the misreporting of bugs.
I think this shows the need for the documentation to give a bit more information on the privs with which Kiosk and otherwise sandboxed apps run. I have suggested this in the trace discussing help here… If other would +1 this post it may encourage a response.
IIRC I did report this in the report a bug thread.
Thanks can you post a link it’s a long thread
OK the one I posted was for a resolution issue I am having on a net book. I will report this bug later tonight.
Thanks Cheater, very much. I’ve asked you to reformat it so that it gets looked at. Hope that’s OK
Done. Sorry about that.
Thanks CHeater, much appreciated