From what I have been reading in the forum there are many people who are very disappointed that V4 will come with a Sandbox.
I personally don’t mind it (I think it could use some work), but other people really hate that it is included in the package. I’m sure that there are plenty of people who would really like the option to not install it with the rest of the suite.
If anyone is of this opinion please post below. Hopefully if there are enough people who think this way they will change it before it is made public.
I tried out a lot of products off matousec and came back to v.3.x It is really, really amazing. Then i thought, “what the hell, let me check out v4 beta”.
The GUI looks like its been designed by a 12 year old. It is SUCH a glaring contrast to v3 that I couldnt believe its a comodo product. Weirdly, the Comodo Online scanner’s GUI is similarly (badly) designed. But I think (hope actually) that this might be a temp design and the real one will would different. Something so basic as color shading is wrong. One thing though, The GUI was more responsive than v3.x
Sandbox. . . . What can i say which hasn’t been said? I think this is where criticism for Comodo group scores big. They really don’t listen to their users. I know atleast 5 VERy active members here who will not only leave this board but maybe not use v4. Are 5 important? Hell no, but if all the active members leave then this board will be full of god know how many global moderators. 88)
Sandbox must be made optional.
a. there was no way to know if a program was sandboxed or not.
b. a sandboxed program (i am assuming) could write (.txt) files to my documents, which means that its only “protect file and registry virtualization” - this is exactly like win7 under UAC. Poor implementation choice, because its already exists in windows natively.
c. disabling sandbox made D+ the same as in v.3.14 :-TU
d. the sandboxed program seems to be running without any popups from d+ = this could be exploitable in the future specially if the program can communicate with services etc on x64.
e. I can NEVER see a normal users, my sis/dad/mom/girlfriends ever use something like this. They don’t use sandboxie and they wont use this. Its too cumbersome and complicated; so its for the power user. But he won’t use it either, because the implementation is all wrong for him. Eg. ME. I used sbie for 2 years … its very cumbersome. tried returnil… not happening (i hate that rebooting thing). Tried vBox - yes sir, exactly what I needed. CIS’s sandbox is a no go.
I don’t wanna sound all negative, but the way it stand is
CIS v.3.14.x = so far ahead of the game that its not funny. It really is amazing, I’ve tried em all out.
CIS v4 beta = wooops. GUI colors and design and the sandbox.
In all fairness, I think people were big critics of v3.0 when it came out. And yes, it had a hell-load of bugs and problems but look at where it stands now, leader by miles. So I think that the same could happen. I for sure will not be using v4.0 when it comes out, but v.4.1 …
loading can’t be optional, because the plan is to integrate it deeply into CIS
deep integration of the sandbox is critical to CIS’s high security with low pop-ups strategy
integration or ‘use’ as Melih refers to it is a great idea but:
- needs work on its implementation ;-)
- installation virtualisation may be limited by some 64 bit OS restrictions
- but I have an instinct that Melih may have a way round this...
Personally I’d suspend judgement until I see how this thing evolves…
If you want a more detailed look at where we are now and where we may be short term, I’ve done a summary/hypothesis here. My own view, nothing more…
not sure that’s a good example, but the virtualization module can be dismissed at setup time in Avast 5 Internet Security, but that’s also the case of any component in this suite. The thing is AIS doesn’t include a HIPS, so may be not installing the sandbox is less complicated, as it’s not associated with anything else.
We have been promised all through 2009 that, by the end of the year, we would have a brand new suite called V4 with a new or highly improved AV, Behaviour Blocker, Sandbox, new GUI.
This is February 2010 and what we have is a beta (in fact more of an alfa) of the same AV, the same D+ and FW, the same GUI and a sort of sandbox thrown in wich nobody knows exactly how it works, but everyone has the feeling that it doesn’t work properly.
All this leaves a taste of unfinished and amateurism; a sour taste of disapointement.
V3 is a exceptional product (I won’t go into the AV). But it has a problem: it’s not easy to work with because of Defense+.
And that is the only problem about it (I won’t go into the AV). CIS doesn’t need to be more effective: it already is the most effective suite. What it needs is a comprehensive white list so we don’t have to answer a deluge of alerts with legitim apps (I just had about 14 because HP Health Checker was updating).
To tame D+ was an obvious goal. But it could be done in a simple way. What we are seeing with V4 is a confused and confusing mess.
First of all development cannot be planned. That’s by definition; otherwise it wouldn’t be development. Second of all; Melih can sometimes gets carried away by his own enthusiasm.
V3 is a exceptional product (I won't go into the AV). But it has a problem: it's not easy to work with because of Defense+.
And that is the [i]only[/i] problem about it (I won't go into the AV). CIS doesn't need to be more effective: it already is the most effective suite. What it needs is a [i]comprehensive[/i] white list so we don't have to answer a deluge of alerts with legitim apps (I just had about 14 because HP Health Checker was updating).
To tame D+ was an obvious goal. But it could be done in a simple way. What we are seeing with V4 is a confused and confusing mess.
Common, they will obviously fix the sandbox thing until the release ( they just have to, if it is really so unusable as many are complaining ), but the GUI will remain the same, as far as i understand. Many of my friends, which i recommended CIS to, always complain about the obscurity of the UI. This contradicts with Melih’s desire to make CIS suitable for grannies. And while i insist, that AV interface does not matter to much, they should really think about the overall suite design, at least about the ‘usability’ part of the design.
Re behaviour blocking, the sandbox as currently implemented could be part of it.
Sandbox be further applied to implement selective blocking of CIMA-identified behaviours, ie items running in sandbox would start restricted, restrictions subsequently lifted apart from CIMA-identified risky behaviours?
BB is currently not implemented. According to Melih scheduled for v4.1. They want to have the sandbox to work first and then step to the BB.
Sandbox be further applied to implement selective blocking of CIMA-identified behaviours, ie items running in sandbox would start restricted, restrictions subsequently lifted apart from CIMA-identified risky behaviours?
Just wondering what behaviour blocking actually will be, and whether it will be implemented, in part at least with a further development of sandbox technology.
As a simple example, if CIMA found that some software was using a suspiciously huge numbers of windows handles, but that was the only thing it was doing, a sandbox job limit to the number of handles could be slapped on, but other limits might be relaxed.
If loading a disk driver that directly accessed the disk, then a load driver limit might be slapped on, but other limits taken off.
In effect behaviour blocking, would become, in part, selective sandboxing. Or selective sandboxing would be called behaviour blocking.
Indeed maybe what will happen is that any blocking capability that is additional to the current sandboxes job and security limits (& virtualisation), would simply be regarded as an enhancement to the sandboxes capability… The pending state would become ever more granular and ‘unsandboxing’ more progressive…
