More functional SandBox

Hi,
I have just downloaded and testing Comodo Firewall + Antivirus combination, and my first impression is that I like it.

Interesting feature that caught my attention is SandBox. Before COMODO i have been using, and still use SandBoxie, that has similar feature as COMODO SandBox.

One thing that I miss, or is IMO missing from COMOD’s SandBox is option to make permanent changes to real system.

Why would someone need such feature?
I have found troubles to locate my downloaded files via Firefox. I can Execute them from Firefox download manager, but when i choose “Open Containing Folder” it reports error. It should be more polished. My downloaded files are not on Desktop. From user perspective with user skills, it is trouble - where are my files?

I know that sandbox has to use some kind of mirrored folders, that temporary stores all files, downloaded or altered, and found it and recovered my files. But it needs to be simpler procedure for ordinary users.

Other example is. I am running my mail client in sandbox as precaution, if sth. gets through it (malicious attachment). But if I decide to do not use mail client sandboxed anymore - what happens? Mail client will not, anymore, be redirected to virtual path containing “mirrored” files, it will read settings and data from real path - and there is our problem. I will stuck with files and settings dating to time before i started to use SandBox feature.

Proposed solution?
COMODO could implement feature, manual or/and automated, for applications to permanently apply changes to real system at end of it’s session.

Further more, to enhance security, COMODO would allow such feature only if application’s session was virus/maleware free.

There could be option like “Make permament changes to system at end of session, if there were no viruses” or sth. similar to that to minimize need for user input/intervention.

Sorry for bad English, I hope you understand what wanted to say.

You need to keep tracing all the changes… for future applying them. Not that easy at sandbox level. You can use Comodo Time Machine to restore everything. It will be easier to take an old snapshot and have your computer back if something goes wrong.

How could anybody be sure of that? Once applied, the changes are done… What will guarantee that the session is virus free?

I understand the sandboxing of a browser.
I can’t understand the utility of sandboxing a local email client. Why download the email locally them if you can’t save the changes?

I like how Comodo Sandbox works, it’s not heavy on the system and it works (less popup for nothing).
If you like Sandboxie, you should really continue to use it, but don’t try to change this “limited execution space” sandbox into something else.

They will improve it I hope (with removal of malware leftover), but I don’t think it has to work like Sandboxie, because it lighter this way.

Sandboxie is an on demmand full sandbox (files and registry virtualization).
Comodo sandbox is both on access partial sandbox (limit user access) and a full sandbox and virtualizer on demand (fully configurable also).

This is something that I think they need to make more readily apparent. I think most users don’t realize there is a difference between the automatic sandbox and the on-demand sandbox.

+1
novice users should be educated about the difference.

Hi,

can anyone answer me this 3 questions:

1- I have been using sandboxie, but i would like to use the manual sandbox of comodo (i already use the automatic sandbox), and because of that i would like to know if the Virtualisation in CIS is already a mature process, basically if the manual sandbox in comodo is as secure as in sandboxie.

2- If the limitations in 64 bits are the same that exist in sandboxie, or are worst.

3-If there is plans to include in the future a tool in CIS to delete usage traces (i know you can do that manually).

I really would like to use just CIS5 and nothing else.

Thanks.

P.S. - in the automatic sandbox choosing the option to “Blocked” is more secure than the “partially limited”? I know that it was tested against 15000 malware samples, but in theory is it more secure to prevent a infection?

1- I have been using sandboxie, but i would like to use the manual sandbox of comodo (i already use the automatic sandbox), and because of that i would like to know if the Virtualisation in CIS is already a mature process, basically if the manual sandbox in comodo is as secure as in sandboxie.

What is it not for?

Although you can choose to sandbox software yourself, the current version of the CIS sandbox is not intended to be an alternative to a traditional sandbox like Sandboxie.

The CIS sandbox does not intercept all actions by sandboxed software. So it cannot successfully sandbox installed program files and so cannot wipe all traces of installed software from your system if you decide to uninstall it. However it does provide good protection in other ways (see how the sandbox works) and these facilities are being constantly improved.

Automatic sandboxing does not virtualise software Files and registry keys created by the software are NOT stored in a separate place on your hard disk. (Instead, to protect system integrity, the sandboxed program is prevented from writing to protected folders, pre-existing files, and registry keys - see link above for details).

2- If the limitations in 64 bits are the same that exist in sandboxie, or are worst.

Will the sandbox work on 64 bit systems?
Yes it will. Except that registry virtualisation is disabled in 64bit Windows XP. The user is not currently informed about this - Comodo is considering adding an alert.

This is one of the main reasons why it is designed as it is. Most sandboxes will not work on 64 bit systems because they use undocumented OS facilities (which do not work in 64bit) to intercept program to program communications. The CIS sandbox avoids this by not creating virtual copies of installed programs, which means it does not need to intercept these communications.

3-If there is plans to include in the future a tool in CIS to delete usage traces (i know you can do that manually).

this feature is already requested, and waiting to be accepted. please vote!
Wishlist - Add Option To Remove All Traces Of Sandboxed Programs

P.S. - in the automatic sandbox choosing the option to “Blocked” is more secure than the “partially limited”? I know that it was tested against 15000 malware samples, but in theory is it more secure to prevent a infection?

So… is the sandbox really secure?
It is designed to provide ‘good enough’ security with a minimum of alerts, which should be sufficient for the majority of users. It’s not designed to provide the highest possible level of security.

Unrecognised software is automatically sandboxed using the partially limited policy by default is restricted as follows. It cannot:
write to (ie infect) existing protected files or registry keys
drop files in protected directories
take some admin privileges (e.g. Debugging and driver loading)
key log or screen grab by most known techniques
set windows hooks
access protected COM interfaces
access non-sandboxed applications in memory
access the internet without asking.

You can increase these restrictions and add operating system access restrictions (Eg UAC-type restrictions) by changing the default restriction level in Image Execution Settings under Defense plus settings.

articles from : Introduction to the 5.x sandbox

I think “blocked” means applications falling into the sandbox won’t be able to run. LanGuy99 uses it in his latest video to prevent unwanted activities without popups for novice users.

Please check out the Defense+ / Sandbox FAQ - CIS FAQs. They are very useful.

I read that sandbox doesn’t do virtualize of the registry on 64 bit XP. If this is true then what good if any is sandbox on my 64 bit XP or should I just disable sandbox on my 64 bit XP?

If you had worked with SandBoxie, things would be more clear about what I have suggested.

Tracking changes. It would be per session tracking (executing and closing program). After application being closed, there could be option/pop-up that offers user to make permanent changes. SandBoxie (registered version) can utilize separated sandbox for each application, thus avoiding files and registry settings to be mixed up in one “virtual” space, thus allowing easier file and registry recovering (making changes to system permanent).<-Edited

At least, option to access files from within COMODO interface. I had to dig into C:, reveal hidden files to find “VirtualRoot” and access my files.

P.S. I am mentioning SandBoxie here, just as example since it utilize similar technology as COMODO’s sandbox.

[attachment deleted by admin]