It’s annoying when people test software and bother to learn how to use it.
Thanks for the answer Umesh
Is the sandbox able to monitor all the changes created by an application when the app is sandboxed?
Maybe a popup with an option to remove every single file and changes created by the app sandboxed would be fine, something like Comodo Time Machine but in a minor scale. Or just delete automatically all the files and changes (that is what a sandbox is suppose to do).
Also if you have been infected, and the malware have been able to bypass everything in CIS and integrated CTM in CIS would be great. There is no better cleaning method than this.
Also I hope that this test help Comodo team to improve the sandbox and the cleaning of this PE files.
Difficult to achieve, at least CTM is a drive sector snapshot restorer… Sandboxing is different.
The paranoid mode of the sandbox will alert you of everything.
Yes, that’s sandboxing.
CIS integrates CTM in the sense that CIS can order a CTM snapshot to be taken.
It’s a very good feature! But it can’t work “like” CTM without CTM installed.
it concerns me that they think a dropped file is an infection. I think they have not encountered a sandbox the operates like CIS’s sandbox, they are testing like a traditional one, like testing sandboxie.
This is what he said
I know your meaning, also I mentioned earlier, dropping PE is only one behavior of malware, sending private information, etc. And also, some malware can realive after rebooting, so judging a PC infected or not is complex work and I just give you an example that you may easily to understandGlad that you are interested in the test, we will keep up our job
Maybe comodo should make a special documentation for the testing groups explaining how Comodo sandbox works.
Anyway I cant see any good reason to allow this behaviour in the sandbox, the best would be revert all the changes made by the malware.
but how can you know that what is sandboxed is malware?? You can’t so you can’t assume that anything running in sandbox has to be purged.
Yes you are right, so the problem is that Comodo Sandbox should be named different.
If you call it sandbox the people will expect from Comodo sandbox the same things that Sandboxie or any other sandbox does.
Maybe now is time to change the name and explain well how the “sandbox” (limited rights) works, so a name like Comodo Imunizator or something similar would be more apropiate.
Maybe just changing the name PCSL would have been tested CIS properly and CIS would have gotten a score of 100%
We can start a POLL here in the forum explaining the problem (your english is better xD )
Or perhaps if Melih or any dev read this could start to promote this idea inside, and think “how to fix this issue”
well we already the this discussion on what is a sandbox when it was first introduced and they can call it a sandbox based on the definition of it.
Some examples of sandboxes are:* Applets are self-contained programs that run in a virtual machine or scripting language interpreter that does the sandboxing. In application streaming schemes, the applet is downloaded onto a remote client and may begin executing before it arrives in its entirety. Applets are common in web browsers, which use the mechanism to safely execute untrusted code embedded in web pages. Three common applet implementations—Adobe Flash, Java applets and Silverlight—provide (at minimum) a rectangular window with which to interact with the user and some persistent storage (at the user's permission). * A jail is a set of resource limits imposed on programs by the operating system kernel. It can include I/O bandwidth caps, disk quotas, network access restrictions and a restricted filesystem namespace. Jails are most commonly used in virtual hosting. * Rule-based Execution gives users full control over what processes are started, spawned (by other applications), or allowed to inject code into other apps and have access to the net. It also can control file/registry security (What programs can read and write to the file system/registry) As such, viruses and trojans will have a less likely chance of infecting your PC. The SELinux and Apparmor security frameworks are two such implementations for Linux. * Virtual machines emulate a complete host computer, on which a conventional operating system may boot and run as on actual hardware. The guest operating system is sandboxed in the sense that it does not run natively on the host and can only access host resources through the emulator. * Sandboxing on native hosts: Security researchers rely heavily on sandboxing technologies to analyse malware behaviour. By creating an environment that mimics or replicates the targeted desktops, researchers can evaluate how malware infects and compromises a target host. * Capability systems can be thought of as a fine-grained sandboxing mechanism, in which programs are given opaque tokens when spawned and have the ability to do specific things based on what tokens they hold. Capability based implementations can work at various levels, from kernel to user-space. An example of capability-based user-level sandboxing would be HTML rendering in Google Chrome. * Online judge systems to test programs in programming contests. * New generation pastebins allowing users to execute pasted code snippets.</blockquote>you can see the yellow, that is how comodo mainly works.
I see the sandbox in its current state more like Geswall.
Maybe but the concept for sandbox for most of the people is like sandboxie.
So if the name can’t be changed maybe Comodo should be worried to explain how the sandbox works to all the testing groups before the test start. Or some Bold explanation at the begining of the help file of the sandbox…
If comodo has to explain how it works, how can you then trust their results the testing group puts out? If you call yourself a knowledgeable company, I would expect you to learn how each program works and make sure that all of your procedures can be verified and approved by each manufacturer of the software so the testing is accurate.
Of course the testing groups should be able to understant it, but maybe a clarification in the help files or something like “how comodo sandbox is different from other sandboxes”.
It’s not Comodo’s fault but if just improving the documentation or creating a special document in the help files addressed to people with testing purposes this kind of issues can be avoided, at least comodo should try to do it, it’s fast and easy to do.
Please Languy99 tell us what is so fishy about that test? I tested Jiangmin my self sometimes ago and it did well. There is nothing fishy about a product that did well. If it was Comodo that did well, even though Comodo performance was quite good beating several well known vendors, would you have still said also that the test was fishy? Your bias here is quite apparent, maybe I should take your own tests with a grain of salt, don’t you think?
FYI: languy99 malware do not have any borders, especially on the Internet; once a piece of malware is distributed it will infect whomever it can irrespective of geographical locations. Malware are equal opportunity infection. I really cannot believe you said that. I thought you knew better. In the end there is nothing fishy about this test.
Peace.
Finally a word of reason. Thank you very much Melih. Yes indeed your staff have done a fantastic job. I was skeptical and even critical at first, but I’ve got to admit the AV is quite good. CIS as product is to tough to overlook now. To me, some may disagree, the only product better than CIS right now is Norton. Nonetheless, when all the bugs or should I say most of them are ironed out CIS will create quite a buzz in the industry, if it has not already.
Peace.
First off I have tested Jiangmin I bet much more then you have and it never did great. It was always very easy to infect. Next I don’t really care what you think about my tests. I know why I say what I say, and it’s because I have personal first hand experience with it.
Next malware do have borders, but you must not know that. Malware can be contained to a certain region of the world and never make it to another. Explaining why would take too long and I don’t want to waste my time.
Thank you Jaki, i appreciate that.
with ver 5, i think we will be in a good footing and with our default deny architecture, I expect Comodo to be the choice for end user for their desktop security. Norton, here we come!!! 
Melih
Topics merged
Melih, do you really think your competitor is Norton?
I think the three free A’s have more appeal.
I can’t believe I am an ex-Norton user… Ok, I confess. I’ve used Symantec product in the past.
After McAfee Viruscan and before AVG and a little time of Avira…
Don’t feel bad for using norton, its an okay software… I did use it myself before I tried CIS. Now however I would never dream of going back, the controll CIS gives to the user is simply unmatched IMO.
Instead of using the result of the test and move forward to improve CIS, the only thing you could find was something fishy. I do not care about your tests either. To paraphrase your own words: “You could use a bunch of Western malware samples when you were testing Jiangmin, consequently it did bad. Moreover, if I have to follow your thought process further I should say that your Western samples were probably the reasons why jiangmin did bad on your biased tests because you were using samples that Western vendors would see first.”
I’m literally turning your argument that you had against you. Make sure that you use balance samples between Western samples and Asian ones and them come back and provide a valid counter argument. Other people have been saying you are off the chart in your bias scale; today I really can understand why.
PS: I’m a firm believer that malware do not have any borders. The reason I paraphrased you was to ■■■■ your fishy story out of the water.
Peace.