Program & Sandbox Isolation Improvement Ideas

I think it would be beneficial to be able to specify trusted applications and sandboxed applications to run inside an MDI container and throttle display and system resources so that a misbehaving program, or group of programs cannot consume the whole operating system. The management of these applications could be done by grouping them together by their level of trust (Trusted, Untrusted, Restricted, Limited, Partially Limited), or custom group, and allow them to be controlled all in one place.

A hypothetical scenario for this would be an unknown virus that was sandboxed trying to create windows that are maximized and control the top most focus so that you cannot interact with your computer. You could use the windowed mode to kill the application inside. Another scenario would be how the fake AV’s sometimes create tons of windows. Suppose one of those fake AV’s were able to download and install several other different items. Normally, your system would start to get slow and overwhelmed with windows popping up. The windowed mode would contain and throttle down those items so that it would not consume more than a certain % of your system. You could now kill all of those items just by closing the management window.

MDI = Multiple-document interface - Wikipedia

The way I would like to see this work, is that when a program becomes sandboxed (either manually or automatically) the default is to start up inside of a controllable Comodo MDI window so that you can see how it is going to behave. Once you are happy with the way it runs, you can drag or select it somehow to run in an SDI mode on your computer with a colored border around the window signifying that it is still running in the sandbox. The SDI mode would run as it currently does today, but would be marked with a colored border around the parent and child window. Color can signify the different levels of sandbox security as well.

I can see the benefits of being able to run normal programs inside of these MDI window modes as well. My kids are all under the age of 5 and have computer games that they want to play that want to run in a DOS type environment. They’ll somehow get the game all goofed up, and CTRL + ALT + DEL or any other key combination I can think of won’t allow me to get back to the OS to kill the stupid thing. I’m forced to either restart the machine the hard way, or let the thing run until I can interact with it again.

[attachment deleted by admin]

That sounds good :-TU :-TU


we some type of application management for when malware go full screen and dont allow the user to do anything