So what will it be?
Yes, I promise! I will never allow these unknowns full access [b]and will always run them inside Comodo's containment technology[/b]
No because Comodos containment technology (I assume this refers to the Sandbox) doesn’t have HIPS. Even then there are some applications that are technically unknown by CIS but very well known by me, for example those I make myself…
the ones you make yourself are of course known to you. The question is “Unknown” applications/executables that you cannot vouch for.
Generally how I go about it:
Known trusted by CIS or me - Allow (If installation then make a system image before)
Likely trustworthy - Run on system but monitor with HIPS (If installation then make a system image before)
Not sure - Take a system image then run on system and monitor with HIPS
Untrusted - Mainly won’t run at all but if necessary for X reason then take system image and disable Internet then run in sandbox to do X reason then clear sandbox and restore system image.
so… are you a freak? o.O
this is madness. no user will take care of any of these cautions. we need comodo contaiment but we need it to be strong enouogh so we can trust on it. sandbox + hips + behaviorism + av = we, users, win…
I will but yeah sandbox with HIPS or at least something that tells the user of the sandboxed applications actions would be ideal. Problem with sandbox currently is that I personally can’t tell if the application is doing anything dodgy, which HIPS can.
Edit: Also I thought my approach above was fairly reasonable, what part is it that you find unreasonable?
these “make a system image before” for any step taken…
System images are very quick when using incrementals and I don’t do it just because of
malware but also for easily being able to quickly go between different “times” of my system, very useful when troubleshooting or otherwise when yiu regret some changes done to the system.
The main problem with Comodo is the automated whitelisting process. It’s just stupendously slow unless you submit the files yourself here on forums.
Almost every single unknown app I ever see in CIS has status “Already submitted” and yet it’s being unknown for months and months. TOO SLOW. This shouldn’t last more than 1 month max.
If someone spots an unknown file and submits it to Comodo, it should get a verdict and be whitelisted if clean in under 1 month. Ideal would be under 1 week but then I’d be pushing it. Waiting for half a year or one year is just unacceptable. And that’s the reason why most people just manually toss the app under Trusted apps and be done with it. Which defeats the purpose of the entire thing so to speak. Because I may just as well be trusting something that’s actually a malware. But if a company classifies it as malware, then I’ll be far more cautious. Or if it’s clean, i’ll be far more sure it’s actually clean than if I decide that way for a particular file.
I mean, I’d love to just leave automated system do its magic by automatically allowing whitelisted files, blocking malicious and waiting unknown in the sandbox until they get verified, but it’s simply just too freaking slow process.
Valkyrie solves this problem
We will believe once we experience Valkyrie
Isn’t Valkyrie already active for CCAV?
Only CCAV has it and I can’t use it because it’s too slow. CIS however, no Valkyrie and probably not anytime soon either…
The support for Valkyrie in CIS is in the works implying it will be most likely be in CIS v9.