2- Allow can be with one report and that is different between alarm & report
You can allow something but make a report that thing happened
I mean when something important happen to CIS (Like his files or quarantine changed with other programs)
Comodo know that and allow it but It can make report what happened
I think it is save and good option
=====================================================
I don’t know we need wishlist or not
Anyway I came here to be useful for comodo
Thanks friends
You’re welcome.
But I think we have something that can be vulnerability:Still you can run a custom policy for the program and when needed notch up D+ to Paranoid.1- Every program that we installed goes the two groups: 1-Trusted 2-Not Trusted
Some of programs that even we don’t trust them we need to get out of sandbox ,
because in sandbox they can’t work they job (like Unlocker or patches)
CIS will also protect various executables from being tampered with (.exe, .dll, .sys, ocx, .bat, .pif, .scr, .cpl, .com and .cmd). That means that unsafe applications cannot mess with drivers or executables from f.e.Unlocker. It is basically impossible to make an installed application go rogue.
When you are saying patches are you referring to things from the Dark Side? There is only one way to treat that kind of things and that is listen to your AV, switch D+ in paranoid, study what it wants to do and then start searching Google on the whereabouts of that patch/■■■■■. Or if you are a real techie reverse engineer the patcher, or try it in a virtual environment and see what it does, or use a restore tool like Time Machine or similar products.
Sandboxing and whitelisting are tools only meant for convenience while maintaining a high level of security. It sounds like you want the best of both worlds: convenience and even higher levels of security. At one point, like messing with goodies from the Dark Side, you gotta take control. CIS will give you the tools to take control but the user needs to man up and make decisions to questions CIS will fire at you.
Those programs we trusted them or we need to run it (even we don't have trust) , Indeed we don't want to do every thing specially we don't want change in our securityThere is always Paranoid mode when dealing with files you don't trust. CIS gives you the control but you will get decisions to make.
For example when I install nero I trusted it to do his normal work , But I don't want it do unusual thing that can harm my security vendorsHash checks confirm you are using the real Nero assuming it is whitelisted. CIS protection as described in the above makes sure Nero's files cannot be tempered with by both Untrusted files and Trusted files (assuming here we can trust Comodo's white list or user decisions about installing drivers). I am assuming that Nero has no bad intentions like tearing down security programs. Unless you are using a patched version of Nero that you didn't check and monitor; then again it would be user error.
You can see two group of programs have full access to CIS without we want itRegular apps don’t behave like that. That is done by either the user who tells Unlocker to delete the CIS installation folders (user error; no nanny here to tell the user not to do it) or by malware (which could be the result of a user mistake or just bad luck).It can be dangerous for CIS because of apps mistakes and even malware
For example I download one file that I have trust it but in fact that file changed to be malicious and I don't know that and I make it trusted fileYou would have received a warning because the file is not known to be safe and you had the choice. It is hard, but you are s* out of luck here. It can happen to the best of us.It is my wrong but I don’t want to loose my security vendor
I think we don't need to allow full access to other programs (Those programs can read files but can't right or delete)The better option is you taking more control by using custom policies and/or putting D+ in Paranoid Mode and the firewall in Custom Policy Mode.That is better option would make CIS stronger
You may also consider giving up the idea a security program can prevent each and every user mistake like willingly trusting a file you should not be trusting; in that case only signature based solutions can help you. But signature based solutions have a hard time keeping up with the big amounts of malware being produced these days.
That being said. No matter how smart things get, there is no such thing as 100% security guarantee.
Each alert gets logged.
You can allow something but make a report that thing happenedMake Ask+Log type of rules where needed. It is already facilitated in CIS.
I mean when something important happen to CIS (Like his files or quarantine changed with other programs)Remember that this is blocked unless a program has a driver doing this. Once a driver is running, with a technical term the program has kernel access, it is basically end of exercise for any security and non security program; anything can be done. Driver installation is always the result of a user consenting somewhere in the chain of decisions.
Comodo know that and allow it but It can make report what happenedI am under the impression you want to be corrected for decisions like willingly trusting a program you should not be trusting (patches, cracks…). CIS gives you the tools to assess programs behaviours when you take away whitelisting and sandbox; but you need to make decisions there and may make mistakes.I think it is save and good option
=====================================================
I don’t know we need wishlist or notAnyway I came here to be useful for Comodo
Thanks friends
Even anti malware detection is not going to always help you as detection is falling behind with the big amount of malwares produced these days.
Hi Fantom and EricJH,
It took some time for me to read and follow and test this whole topic.
[at] Fantom,
I fully agree with you and your findings. I also got the same results, when I tried to reproduce.
Comodo Devs/Mods always had a different kind of attitude, perspective when it comes to Self-Defense, Defense/Security as a whole for that matter.
Kaspersky, ESET, AVAST etc., they all have the self-defense component protecting their suite every time in every scenario, even from user interaction, strictly. If the administrator has to make any changes, he should disable Self Defense first, then make the change, which in my opinion is how it is supposed to be. They do not allow any user or admin or program to corrupt themselves. I do not know how they manage the “drivers” issue mentioned by Eric, but some how they are doing it perfectly.
I see this as a clear failure on the part of CAV self defense..
Secondly,
CAV is in most ways dependent of D+, self-defense is just one of many issues. Comodo leaves a lot to user decision (with D+), which at the end makes it just as strong as the user. If the user takes the right decision, he is protected. If the user makes a wrong choice (which may happen for many reasons, the user is not a security geek or at least security conscious, or a naughty child) it can lead to any thing like even corrupting CIS itself.
“Comodo is the nanny programs not users”, this statement always irritates me, I too had a lot of discussions in this regard with the mods earlier in different topics. But, as I said earlier,I understood that it is how Comodo operates. Even with a full flow of posts and discussions here in the forum, still we are not able to change their perspective. In the end, it is up to you to choose whether to go with CIS or not since it is apparently clear to (at least) me that this will be the same in future too.
[at] EricJH
May be we should reconsider this issue as an example of how weak CIS self defense is compared to other suites. Specially how weak CIS becomes if the user is not security conscious or security geek. We trust our security suite to protect it self and protect us, even from our ignorance. We trust it to be more security conscious and knowledged compared to us. Please try to broaden your view and perspective. If CIS has to reach more people, it should be able to address the needs of common man, not just the experts. I do not think is very hard to achieve, since there are many other suites that have already implemented this, without breaking user-friendliness.
Again, hoping too see lot of things change, surprises from CIS 6.
I have never heard that they could fight attacks from within the kernel. Unless you come up with proof they can then stop bad mouthing CAV for not being capable. When a program has kernel access it is end of exercise for security programs.
Secondly,Strictly follow the sandbox alerts And if an installer needs full access and it is not white listed then have the user make sure he got it from any of 5-10 well known download sites. That will keep his system safe.CAV is in most ways dependent of D+, self-defense is just one of many issues. Comodo leaves a lot to user decision (with D+), which at the end makes it just as strong as the user. If the user takes the right decision, he is protected. If the user makes a wrong choice (which may happen for many reasons, the user is not a security geek or at least security conscious, or a naughty child) it can lead to any thing like even corrupting CIS itself.
[b]"Comodo is the nanny programs not users"[/b], this statement always irritates me, I too had a lot of discussions in this regard with the mods earlier in different topics. But, as I said earlier,I understood that it is how Comodo operates. Even with a full flow of posts and discussions here in the forum, still we are not able to change their perspective. In the end, it is up to you to choose whether to go with CIS or not since it is apparently clear to (at least) me that this will be the same in future too.The nanny story, no matter how annoying, is needed. Some users seem to think because they can delete files from f.e. the Comodo installation folders application can too. And then conclude that self protection fails. That causes confusion from time to time usually with emotional topics stating CIS can be easily breached. Or people blindly allow a tool the necessary kernel rights.
[at] EricJHCIS self defense is not weak!!May be we should reconsider this issue as an example of how weak CIS self defense is compared to other suites. Specially how weak CIS becomes if the user is not security conscious or security geek.
CIS with sandbox enabled is very secure for non advanced user. As stated in the above if on top of that the user only download programs from 5-10 well known download sites then very little will happen.
I don’t think the problem is with regular users, who just use their computers because they have to, who don’t use stuff from the Dark Side but the group between them and the truly advanced. The truly advanced will take a very cautious and a more time consuming approach to suspicious programs.
The in between group needs to understand that when leaving the secure paths decisions will have to be made and that other than an AV warning you you are out there on your own!!
Please don’t confuse the situation of the intermediate group with the regular users who just use their computer to get work done. It is a well known rhetoric strategy stand up for the little man where you are actually defending another group. Sounds too much like politics. 
We trust our security suite to protect it self and protect us, even from our ignorance.I do not agree here. In the end there is nothing that can fully protect us from ignorance other than at one point starting to take some responsibility and get informed.
We trust it to be more security conscious and knowledged compared to us. [b]Please try to broaden your view and perspective[/b]. [i][b]If CIS has to reach more people, it should be able to address the needs of common man, not just the experts[/b][/i]. I do not think is very hard to achieve, since there are many other suites that have already implemented this, without breaking user-friendliness.Melih said a while ago they are working on some new techniques to reduce the amount of D+ alerts that automatic sandboxed programs will generate.Again, hoping too see lot of things change, surprises from CIS 6.
Add to this that with v6 automatic sandboxing will get virtualisation then that’s nothing but very promising of things to come. Comodo never sits still; they are always working on ways to make CIS more quiet… 
Stay tuned for more… 8)
Hi Eric,
you have responded to so many sentences aimed at Fantom, I wanted to acknowlege him thatI agree with him and I stand with him. 
I know you [size=10pt]can not[/size] agree with any of them. I know it because this is the common perspective of Comodo Team/Devs and Mods. ;D ;D ;D
[size=10pt]I too would wish that be true[/size], unfortunately, I have seen it otherwise.
Install ESET or KIS and try to delete a file or folder or reg key or those programs, you will see what happens.
I am not bad mouthing CIS all around the world. I am bringing out the weaknesses of CIS in Comodo Forum so that CIS can correct itself, improve and evolve.
Those who do things this way are called Security Conscious.
The regular users simply use the computer.
[i]My younger brother always downloads games from very many sites, and installs them all. I used to give him limited user acc, but that does not allow him to install any game at all. So I gave up and gave him the admin login. He is just a user and uses my computer for gaming. He does not care about security, but I do. But, I have to allow him use my computer, install games.
My only choice is a security suite, which would filter the bad sites and fraud programs. I depend on the suite to protect my computer when I am not there, and I can not trust his decisions for D+ alerts either, since if ‘block’ does not run the game, he simply clicks ‘allow’ the second time, for him the ultimate thing is to play the game not what happens underneath. If I try to educate him, it would only sound to him like a boring lecture. He has to grow up and evolve in life to understand all this stuff. [/i]
This is just one case for your reference. I have so many people around me for whom I have suggested and installed CIS, complaining about the same issue.
I know that and understand it well. But, you still do not seem to differentiate between a common user and an administrator. If you truly understand the difference, you would act differently.
[b][i]You have a different Perspective and I have the other. Hope one of us changes soon.
Who ever changes, it’s me or comodo, the ultimate that I want is that Comodo reaches common people and becomes strong both security wise and user friendliness wise.[/i][/b]
Have always been hoping for that … :azn: :-TU :-TU :-TU
Nothing to add here.
[size=10pt][b]I too would wish that be true[/b][/size], unfortunately, I have seen it otherwise.Install ESET or KIS and try to delete a file or folder or reg key or those programs, you will see what happens.That's a typical example of programs having kernel access. As stated before users have to be very very careful when allowinga program kernel access by allowing it to run a driver.
I am not bad mouthing CIS all around the world. I am bringing out the weaknesses of CIS in Comodo Forum so that CIS can correct itself, improve and evolve. Those who do things this way are called Security Conscious.Are you not believing me what I tell about driver having kernel access? Your example of KIS and Eset proofs nothing because they have kernel access. Not sure why you choose to discard that.
[b]The regular users simply use the computer.[/b]As long as people use stuff from reputable sources a lot of things will work very well security wise even when they install it when it is not white listed…[i]My younger brother always downloads games from very many sites, and installs them all. I used to give him limited user acc, but that does not allow him to install any game at all. So I gave up and gave him the admin login. He is just a user and uses my computer for gaming. He does not care about security, but I do. But, I have to allow him use my computer, install games.
My only choice is a security suite, which would filter the bad sites and fraud programs. I depend on the suite to protect my computer when I am not there, and I can not trust his decisions for D+ alerts either, since if ‘block’ does not run the game, he simply clicks ‘allow’ the second time, for him the ultimate thing is to play the game not what happens underneath. If I try to educate him, it would only sound to him like a boring lecture. He has to grow up and evolve in life to understand all this stuff. [/i]
This is just one case for your reference. I have so many people around me for whom I have suggested and installed CIS, complaining about the same issue.
I know that and understand it well. But, you still do not seem to differentiate between a common user and an administrator. If you truly understand the difference, you would act differently.
[b][i]You have a different Perspective and I have the other. Hope one of us changes soon. ;) ;) ;)That comes with using CIS for a long time. It works for me.... ;)
Who ever changes, it's me or comodo, the ultimate that I want is that Comodo reaches common people and becomes strong both security wise and user friendliness wise.[/i][/b]Let’s see what the future brings. Us mods are as curious as you.Have always been hoping for that … :azn: :-TU :-TU :-TU
You know why I love people here in this forum ?
They argue, discuss, agree - disagree, but one thing is common to all…
They care… :-* :-* :-*
Off-topic: Hi, I’m new here, though I’ve been using Comodo for years and lately been reading some of the topics around here in my spare time. This topic, however, prompted me to register and share my views ^_^.
On-topic: To be honest, I have to agree with the mods here… I think not protecting the user against every stupid move they themselves make is the only way to teach people to be at the very least minimally security conscious. The strongest point of Comodo is and always has been that it allows users complete freedom in how strict or how open they want their systems to be. You can configure it so you want every move of a program documented and analysed, or in such a way that you only get one alert for each program. This makes it very powerful and/or very user-friendly, depending of course on the skill-level of the user
In the case of the younger brother, theoretically speaking you could make a separate administrator account, and then configure Comodo to ensure that it will only run on specific settings that you, as a more knowledgeable person, have set. Examples of good, but still restrictive settings, for example, would be to start from a clean copy of the Internet Security Settings and then configure just a few settings (block all unknown requests if closed, make sure all unknown applications are sanboxed as partially limited or more severe restrictions if you want more security). Restrict the settings with a password the other account-holder(s) don’t know and you’re good to go.
If I remember correctly, that should ensure that any unrecognised program is not allowed to run drivers, edit protected settings and files and some other restrictions. Also, the user shouldn’t be able to add trusted programs or unsandbox them, as the settings are restricted, so any potentially unsafe programs will be limited to doing at the very least less harm, if any harm at all. This would probably stop some patchers from “The Dark Side” (love that name for it, I’m stealing that from you Eric :P) from functioning because I assume they wouldn’t be allowed to edit other .exes, but I reckon normal system use would be barely impacted. Most programs would be whitelisted, even some of the “Dark Side” programs, as long as it isn’t too new, Comodo will generally have a sample of it Any programs that are actually sandboxed and don’t do what they should do, should then be referred by the younger brother to his older brother. By being security conscious, part of the responsibility of supervision is, unfortunately, also on us.
About the Self-Defense thing… Let me get one thing straight first though: Siva, you’re currently talking about a user using the usual, manual delete to delete Comodo system files and not programs using drivers with kernel access, such as Unlocker, right? I agree that other Internet Security Suites block those kind of interactions, but I reckon they wouldn’t stand up to Unlocker or some other sort of forced deletion tool.
I don’t really have the data to support that theory though, would be very intrigued to hear if you find that some are able to protect themselves from such tools.
Regards,
Eryth.
‘Different configurations for different user accounts’ model does not yet exist in CIS.
I have already proposed it as a solution for such contexts and scenarios long back. Eric also knows about this. (Thanks to Eric for his support in the past posts regarding this proposal…)
Yes, you got it right… I was talking about KIS or ESET not allowing users to manually deletes their content.
Reg Quarantine, most of the suites encrypt the files in quarantine, which is a good tactics.
If you don’t want explorer.exe to disturb COMODO files, why don’t you edit its activity control on defense+ rules like i do?
By default, explorer.exe is treated as windows system application. Change it to costum policy and then you can costumize its access right. In “access rights” tab, tick “ask” for run an executable and tick allow for the rest… In “protected files and folders” row, click on the “modify” to edit the exclusion. Click the “blocked files and folders” tab and add the files group from “COMODO files/folders” then click OK…
Don’t forget to also edit exclusion for “run an executable” too. Click “modify”, on “allowed applications” tab, add a files group “all application” then click ok. If you don’t do this, you will receive a alarm everytime you run an executable with “explorer.exe”. That’s annoying…
You can do the same things with unlocker.exe too…
Then show me that you can delete or modify the Comodo files again… 
;D
Even that you have exit comodo, his file its still protected from explorer.exe
Sorry for bad English… I’m from Indonesia…