Sandbox feedback

snadge · May 18, 2011, 12:10pm

hello

I would just like to mention this for the purposes of feedback:

I think it would be great if there was more control or options over the sandbox and its contents… at the moment all you can do is ‘Sandbox’ a program with different levels of trust, it would be great if (like Sandboxie) you could peruse the contents of the sandbox and save files outside of it too keep them, also (i dont know if comodo does this) but in Sandboxie if I use a sandboxed program and it edits a file outside the sandbox then sandboxie brings the file INTO the sandbox (copy) and edits it - I can then persue the contents of the sandbox and save the edited file externally… you also have the option to browse the contents of the sandbox and see exactly what the file might be “dropping” or attempting to install… and you can of course ‘delete’ these contents… with Comodo you just ‘hope’ that it sandboxed them fine and deleted the contents afterwards and have no other options to save files or see the contents

thanks

wonderlust76 · May 18, 2011, 12:47pm

That’s the reason why, at the moment, I use sandboxie instead of comodo sandbox…considering also that the automatic comodo sandbox is not a sandbox technically, but something like “Drop my rights”.
I prefer a full files virtualistation, because is more safe in my opinion…
i think that in the future they will develop the sandbox features, and probably we will have something very similar to sandboxie…

snadge · May 18, 2011, 12:51pm

snap - i too still use Sandboxie…

im glad you told me it just lowers the rights and doesnt actually virtualize an environment… surely it does? they couldnt call it a Sandbox otherwise…

I think I will just disable Comodo Sandbox then if thats the case

clockwork · May 18, 2011, 1:08pm

apart from all the differences to a sandbox like sandboxie:

it would be nice to have a right click menu entry if you want to run something in the comodo sandbox (EDIT: for a file which is not an executable, just read the post below.)

and if you choose a file that has to be load in a program (media file ect), the program should start sandboxed after only choosing to sandbox the associated file. like it is normal happening too.

to the snap:
like with the antivirus, its said, “made for useabillity” of the suite. its something that i critizise too, because the expections are laying on the names. so mistakes and misunderstandings are programmed to happen. i dont want to know how many people use it like a sandboxie… because “its a sandbox!” …

if something is meant for “useabillity of something else”, dont give it names of something that was made for “security on itself”.

siketa · May 18, 2011, 1:10pm

Comodo virtualizes applications if you choose so manually (Right click->Run in Comodo sandbox).
Enable “Show hidden files and folders” and check C:\VritualRoot\ folder(s).
There is no automatic deletion of files (folders) so you have to do it on your own.

wonderlust76 · May 18, 2011, 1:16pm

As far as I know, if you use comodo sandbox on demand (i.e. run your browser in the sandbox) then you have a full files/reg entries virtualisation…while if you try to run an unrecognized file then you have the automatic sandbox, that is actually a rights limitation more or less strong depending on the limitation level you choose (partially limited, limited, restricted etc…)

Citizen_K · May 18, 2011, 2:49pm

Let’s see what v6 has cooking for us.

wonderlust76 · May 18, 2011, 5:05pm

So…does it mean that in CIS 6 everything will be virtualized even on the automatic sandbox?

snadge · May 18, 2011, 7:34pm

makes sense to do that? ive always though thats whats happening…?
what happens if someone runs a file they think might be suspicious and do so thinking auto-sandbox has it covered…when in fact , it doesnt?

thanks for pointing out the Sandbox location, however, Comodo does not have an option to delete files from the sandbox, this means users that have run malware infected files in the sandbox have ‘malware’ sitting there , unless they know the location of sandbox and too empty it - I know sandboxie has option to ‘Delete Contents’

wasgij6 · May 18, 2011, 8:56pm

no egemen said that only some things will be virtualised

wasgij6 · May 18, 2011, 9:09pm

he says here that some programs will be virtualized with the auto-sandbox

egemen post:90:

Hi Guys,

Let me comment on this one more time. First of all, if configured, CIS can very well protect against this and any other threats proactively.

First lets see what this gpcode does: It gets to the users computer drive by download and searches for the files in users harddisk. It then encrypts all picture and text files i.e. damages some non-OS-essential files.

Is this a threat to the user ? YES!
Is this a real threat to be prevented ? YES!
Does CIS prevent against this now? YES!

Then how does COMODO protect against this BY DEFAULT. By default, antivirus detection is enough to detect gpcode and any of its variants. Lets not make false comments by saying CIS does not protect its users against gpcode. CIS DOES prevent against the REAL threat wih its antivirus right now.

Now lets talk about preventing this proactively.

Is there a way to configure CIS to prevent this proactively? YES.

Method 1: Add you sensitive files/folders to CIS protected files list and you are done. For example, you can add My Documents, My Pictures folders or *.doc, *.txt, *.jpg etc. to your protected files list and it can be protected.

Method 2: Always run your WEB browsers in COMODO Sandbox by adding them to Sandbox pemanently. And while doing this, make sure File system and registry virtualization are both enabled. If you do this and accidently get gpcode or something like gpcode or actually any virus from WEB, they will be running in a virtual file system and hence they can not acess your files or folders.

You can also directly run GPCODE with right-click menu in CIS sandbpx and you will see it cant do anything.

Ofcourse CIS is capable of preventing it proactively as of now. However, these settings are not configured by default.

So why is COMODO not making an immediate HACK to prevent this proactively. Some other products are preventing it already.

We do not need to make a HACK but offer you a proper solution which is proven to prevent this and any similar threat while not affecting your daily work with your computer.

The proper solution is the active file system virtualization of SOME automatically sandboxed applications by default. Yes, we are right now working on this kind of a ideal automatic sandbox which is going to be in CIS 6 and will work similar to method 2.

It is NOT a HACK but a properly engineered solution that avreage joe wont have problems when CIS is installed.

It takes 10 minutes to write a HACK which simply checks each applications right to enumerate files and folders and thats it. You are there. And what would be the cost? Joe’s photo editor will create a popup asking him if he wants some application to list files. Or Marry, while his new MP3 player builds a playlist, it might conflict.

and he also said this

wonderlust76 · May 18, 2011, 9:44pm

Well…if you take Geswall…it’s a very effective program but, as far as I know, it doesn’t sandbox anything…it limits softwares rights. So it’s a different approach, not always less effective (if in Comodo you set rights restriction to “untrusted”, then everything unknown you run is definitely blocked).
I prefer sandboxie approach: a virtual environment where, if you want, you can also restrict applications rights. It’s a matter of personal preferences…