Sandbox

What about a sandbox type application, such as sandboxie:

Mike

One thing I don’t understand about Sandboxie…

From the website: “Sandboxie changes the rules such that write operations do not make it back to your hard disk.”

It says write operations go to the sandbox instead. So, my question, is where is the sandbox located?

I could be wrond here, but if this is like it used to be, they use a portion of your memory to make a RAM drive (ram hard drive) to write to. It looks like a harddrive when writing information. A virtual drive by another name. :slight_smile:

You’re halfway there, Lee.

A sandbox is a virtual PC, sort of. It sets up a virtual drive, which is a replica of the boot drive. It also sets up a virtual memory model, as well. When an application is run in the sandpit, it thinks it is running in the conventional memory space, writing to a physical drive when it needs to. The application is actually running in a protected memory space writing to a virtual drive.

Sandpits are great for testing software in development, but they can also be used to check out new pieces of software without stuffing up a working PC.

Imagine if a firewall/antivirus/HIPS type application had the ability to invoke a sandpit if it detected suspicious activity, so the trojan (or whatever) could run amok, attempting to infect a virtual system, without affecting the working environment. Not only would this protect your system, it would also be a great way of diagnosing and reporting a live infection, without impacting your PC.

Oh, wouldn’t it be luverly …

Ewen :slight_smile:
(WCF3) (WCF3) (WCF3) OI OI OI!

Actually, it sounds like using a mainframe again. :smiley: With setting up the different environments and running independent applications in each area.
Thanks for a better explanation Ewen. I never know just how technical to make an answer as I don’t know the questioners background.
Have a great week.
BTW. It is 97 degrees here in Alabama today. Thats about 105 heat index. ;D

Lee

A sandbox application will be a nice addition to security appliances from Comodo.

Agreed. I’m SandboxIE user myself, it works perfectly. But having something similar integrated with other Comodo products would be even better.

If I have read/understood the post on CAV 2.0 correctly, it will include some sandbox style technology.

Stay tuned!
(R)

I agree that CAVS should in fact create it’s own VM upon install,with a bassline of an uninfected,smooth running system.From this point on if at anytime ther system becomes sluggish or infected in any way,the bassline can be easily restored. (:WIN)

I use Sandboxie. The actual location of the sandbox is ‘C:\Documents and Settings[i]UserName[/i]\Application Data\Sandbox’. Inside that, there looks to be a file structure that somewhat duplicates the files in Windows proper. There’s a folder called HarddiskVolume1 (which I assume is the protected environment) with sub-folders called: Windows - Documents and Settings - Program Files.

When you empty the sandbox, it doesn’t delete files from the real Windows file structure. I think the idea is that any changes made to the sandboxed directories can be deleted at the end of a browsing session, or at a time of your choosing. Downloads can be rescued from the sandbox before emptying it. The program seems to work well.

Sandbox applications take up a lot of memory. I’d rather simply prevent malware than open it in a virtual environment.

I like to prevent malware by other methods too. Sandboxie is just one layer of security. Running the browser via the sandbox means I don’t have to take particular precautions for if I should come across a malicious site. Threats can come by ways other than through the browser of course, so other security measures are also in place, including the Comodo firewall.

I haven’t noticed the sandbox ever taking up very much memory There are 3 enrties in Task Manager for Sandboxie when Firefox is open (running sandboxed). They total around 7Mb, which doesn’t seem too bad.

I actually really like this idea of running the browser in the sanbox. If the CPF added:

  1. HIPS to cover entry point vectors
  2. HIPS to monitro processes/executeables and
  3. A sandbox to run the Browser in

It would pretty much make your computer like Fort Knox when coupled with a top notch antivirus.

it would indeed :slight_smile: lets see what Ver 3 has in store for us :wink:

Melih

This is sounding better all the time…roll on version3 (J)

Yes, CPF V3 is sounding AWESOME. I will certainly download it as soon as it is out of beta. Until then, you could run CPF with System Saftey Monitor and Sanboxie to get that kind of protection.

With those apps you should be fine, but when CPF 3 and CAVS2 is released I believe you will have a greater protection with them.

Some of the features for CPF3: Buffer Overflow Protection, Vista/64 bit compatibly, and much more :wink:

Question: how will we know how good CAVS2 is? With a firewall, you can go to all the firewall leak test sites and see for yourself. With an antivirus program, it’s not that simple.

When Comodo enters CAVS2 in the Antivirus tests such as Virus Bulletin.

I am glad to hear that Comodo plans to do that. Virus Bulletin is the site I use to evaluate the quality of an AV. But when I mentioned this earlier this year, I was met with a little resistance.