Keylogger, Web cam logger and Clipboard logger — FAIL
System Protection — Pass
Sound logger — buggy
Tried in VBox Win 7 32 bit.
Could anybody send this to the developers so they can test it a fix the errors?
Despite this results, thinking now a sandbox process can not modify your computer but should be able to copy your keystrokes, make screenshots, copy the clip board or copy any information in the system even files and send it to internet without any notification of defense+ of firewall, this couldnt be good.
The test that creates a registry entry fails to create so when it run under the “limited” restriction level, but succeeds - writes to the fake registry - when it runs under the “restricted” level and the “untrusted” level.
The test fails to take a screen-shot when it runs with “limited” and “restricted” levels, but succeeds if run as “untrusted”.
The results are very inconsistent.
Another thing is that I get a global hook alert for the keylogging test, when instead, running inside the sandbox, it should have been silently blocked. (According to the help file, sandboxed programs are not allowed to set windows hooks.)
Edit: I don’t know what a windows hook mean, but I think this alert corresponds to it.
For what it’s worth, I tested this with CIS version 3 wth default settings in a Windows XP 32-bit VM:
Keylogging: PASS
Webcam Capture: Not Applicable (I don’t have a webcam)
Screenshot: PASS
Clipboard monitoring: PASS
System protection: PASS
Sound record: Not Applicable (I couldn’t be bothered testing this haha)
Anyway, seems like any decent HIPS should pass this easily. Of course, for “100%” protection, and for simplicity, it’s always best to simply default deny initial execution of anything untrusted.
CIS v4 with sandbox disabled, proactive security, safe mode for firewall and defense (which is what I strongly reccomend running untill most of the sandbox issues are fixed) completely passes all the tests.
You don’t need to run paranoid mode, that’s just extreme. Just disable the sandbox, and make sure proactive config is selected - this is what most of us have used in CIS 3, and it remains a great tradeoff between security and useability.
The reason this is not the default config in CIS (although many users have suggested that it should be), is becasue you still need to be able to make sensible decisions about pop up alerts, and for new users this can be daunting.
It is well worth using that config and learning how to answer alerts, even if sandbox features do get fixed in the near future.
@scarybear: In paranoid mode it doesn’t pass all tests here. I think the tests should already be passed in safe mode, the paramode is too much clicking for convenient use .
@begemot: for me with this config i didn’t pass all the tests
seems that there are different results for different users
Are you sure you have deleted all entries associated with the test before turning sandbox off and enabling proactive security? It’s just that I have recently installed v4 on 3 different computers, 2 of them Win7 and one XP, and all the tests are blocked. Comodo is not naturally inconsistent (for sure), it sounds to me very much like something isn’t right in you rules.