The automatic sandbox circumvented.

It is sorta saying that Lexus defines what car is and then saying that is not a car as it has not similar functionality and luxury Lexus has
HaHa :) +1

In the end it’s all semantics (language)… 88) :-X :wink:

Isn’t it the truth. But words count and at the least the Comodo “sandbox” might confuse people who expect a more robust protection. I can however understand why Comodo did not want to call it something more accurate like “Comodo intelligent application privilege control” or the like.

“Sandbox” is close, but in the interest of avoiding confusion we need to find a way from distinguishing the feature from sandboxing in the more commonly used stronger sense. For the casual user perhaps they won’t notice those extra files littering their computer or care about the distinction. However, the security gurus and reviewers are justified in saying the “sandbox didn’t work” if the word sandbox suggests something stronger. That can’t be good, so we need a solution, a good short terminology that is a good description of function maybe including some modifier of the term sandbox like “limited sandbox” which captures its function which will help people understand the design and its goals.

Or maybe there should be some option for the automatic sandbox to enable system virtualization. I think that would be very useful for many users.

Being some kind of security guru means one should be able to understand the security tools principles and its advantages and disadvantages to make a balanced judgment about the tools protection capabilities.

As you stated regular users would not notice the few extra files or folders. They wouldn’t care do not even notice them.

The gurus would know that even though files got picked up by scanners after a reboot these files would not be running in memory in memory nor would they find related autostart keys in the registry. In short they are harmless.

The regular users would not notice the dropped files/folders. So when the gurus start making a fuss about harmless files/folder it has me wonder. In the mid long term run the AV would pick them up in the obligatory (bi) weekly scan.

In short. The gurus make a problem only because they think Lexus (Sandboxie) is the only true definition of car (Sandbox).

!ot! Please let’s use our brain like how, Evolution, God, Allah, or whatever one wants to believe in, to its true capacity.

!ot! Guys be honest. Does your gf, fiancé, partner, wife even closely resemble your image of perfection of what a woman should be that you chase on the web on dodgy sites and is likely to get your pc infected? Remember that’s why you use CIS. 88) :wink: :smiley:

good metaphor, but it leaves the definition gap currently we can’t accord with.
I’m going to ask my professors in this week, that if the scratch space is not provided we can still define it a “sandbox.”

What’s scratch space? I don’t know what you mean. Even though I speak English pretty well; I am not a native speaker.

a ‘scratch space’ is just a temporary space that can be purged in any time. (c:\virtualroot is for comodo, c:\sandbox is for sandboxie.)
it’s referenced in wikipedia, you can find it here in detail.
[url=http://en.wikipedia.org/wiki/Sandbox_(computer_security)]http://en.wikipedia.org/wiki/Sandbox_(computer_security).[/url]

+100, and then we don’t have to change the name nor change the current policy.

Many people want. :-TU :THNK :THNK
Come on… ;D

I requested it here.
it will be great if reflected, I won’t need an additional sandbox like sandboxie anymore.

If registry and file system writes aren’t virtualized - it’s not a sandbox. I’ve been trying this feature over the past few beta versions and thought it was buggy or my setup was fragged.

I think the best option is to allow wildcards or specific folders in the “Always sandbox” tab so any programs launched from , say, the downloads folder would always be sandboxed (real sandboxing, with virtualization). The current “auto sandbox” feature should be renamed.

Okay, I understand it.
I show what I mean. Video at the bottom of the page. (Reply #38)
Please follow this thread:

https://forums.comodo.com/moderator-verified-issue-reports-cis/unrecognized-file-marked-as-trusted-t61787.0.html;new

Yes it is according to Wikipedia.

May be Comodo’s sandbox is not the luxury sandbox you take as a reference.

http://www.kernelthread.com/publications/security/sandboxing.html ;D

Sandboxing is a popular technique for creating confined execution environments, which could be be used for running untrusted programs. A sandbox limits, or reduces, the level of access its applications have — it is a container.

Considering this line:

The sandbox typically provides a tightly-controlled set of resources for guest programs to run in, such as scratch space on disk and memory
I think Comodo's definition is the exception. In any case, I think they ought to rename it to differentiate from the more secure manual sandboxing feature.

Why not call it automatic or advanced UAC?
Is it trademarked by Microsoft?

Or maybe Defense+ Limiter or Defense+ Coating… :slight_smile:
Time to create a new game… How should we name the sandbox today!

Here is another one, Defense+ Incubator. If a virus may grow in it, Defense+ will know it :slight_smile: