"Untrusted" or "Fully Virtualized"?

Just wondering what you all would recommend as the setting for the sandbox in 6.2 – “untrusted” (as in Chiron’s very helpful guide), or “fully virtualized”? And why would you recommend that particular level? Thanks!

Personally, I’d love to recommend Fully Virtualized. However, for me I worry about the following two bug reports:
Keylogger run in FV Sandbox can log keystrokes from real computer coupled with Exploit uses trusted browser to leak data to net when FV. If either one of these bugs is fixed I believe my recommendation will change from Untrusted to Fully Virtualized, but for the moment I am too concerned about the possibility of keyloggers being able to steal passwords, and banking information, and being able to leak it through the firewall.

Thanks for the explanation, Chiron – and for keeping the guide updated. Very helpful!

No problem. Please let me know if you have any questions.

Thanks Chiron for your excellent guide

It was easy and extremely clear, wish all guides came with the same attention in details

coming back to this discussion (sorry for gravedigging) has this problem been solved ?

I looked at the two discussions and in both you indicated

Upon further review, Comodo has classified this as a possible enhancement.

Hopefully it will eventually be improved upon, but for now I will move this to Resolved.

so I am still confused if we can use “fully virtualized” or is better to stick with “untrusted” speaking about security and privacy

My hands are tied when it comes to forcing Comodo to classify vulnerabilities as bugs. However, just because it is no longer considered a bug does not mean it is being ignored. Enhancements can also be included in future releases, and I hope that they will be.

For now my advice has not changed from my post above. I would advise Untrusted, but if keylogging is not a major concern FV is also a good choice. Personally, I use FV as I keep a close eye on which apps are running in the sandbox, and whether I truly trust them. If I don’t trust them I kill their processes. Thus, keylogging is not a concern for me.

Let me know if you have any questions.


Thanks Chiron, you were very clear

I don’t really install much on my pc, so I think I could live with “fully virtualized” and in case kill proces, but I will stick to “untrusted” for the moment

would it be possible to set firewall block unrecognized programs in FV to access internet ?

I noticed that if some programs, like ATI Control Center, are executed during startup and are “captured” in sandbox because they are not recognized as trusted by Comodo

you can transfer to trusted list, but you will need to log off and on again if you want them to be running otherwise program will stay in sandbox until you reboot/log off and on

is there a way to move a program out of sandbox without making this ?

I have some other questions about the difference between HIPS and BB but this is not the right topic

I do not believe it is possible to differentiate between sandboxed and unsandboxed apps for the firewall rules.

No. If a program was sandboxed the only way to have it run properly is to stop and then restart the program. I assume that for the ATI Control Center, perhaps it requires certain changes to be made at boot, and that is why logging off and back on is necessary. This is just a guess, but I believe makes a certain amount of sense.

Sure. Please start a new topic and ask your questions there.