What this guide is about?
This guide provides guidance on how to setup and use the CIS sandbox for different purposes. By sandbox I mean the virtualisation facilities of CIS including this Kiosk.The guide does not cover the Behavior Blocker despite the fact that the Behavior Blocker used to be called, confusingly in my view, the ‘auto-sandbox’. By setup I mean adjust security settings for risk management purposes, and other settings to make ussing the sandbox convenient.
What words I will use?
I will call the virtualisation facilities of CIS ‘the sandbox’ and what used to be called the autosandbox, the behavior blocker.
Why is this an issue?
The CIS sandbox can be used for many different purposes. As explained in more detail here if you use a sandbox for purposes that assume the threat is outside the sandbox, and then for a purpose that assumes the opposite you may run a significant security risk.
You can get round this problem by resetting the sandbox between conflicting purposes. But if you do by default you lose all the settings changes you have made to programs, including browser shortcuts etc. Pending introduction of multiple sandboxes, Comodo provides a work around for this by allowing you to add browser settings and extensions directories to sandbox exclusions. But this potentially leaves you exposed to any exploits that infect the browser itself - a browser infection aquired when browsing say gaming sites could still be active when you next use the sandbox for banking purposes. Also, since you are likely to be using the same browsers sandboxed and unsandboxed, these infections, which may be acquired in the relatively permissive environment of the sandbox, could take effect when you are not sandboxed.
In my view a safer approach is to create separate, non-virtualised, software (eg browser) installations for sandboxed use. You could create just two - one that assumes that the threat lies outside the sandbox, one that assumes it lies within. But, since this is really easy to do, while you are doing this you might as well set up separate software installations for each different purpose, allowing you to closely tailor security settings, and even the programs you choose to use to each purpose. This makes sense because the optimal security can vary significantly with purpose. For example settings needed to maintain anonymity (which is exceedingly difficult to do well) are quite different from those required for online banking. An collateral advantage of this approach is that you can set up software environments that are very efficient for carrying out specific tasks.
What approach do I use?
The common availability of portable versions of programs makes creating separate installations for different purposes really easy. I suggest creating a suite of such portable installations for each purpose in it’s own directory. A link to these purpose directories is created on the Kiosk desktop. Settings normally stored in the OS are also re-located into dedicated software installations where possible, and their security enhanced. For example dedicated password managers are used to store site shortcuts instead of say the OS password storage facility. I avoid inadvertent use of pre-installed relatively insecure software (eg IE) by removing these, and the links that might invoke them, from the sandbox. I add facilities that would be too inconvenient to set up for each use, for example truly anonymising browsing connections for the anonymous browsing purpose.
The main disadvantage of this approach apart from adding some complexity, is that you will need to make all settings changes in the purpose-specific portable installations when running them non-virtualised. All changes made when virtualised will be deleted when you reset the sandbox.
Normal and advanced users
Guidance is flagged as being for normal or advanced users. Normal users are reasonably competent computer users able to install software, change software settings, and perform simple file system operations (copying, moving, renaming, changing properties etc). Advanced users are assumed to have a sound technical understanding of the way their computer works, and so are able to take on more advanced tasks, eg involving setting up firewall and D+ rules and editing the registry. Advice for normal users is detailed, that for advanced users is higher level. It is presumed advanced users can work out how to perform the tasks required from a general description.
Testing of recommendations
These recommendations have been tested by a fellow Comodo user, Treefrogs, and recommendations for improvement incorporated. The testing thread starts here.
Follow this guideline for all purposes:
[ol]- General guideline.[/ol]
Then follow the guideline for all the specific purposes you have in mind:
- Anonymous browsing & other apps where secrecy of web activity is critical
- Browsing risky sites & trying out potentially risky software inc. gaming
- Corporate usage[/ol]
[i]Status: The guide is a draft - so please forgive any inaccuracies. Because it is a draft, any and all input regarding how it can be improved will be particularly gratefully received. Please post that input: here.
Preparation and responsibility: This introduction has been prepared by a volunteer moderator – with input from many other moderators and staff (Thanks everyone, especially: Treefrogs for his extensive testng work and suggestions, Chiron for his articles and in partic for his browser security add-on & non-■■■ comms service suggestions, HeffeD for his review, and Egemen - the latter via prior discussion, not review of this document). It has been produced on a best endeavors basis - please use at your own risk. it will be added to and corrected as we find out more about the sandbox. Note that I am not a member of staff and therefore cannot speak on behalf of Comodo.[/i]
Updated: 5 April 2013, to reflect changes up to CIS version 6.0.xxx.2708