You can erase all traces after your banking session if you wish. Or encrypt them. In the sandbox (presuming no leaks) everything is kept in one box so you can be sure of total deletion or encryption
You can make the sandbox a dedicated banking environment, making it more efficient, more secure (using banking-specific settings) and less likely you will make errors like using the wrong browser, or browser setting, password manager, navigating to phishing URLs etc etc etc
Point 2. would be enhanced if Comodo allowed multiple sandboxes. But you can get the advantage now if you don’t use the sandbox for anything else, and you can get most of the advantage if you use it for a restricted range of compatible purposes
I just use Dragon in the Kiosk for all sensitive things including banking. No other steps have been done and no settings changed from Dragon outside the Kiosk. What is wrong with this? it seems sufficient to me. If I need to do all those other things (which I won’t), then the Kiosk is essentially useless. Needing to take all those additional steps is ridiculous.
If you really need a different browser when in the Kiosk, then Comodo should provide one and make it part of the Kiosk itself with all the needed settings as defaults like Avast does with their Safe Zone.
Please read the above topic, and in partic the first and banking posts to understand. Then read my reply to Justin. If you then have detailed queries I will be very happy to help.
Thanks mouse, I read your reply very carefully and have two followup questions (along with couple comments).
I understand secure delete idea. I suppose if I require my secure banking browser settings to delete everything upon exit, it may come close but not close enough (as it would not be secure shred). Still, I guess I am not too concerned about this, because I doubt any banks store my password or other sensitive information anywhere on my system, encrypted or not (or am I too naive)?
Separately, I think there is a usability issue here since I am not sure I always want to delete some cookies if I want the banking site to remember that this is a “known” PC where I do NOT want it to keep asking me additional “security” questions or other info to login (which is what most sites do when they see computer for the first time).
I am not worried about it being more or less efficient (small performance delay is OK for banking site operations). I am also not worried about using wrong browser, because (a) I personally am careful in this regard and (b) if I weren’t careful enough, I feel like I would just as likely forget to use Kiosk in the first place, as I am to use the right browser. Still, if it helps some folks remember, I completely understand the importance of this benefit.
Now, what I mostly want to concentrate on in your answer is the “more secure (using banking-specific settings)” part of your reply. Could you clarify what settings would make your proposed setup more secure that would not be achievable by making browser-only settings in the banking browser? In other words, I think you are saying some settings in Kiosk itself (not in browser used in Kiosk) make it a more secure environment. What are those settings and why are they making it more secure (if not obvious from the settings themselves)?
Most browser clean functions are not comprehensive. Probably none are. And they are not secure delete. In sandbox you can use separate Comodo secure delete tool to fully clean everything at once.
Separately, I think there is a usability issue here since I am not sure I always want to delete some cookies if I want the banking site to remember that this is a "known" PC where I do NOT want it to keep asking me additional "security" questions or other info to login (which is what most sites do when they see computer for the first time).
I have not had this problem with my banking site. Probably the behavior you talk about is external IP linked not cookie linked? Cookies are typically pretty insecure so I doubt banking sites use them to store secure user data, though maybe they do if they can be strongly encrypted. Other sites do of course. You could make an exception for them if you were sure they were secure.
I am not worried about it being more or less efficient (small performance delay is OK for banking site operations). I am also not worried about using wrong browser, because (a) I personally am careful in this regard and (b) if I weren't careful enough, I feel like I would just as likely forget to use Kiosk in the first place, as I am to use the right browser. Still, if it helps some folks remember, I completely understand the importance of this benefit.
It's not just the wrong browser, it's the wrong browser instance, set up to be secure in the way best suited to banking. And all the ancilliary software, like secure password management, all in the same environment. Most people would find it difficult to ensure they always used the right bits together say under stress, but some people of course would not. Dedicated environments are efficient speed-wise too.
Now, what I mostly want to concentrate on in your answer is the "more secure (using banking-specific settings)" part of your reply. Could you clarify [b][i]what settings would make your proposed setup more secure that would not be achievable by making browser-only settings in the banking browser?[/i][/b] In other words, I think you are saying some settings in Kiosk itself (not in browser used in Kiosk) make it a more secure environment. What are those settings and why are they making it more secure (if not obvious from the settings themselves)?
They are the settings in the assemblage of software brought together for this purpose - you can find these settings and the software I suggest in the General and Banking sections above. You could replicate all but the Kiosk settings externally, if you made dedicated browser, CIS, and other app installations. But then those installations would be unsuitable for more general purposes and they would not be assembled together in a way that makes doing the right thing for banking easiest, and visually signals you're in the banking environment. Also it would be difficult to ensure the data they jointly create is securely deleted in one go. This is very important for things like clipboards, and password software which is not carefully designed and creates say insecure temp files.
All this would be improved of course if there was support for multiples sandboxes.
Thanks for this Information Mouse. I am new to Comodo.
With regards to money transfer, I only use a credit card online (no banking) and wonder which option (1 or 2) I should use for this in the following list you gave?
1. Banking & other apps where private communication to the correct location is critical
2. Anonymous browsing & other apps where secrecy of web activity is critical
3. Browsing risky sites & trying out potentially risky software inc. gaming
4. Corporate usage
Also, I use Gmail webmail, and other sites I log into. Which option for this please?