Author Topic: standalone autosandbox  (Read 1135 times)

Offline Jon79

  • Comodo's Hero
  • *****
  • Posts: 816
standalone autosandbox
« on: March 08, 2017, 04:33:30 PM »
something like the current CCAV, but without the realtime AV e Valkyrie.
Just cloud lookup to check if a file is in the whitelist or blacklist, a sandbox to automatically sandbox unknown and viruscope to revert changes.
or, if you prefer, CFW without firewall and HIPS
« Last Edit: March 08, 2017, 04:37:12 PM by Jon79 »

Offline wasgij6

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5398
Re: standalone autosandbox
« Reply #1 on: March 08, 2017, 04:45:55 PM »
Couldnt you run CCAV with the AV disabled?
| Win 10 Pro (x64) | UAC Disabled | CCAV | Intel i7 4770k | Asus Maximus VI Formula Mobo | Asus GeForce GTX 780 | G.Skill TridentX 32gb RAM | Samsung 850 Pro SSD |

Offline Jon79

  • Comodo's Hero
  • *****
  • Posts: 816
Re: standalone autosandbox
« Reply #2 on: March 08, 2017, 05:26:25 PM »
i guess i'll have a red X and a warning... plus, i dont think i'd be able to run it alongside another av

Offline wasgij6

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5398
Re: standalone autosandbox
« Reply #3 on: March 09, 2017, 12:34:43 AM »
yea i guess that would be a workaround until the functionality/product gets developed. Instead of a new product i think the best option would be to add an option in ccav to have on demand scanning only instead of realtime.
| Win 10 Pro (x64) | UAC Disabled | CCAV | Intel i7 4770k | Asus Maximus VI Formula Mobo | Asus GeForce GTX 780 | G.Skill TridentX 32gb RAM | Samsung 850 Pro SSD |

Offline Jon79

  • Comodo's Hero
  • *****
  • Posts: 816
Re: standalone autosandbox
« Reply #4 on: March 09, 2017, 02:15:36 AM »
Well, actually, if what umesh said will become true:

Finally it will have a light local AV (with zero performance overhead) and a light firewall added to it.

CCAV could become more intresting as it.

But with a standalone autosandbox, anyone could build up his/her own best security pack (for example, tinywall + comodo autosandbox + qihoo 360)
« Last Edit: March 09, 2017, 02:17:40 AM by Jon79 »

Offline Graham1

  • Comodo's Hero
  • *****
  • Posts: 1844
Re: standalone autosandbox
« Reply #5 on: March 09, 2017, 06:49:21 AM »
I would also like to see a standalone Sandbox application. Ideally, this being Comodo's flagship product (no CIS or CCAV) but making it modular so that you can include (during or post installation) additional modules like a firewall, antivirus (inc. cloud based lookup), hips and any future technologies that may come and go.

I'm really buying into the sandbox (virtualization) protection as the main form of protection but I can understand Comodo's approach to including other modules by default (i.e CIS with antivirus or firewall or CCAV with antivirus) as most users "still" believe this offers the best protection.

Regarding making said Comodo product compatible with other third party security products, good idea but must be tricky/hard work for Comodo developers to acheive this.

:)
Ubuntu 16.04 LTS (x64) | Chromium | Comodo Cloud Antivirus | Privacy Badger | HTTPS Everywhere

https://www.thevenusproject.com | Beyond Politics Poverty and War

Offline Jon79

  • Comodo's Hero
  • *****
  • Posts: 816
Re: standalone autosandbox
« Reply #6 on: March 09, 2017, 09:14:41 AM »
... making it modular so that you can include (during or post installation) additional modules like a firewall, antivirus (inc. cloud based lookup), hips and any future technologies that may come and go.

Yeah, that would be the best :)


I'm really buying into the sandbox (virtualization) protection as the main form of protection but I can understand Comodo's approach to including other modules by default (i.e CIS with antivirus or firewall or CCAV with antivirus) as most users "still" believe this offers the best protection.

Totally agree, average users just check the detection rate, something Comodo has never been on top...


Regarding making said Comodo product compatible with other third party security products, good idea but must be tricky/hard work for Comodo developers to acheive this.

I think if they just remove (or make an option to disable) realtime protection, then there should not be any compatibility issue

Offline umesh

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 1050
    • COMODO
Re: standalone autosandbox
« Reply #7 on: March 09, 2017, 10:01:52 AM »
I see this as a request for a product "Comodo Sandbox".

Lets create a poll and see the interest.

Offline windstorm

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 3060
  • Veritas Lux Mea
Re: standalone autosandbox
« Reply #8 on: March 09, 2017, 11:02:29 AM »
I thought there is a poll already. At least, that's what I voted for.
https://forums.comodo.com/news-announcements-feedback-cis/standlone-comodo-virtual-kiosk-t93891.0.html

Offline umesh

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 1050
    • COMODO
Re: standalone autosandbox
« Reply #9 on: March 09, 2017, 11:07:19 AM »
Thanks for pointing.

Let us come up with a proposition of exact nature of it.

I thought there is a poll already. At least, that's what I voted for.
https://forums.comodo.com/news-announcements-feedback-cis/standlone-comodo-virtual-kiosk-t93891.0.html

Offline umesh

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 1050
    • COMODO
Re: standalone autosandbox
« Reply #10 on: March 17, 2017, 10:04:02 AM »
What do you guys think about following proposition:
- On-access AV part is removed from CCAV and it becomes pure Sandbox with a caveat that when unknown application is run inside Sandbox, it is scanned using traditional AV signatures.

What this means:
- You can still run it along with any other AV products.
- There is no downgrade in performance as scanning of files coming in picture only when unknown application ends up running in Sandbox.
- You have all the benefits of Cloud
- You still have default deny i.e. if file unknown, it runs in Sandbox.

So you have a mix of
"Low Impact on System" + "Default-Deny" + "Traditional AV detection" + "Compatibility with any other AV product".

and at some point when you have realized that your AV passed what CCAV protected you against, you may ditch :) other AV  and rely on light weight product that protects you against old, new and yet to born viruses as that's the future of client security as traditional detection approach can not be sustained.

Your feedback is appreciated.

Thanks
-umesh

Offline Jon79

  • Comodo's Hero
  • *****
  • Posts: 816
Re: standalone autosandbox
« Reply #11 on: March 17, 2017, 10:39:29 AM »
What do you guys think about following proposition:
- On-access AV part is removed from CCAV and it becomes pure Sandbox with a caveat that when unknown application is run inside Sandbox, it is scanned using traditional AV signatures.

What this means:
- You can still run it along with any other AV products.
- There is no downgrade in performance as scanning of files coming in picture only when unknown application ends up running in Sandbox.
- You have all the benefits of Cloud
- You still have default deny i.e. if file unknown, it runs in Sandbox.

So you have a mix of
"Low Impact on System" + "Default-Deny" + "Traditional AV detection" + "Compatibility with any other AV product".

and at some point when you have realized that your AV passed what CCAV protected you against, you may ditch :) other AV  and rely on light weight product that protects you against old, new and yet to born viruses as that's the future of client security as traditional detection approach can not be sustained.

Your feedback is appreciated.

Thanks
-umesh

It seems a nice idea :)

Just a question: how will it decide if the file is bad, good or unknown? By cloud lookup (like in CFW)?
I'd avoid the traditional AV signatures, I like the way CFW works, purely on cloud.

My idea is to get a CFW without HIPS and with a light FW (maybe relying on Windows Firewall and just adding the outgoing filtering. Or just a simple option to block internet connection to apps that run in the sandbox - something similar to Qihoo 360's sandbox):
  • Cloud lookup to decide if a file is good (whitelisted), bad (blacklisted) or unknown
  • Auto-sandbox to block execution of bad files and to run unknown files inside the sandbox (plus the option to block internet connection to files running inside the sandbox)
  • Viruscope like it is now
« Last Edit: March 17, 2017, 10:48:32 AM by Jon79 »

Offline Yash Khan

  • Comodo's Hero
  • *****
  • Posts: 5112
Re: standalone autosandbox
« Reply #12 on: March 17, 2017, 10:47:26 AM »
umesh,

I kinda like the idea........ :-TU

What do you mean by "Traditional Signatures"?.........And how it will be implemented for detection?

Offline umesh

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 1050
    • COMODO
Re: standalone autosandbox
« Reply #13 on: March 17, 2017, 10:50:01 AM »
Hi Jon79,
Quote
Just a question: how will it decide if the file is bad, good or unknown? By cloud lookup (like in CFW)?
It's out of CCAV i.e. the way CCAV works, where we have Valkyrie integrated and a promise of ZERO-unknown running in system. Soon we are going to get into a state where we can start giving SLA for files to be cleaned up either safe or malware. Work in progress.

Quote
I'd avoid the traditional AV signatures, I like the way CFW works, purely on cloud.
Comodo Firewall is a great product but not everyone understands Firewall(except very technical people like you  :)), people look for AV, which can do other things.

Quote
just a simple option to block internet connection to apps that run in the sandbox - something similar to Qihoo 360's sandbox):
Sure can be added as an option in this product for advanced users.

It seems a nice idea :)

Just a question: how will it decide if the file is bad, good or unknown? By cloud lookup (like in CFW)?
I'd avoid the traditional AV signatures, I like the way CFW works, purely on cloud.

My idea is to get a CFW without HIPS and with a light FW (maybe relying on Windows Firewall and just adding the outgoing filtering. Or just a simple option to block internet connection to apps that run in the sandbox - something similar to Qihoo 360's sandbox):
  • Cloud lookup to decide if a file is good (whitelisted), bad (blacklisted) or unknown
  • Auto-sandbox to block execution of bad files and to run unknown files inside the sandbox (plus the option to block internet connection to files running inside the sandbox)
  • Viruscope like it is now

Offline umesh

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 1050
    • COMODO
Re: standalone autosandbox
« Reply #14 on: March 17, 2017, 10:56:41 AM »
Quote
What do you mean by "Traditional Signatures"?.........And how it will be implemented for detection?

You see, there are different types of malware, some malware are of type where each instance of malware is totally distinct per PC and for any cloud product, it must be uploaded unless it can be stopped based on further malicious behavior, for which we have recognizers aimed in CCAV, recognizers can be supported by additional detection routines which can identify these unique instances also.

Considering scanning over head is only for files running in Sandbox, you won't even like to turn off.

umesh,

I kinda like the idea........ :-TU

What do you mean by "Traditional Signatures"?.........And how it will be implemented for detection?

 

Seo4Smf 2.0 © SmfMod.Com Smf Destek