standalone autosandbox

[Jon79]

Hi Jon79,It's out of CCAV i.e. the way CCAV works, where we have Valkyrie integrated and a promise of ZERO-unknown running in system. Soon we are going to get into a state where we can start giving SLA for files to be cleaned up either safe or malware. Work in progress.

So, basically, any new app will run sandboxed first. Then, once Valkyrie gives the final verdict, the app will be either quarantined or allowed to run out of the sandbox

[Jon79]

You see, there are different types of malware, some malware are of type where each instance of malware is totally distinct per PC and for any cloud product, it must be uploaded unless it can be stopped based on further malicious behavior, for which we have recognizers aimed in CCAV, recognizers can be supported by additional detection routines which can identify these unique instances also.

Considering scanning over head is only for files running in Sandbox, you won't even like to turn off.

In my view, the standalone autosandbox should be as simple as possible, the first step in Comodo protection:

• CASB (Comodo Auto SandBox) with only the features I wrote below:
  

  • Cloud lookup to decide if a file is good (whitelisted), bad (blacklisted) or unknown
  • Auto-sandbox to block execution of bad files and to run unknown files inside the sandbox (plus the option to block internet connection to files running inside the sandbox)
  • Viruscope like it is now
• CCAV, which is CASB + realtime cloud AV + Valkyrie + light AV local DB + light FW
• CIS, which is CCAV + strong AV local DB + strong FW + HIPS + Secure Shopping

[yashkhan]

umesh,

It will be different product or you mean a proposition to turn CCAV into.............?

[Umesh]

Hi Jon79,

- Cloud lookup to decide if a file is good (whitelisted), bad (blacklisted) or unknown
- Auto-sandbox to block execution of bad files and to run unknown files inside the sandbox (plus the option to block internet connection to files running inside the sandbox)
- Viruscope like it is now

Agree. This allows you to run product alongside other AVs.

What if you still have following as optional for advanced users:

- AV for files running on Sandbox
- Firewall to control apps running in Sandbox

In my view, the standalone autosandbox should be as simple as possible, the first step in Comodo protection:

• CASB (Comodo Auto SandBox) with only the features I wrote below:
• CCAV, which is CASB + realtime cloud AV + Valkyrie + light AV local DB + light FW
• CIS, which is CCAV + strong AV local DB + strong FW + HIPS + Secure Shopping

[Umesh]

Either way, new product or CCAV converted.
The goal is:
You should be able to run this protection from Comodo alongside other AVs without performance hit and still be able to use Comodo's default deny architecture.

umesh,

It will be different product or you mean a proposition to turn CCAV into.............?

[qmarius]

I always wanted a conversion. Should make things even more interesting.

[Jon79]

Hi Jon79,

Agree. This allows you to run product alongside other AVs.

What if you still have following as optional for advanced users:

- AV for files running on Sandbox
- Firewall to control apps running in Sandbox

If a file runs in the sandbox, there is no need of an av controlling it. Of course, it would be good to send the file to Comodo cloud for analysis.

The firewall would be a good addon, but in my opinion it should be something based on windows firewall (such as tinywall or binisoft wfc)

[qmarius]

In my view, the standalone autosandbox should be as simple as possible, the first step in Comodo protection:

• CASB (Comodo Auto SandBox) with only the features I wrote below:
• CCAV, which is CASB + realtime cloud AV + Valkyrie + light AV local DB + light FW
• CIS, which is CCAV + strong AV local DB + strong FW + HIPS + Secure Shopping

I see that you are referring to components. Should be separate from Sandbox & added later given enough interest in my opinion.
I'm not sure if "simple as possible" is a good foundation. I'd like to see many options in such a product. Actually.. is it aimed at average user? Usability / Choices. When you think about it-- this kind of user might not use AV at all.
Since third-party products get officially in the game, rate of unexpected cases are on the rise. A "simple product" might not be easy to troubleshoot.


Just some thoughts.

[Jon79]

I see that you are referring to components. Should be separate from Sandbox & added later given enough interest in my opinion.
I'm not sure if "simple as possible" is a good foundation. I'd like to see many options in such a product. Actually.. is it aimed at average user? Usability / Choices. When you think about it-- this kind of user might not use AV at all.
Since third-party products get officially in the game, rate of unexpected cases are on the rise. A "simple product" might not be easy to troubleshoot.


Just some thoughts.

Every time someone points out a weakness of Comodo, Melih answers "you have the sandbox to protect you".
So, the sandbox should be the heart of Comodo protection.
Then, of course you need usability. And here the cloud lookup comes to help.

The problem is, the average user thinks that AV is everything you need, so Comodo should add it.
Then, there are the experienced users that, like you, wants more settings and more control.

If Comodo implements my suggestion, they can have one modular product that can cover nearly any taste:
- CASB for users who want a simple, but robust protection, maybe combined with other sw
- CCAV for the average users who want a "set and forget" sw
- CIS for experienced users who wanna fine tune their sw

[yashkhan]

I too would suggest as Jon79.......

Standalone Sandbox - (No Need AV)

AutoSandbox
Cloud Lookup
ViruScope
Firewall

Simple, Light & Effective Protection.......

[Graham1]

Regarding the firewall part, keep it really simple (like it is done on mobile phones). By default, prompt user for connection (outbound/inbound). The user then allows/denys connection (with option to remember). So in the GUI part for the firewall, applications would be listed showing 3 icons per application.

1. Application allowed to run (prompt, allow, deny)
2. Outbound connection (prompt, allow, deny)
3. Inbound connection (prompt, allow, deny)

... and that's it really. By default, all options would be set to prompt (unless set to allow all or deny all). Any clever filtering (which is required for security reasons) is actioned under the hood.

An example of this layout (GUI) can be seen in NoRoot Data Firewall (Simple Good Mobile)

[Jon79]

Regarding the firewall part, keep it really simple (like it is done on mobile phones). By default, prompt user for connection (outbound/inbound). The user then allows/denys connection (with option to remember). So in the GUI part for the firewall, applications would be listed showing 3 icons per application.

1. Application allowed to run (prompt, allow, deny)
2. Outbound connection (prompt, allow, deny)
3. Inbound connection (prompt, allow, deny)

... and that's it really. By default, all options would be set to prompt (unless set to allow all or deny all). Any clever filtering (which is required for security reasons) is actioned under the hood.

An example of this layout (GUI) can be seen in NoRoot Data Firewall (Simple Good Mobile)

i'd prefer the approach of tinywall:
- use windows firewall with advanced setting and block both in and out connections by default
- cancel every pre-defined rules and add own pre-defined rules (to be chosen by the user)
- don't allow any app to add or modify rules

[Jon79]

If a file runs in the sandbox, there is no need of an av controlling it. Of course, it would be good to send the file to Comodo cloud for analysis.

The firewall would be a good addon, but in my opinion it should be something based on windows firewall (such as tinywall or binisoft wfc)

maybe you can add an option during installation to have either the av realtime protection or just the sandbox protection.
something like "use comodo cloud av module to detect threats in realtime (uncheck if you already have an av)"

[Graham1]

i'd prefer the approach of tinywall:
- use windows firewall with advanced setting and block both in and out connections by default
- cancel every pre-defined rules and add own pre-defined rules (to be chosen by the user)
- don't allow any app to add or modify rules

I've not heard of Tinywall before but as long as it's simple to use, it get's my vote. As good as CIS (or CFW) is, I feel alot of the options available could be hidden (from GUI) and are actioned behind the scenes.

I'm not sure about blocking all connections by default unless you mean this is applied to all unknown applications.

[Graham1]

If a modular approach were to be taken, then you could do away with CIS (inc. CFW, CAV) and CCAV. New application could be called Comodo System Protection (CSP) which only includes a Sandbox by default. During installation, user is presented with a list of additional features (security modules) given a detailed description of what each of them does. This way you can either have the ultimate protection or base your configuration around existing security products.