CIS 10 stable released

[Davidov]

Chrome is already using the most sophisticated sandboxing available on Windows. The slave processes, which handle the untrustworthy code and have a chance of being exploited, have no file system access, can't spawn child processes and can't access the memory of other processes. Aside from that, the chances of running into an actual Chrome 0-day is so small that worrying about it rather qualifies as the early stages of fear and paranoia related mental diseases than being careful.

Chrome users get infected by downloading and executing the malware on their own and not through 0-day exploits.

It is good to know from Chrome sandbox is so good. This warm water is no longer needed Sandboxie? (Sandboxed chrome)

 

[shmu26]

Chrome is already using the most sophisticated sandboxing available on Windows. The slave processes, which handle the untrustworthy code and have a chance of being exploited, have no file system access, can't spawn child processes and can't access the memory of other processes. Aside from that, the chances of running into an actual Chrome 0-day is so small that worrying about it rather qualifies as the early stages of fear and paranoia related mental diseases than being careful.

Chrome users get infected by downloading and executing the malware on their own and not through 0-day exploits.

in reality, you are right. But Google does continually find and patch vulnerabilities, so if a user wants to be paranoid, it's not totally off the chart.

In Windows 10, I enabled the chrome flag for appcontainer lockdown , and that basically takes care of most possibilities.

 

[AtlBo]

I have seen warnings from EMET about Firefox a few times, so this is real. I am using the 360 sandbox for Dragon, because I like it better, but what about these settings for HIPS?

1. Proactive
2. HIPS Monitoring Settings-Monitor: Process Execution, Device Driver Installations, Protected Files/Folders, Computer Monitor, Keyboard
3. Protected Objects: Add User folder Documents/Pics/Videos/Music, Desktop, F:\, D:\

HIPS covers only these areas, so I don't have anything else over specifically covering them. This means I know exactly what the alert means. Flexibility of Comodo is almost 100% if it's not. I mean covering "Protected Files/Folders" includes all the boot vulnerables. So have I missed anything with these HIPS settings? Or is this overkill?

One thing I'm not sure about is the generation of the HIPS alerts. No matter what in Proactive they will come for unknown/unrecognized, is this correct?

BTW, why are ps1 files not considered executables? Also, what are the extensions for java? Don't see that here listed as an executable with Comodo. Maybe someone has a comment on Comodo's selections for this?

 

[vivid]

Anyone know why Comodo uses the "Purge" button as the way to keep the various file lists fresh? Seems like the program could just offer user the chance to purge for themselves with a choice box or else auto-purge. Maybe I'm not seeing a problem here.

It's just an entry in a database. Impact is negligible. It is better to keep file info.

 

[shmu26]

So because it is chrome cred

Correct me if I am wrong, but I think this whole discussion about file source tracking is relevant only to the Internet Security and Firewall configs, but not to Proactive config, which has a global autosandbox policy.
If the first two configs no longer rely on file source tracking, so how do they work now?

to answer my own question, Firewall config -- which is the default config if you install CFW -- will autosandbox any unknown files that are less than three days old. But it will leave old files alone, unless they were created by browser, file downloader, etc, or their origin is the internet, removable media, etc.

 

[shmu26]

to answer my own question, Firewall config -- which is the default config if you install CFW -- will autosandbox any unknown files that are less than three days old. But it will leave old files alone, unless they were created by browser, file downloader, etc, or their origin is the internet, removable media, etc.

forgot to mention that in firewall config, you have to enable autosandbox, if you want it. By default, only HIPS is enabled, as in earlier versions. By the way, HIPS looks like it works better and more reliably in COMODO 10.

the new settings for firewall config should please @cruelsister, because files executed from desktop (or anywhere else) are covered by autosandbox -- as long as they are less than 3 days old. I think most people will not let an installer file or downloaded doc sit on their desktop for days on end before opening it -- I surely would not be able to resist the temptation -- so it's pretty secure this way.