CIS 10 stable released

Status
Not open for further replies.

Davidov

Level 10
Verified
Well-known
Sep 9, 2012
470
Chrome is already using the most sophisticated sandboxing available on Windows. The slave processes, which handle the untrustworthy code and have a chance of being exploited, have no file system access, can't spawn child processes and can't access the memory of other processes. Aside from that, the chances of running into an actual Chrome 0-day is so small that worrying about it rather qualifies as the early stages of fear and paranoia related mental diseases than being careful.

Chrome users get infected by downloading and executing the malware on their own and not through 0-day exploits.
It is good to know from Chrome sandbox is so good. This warm water is no longer needed Sandboxie? (Sandboxed chrome)
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Chrome is already using the most sophisticated sandboxing available on Windows. The slave processes, which handle the untrustworthy code and have a chance of being exploited, have no file system access, can't spawn child processes and can't access the memory of other processes. Aside from that, the chances of running into an actual Chrome 0-day is so small that worrying about it rather qualifies as the early stages of fear and paranoia related mental diseases than being careful.

Chrome users get infected by downloading and executing the malware on their own and not through 0-day exploits.
in reality, you are right. But Google does continually find and patch vulnerabilities, so if a user wants to be paranoid, it's not totally off the chart.

In Windows 10, I enabled the chrome flag for appcontainer lockdown , and that basically takes care of most possibilities.
 

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
I have seen warnings from EMET about Firefox a few times, so this is real. I am using the 360 sandbox for Dragon, because I like it better, but what about these settings for HIPS?

1. Proactive
2. HIPS Monitoring Settings-Monitor: Process Execution, Device Driver Installations, Protected Files/Folders, Computer Monitor, Keyboard
3. Protected Objects: Add User folder Documents/Pics/Videos/Music, Desktop, F:\, D:\

HIPS covers only these areas, so I don't have anything else over specifically covering them. This means I know exactly what the alert means. Flexibility of Comodo is almost 100% if it's not. I mean covering "Protected Files/Folders" includes all the boot vulnerables. So have I missed anything with these HIPS settings? Or is this overkill?

One thing I'm not sure about is the generation of the HIPS alerts. No matter what in Proactive they will come for unknown/unrecognized, is this correct?

BTW, why are ps1 files not considered executables? Also, what are the extensions for java? Don't see that here listed as an executable with Comodo. Maybe someone has a comment on Comodo's selections for this?
 
Last edited:

vivid

Level 5
Verified
Dec 8, 2014
206
Anyone know why Comodo uses the "Purge" button as the way to keep the various file lists fresh? Seems like the program could just offer user the chance to purge for themselves with a choice box or else auto-purge. Maybe I'm not seeing a problem here.
It's just an entry in a database. Impact is negligible. It is better to keep file info.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
So because it is chrome cred
Correct me if I am wrong, but I think this whole discussion about file source tracking is relevant only to the Internet Security and Firewall configs, but not to Proactive config, which has a global autosandbox policy.
If the first two configs no longer rely on file source tracking, so how do they work now?
to answer my own question, Firewall config -- which is the default config if you install CFW -- will autosandbox any unknown files that are less than three days old. But it will leave old files alone, unless they were created by browser, file downloader, etc, or their origin is the internet, removable media, etc.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
to answer my own question, Firewall config -- which is the default config if you install CFW -- will autosandbox any unknown files that are less than three days old. But it will leave old files alone, unless they were created by browser, file downloader, etc, or their origin is the internet, removable media, etc.
forgot to mention that in firewall config, you have to enable autosandbox, if you want it. By default, only HIPS is enabled, as in earlier versions. By the way, HIPS looks like it works better and more reliably in COMODO 10.

the new settings for firewall config should please @cruelsister, because files executed from desktop (or anywhere else) are covered by autosandbox -- as long as they are less than 3 days old. I think most people will not let an installer file or downloaded doc sit on their desktop for days on end before opening it -- I surely would not be able to resist the temptation -- so it's pretty secure this way.
 
Last edited:
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top