CIS 5.8 beta preview

[Hungry Man]

CIS becomes more and more user-friendly, and if they keep their promises for the v6 , big paid vendors, should worry

i hope too, on v6 probably CIS will beat such as NIS or even f-secure or other vendors..?!
we'll see it

If we had CIS beat 5.8 but with full virtualization it would beat other vendors. I'm confident in that.

The sandboxing feature is CIS's best. The AV isn't amazing but the ability to have your sandboxed untrusted files scanned in the cloud on launch is still great. The issue is that sandboxing is still broken in a lot of ways.

Once we get full virtualization on CIS it's going to be the best free security software that I can think of hands down.

 

[HeffeD]

The issue is that sandboxing is still broken in a lot of ways.

In what ways? Currently the only issue I've been seeing, is that people don't understand that the inert leftovers sitting on their drive after an infection has been blocked aren't the least bit dangerous. Sure, it would be nicer if they weren't there, but it isn't a sign that anything got past the sandbox.

 

[Hungry Man]

people don't understand that the inert leftovers sitting on their drive after an infection has been blocked aren't the least bit dangerous.

Well, for one thing I've heard that those files aren't necessarily so useless. Though I've never experienced proper infection.

I know the blackday trojan and one other I forget have broken out of the sandbox.

My biggest issue is that sandboxing will simply break applications because it's not customizable enough. Updating is often broken in legitimate applications.

There's also the fact that when you run an unknown item sandboxed that item is often broken at anything above Partially Limited. If it's broken you can't tell whether it's malicious or not, which is in my opinion the best part of sandboxing - getting to see a program without risk.

 

[HeffeD]

I know the blackday trojan and one other I forget have broken out of the sandbox.

If you find anything that can get out of the sandbox, report it to Comodo.

 

[Hungry Man]

I'm sure it has already been reported to Comodo as this was quite some time ago on Wilders (5.4 I believe)

Anyways, the point is that things have broken out of Comodo's sandbox. Even Sandboxie's. It's always nice to see improvements and one big improvement that Comodo is working on is full virtualization, which will stop those (harmless?) files from breaking out.

And hopefully once there's full virtualization we'll also see more customizability and fewer applications breaking outright.

 

[HeffeD]

It's always nice to see improvements and one big improvement that Comodo is working on is full virtualization, which will stop those (harmless?) files from breaking out.

Those files did not break out of the sandbox. They are remnants of a failed infection.

If you want full virtualization, you can always use the manual sandbox. Yes, I know it doesn't intercept unknown applications, but if you want to see what an application will do, you can definitely try it out in the manual sandbox.

 

[Hungry Man]

Manually sandboxing is a pain when you're just trying to run a file. Does the manual sandbox support full virtualization?

I'm not saying they broke out as in they used some clever bypassing mechanism but they exist on your actual system and that's the issue. Who's to say that those file are always harmless?

 

[HeffeD]

Yes the manual sandbox is a fully virtualized environment. It's not as user friendly as Sandboxie, but it's full virtualization.

As for harmless or not, if you find something that is still harmful after a reboot, Comodo would love to hear about it.

 

[Hungry Man]

I just don't see why the files that aren't sandboxed are necessarily harmless. It seems completely possible that they could be malicious. I'm not saying they necessarily are... but I see no reason to say that they definitely aren't.

Anyway, I've already said the two examples that I know to bypass the sandbox (even in untrusted) have almost definitely been submitted and perhaps the sandbox has even been updated to work better since then.

And full virtualization is not the only improvement that I'd like to see, it's just the one we've already heard rumors about.