Comodo's Sandbox

[Tony Cole]

Hi Everyone:

I wanted to know/ask a question:

Does Comodo have a powerful sandbox i.e., the sandboxed web browser?

Tony

 

[yigido]

One of the smartest thing on the security area, this is sandbox.
In my opinion Comodo sandbox is good for unknown malicious files. v8 sandbox is more powerful than v7 sandbox. I heard this from egemen on Comodo forum.

 

[Tony Cole]

So, if you ran the web browser in the sandbox and you downloaded a file which was a virus, or ransomware would you be safe?

 

[yigido]

So, if you ran the web browser in the sandbox and you downloaded a file which was a virus, or ransomware would you be safe?

You will be safe, do not worry about it Try some adwares or trojan while you are surfing in comodo sandbox. It is like sandboxie.

 

[Tony Cole]

Thank you yigido!

 

[yigido]

Thank you yigido!

No problem inform me about your experience.
Please read this guide for sandboxed browsers : https://help.comodo.com/topic-72-1-623-7623-Run-an-Application-in-the-Sandbox.html#sb_run_browser

 

[hjlbx]

Hi Everyone:

I wanted to know/ask a question:

Does Comodo have a powerful sandbox i.e., the sandboxed web browser?

Tony

Hello Tony Cole:

Comodo's sandbox is solid, respectable. The auto-sandbox feature is slick. I think Comodo will continue to develop and refine the sandbox as they seem to be much less concerned with AV and web-filtering protections.

WARNING! With any virtualization software, if malware runs virtualized then the session is infected. Data may be stolen!

Comodo Internet Security's sandbox/virtual kiosk has essentially two modes:

1. Fully Virtualized - runs applications sandboxed similar to Sandboxie (but without Sandboxie's driver installation blocking and reduced permissions capabilities).

2. Restricted (access/permission restrictions) - runs applications sandboxed not virtualized but with access/permission restrictions.

No. 1 is now the default setting as there were problems with apps not being able to work properly using No. 2. More importantly, No. 2 is/was less secure - some malwares were able to circumvent the restricted access/permissions.

You can switch between 1 and 2 easily enough, however...

I am not a fan of access/permissions sandboxes. New ways to circumvent these protections using clever shortcuts, command line, file renaming, etc creep up on a semi-regular basis. It's debatable, but I have a nagging feeling that there are enough undiscovered ways to circumvent policy sandboxes that they are not trustworthy.

AppGuard, for example, proudly states "no breach has ever been reported in its entire history (paraphrase)." Its protections are almost entirely access/permissions based.

I can confirm that a member here a MT discovered a clever way to completely defeat AppGuard !!

So, in short, when I used CIS I did not use the Restrictions sandbox. When I did, it caused graphics drivers to not function.

Comodo Internet Security is a powerful, complete security solution for home user - if that is what you are looking for.

Hope this answers some of your questions.

 

[cruelsister]

With any virtualization software, if malware runs virtualized then the session is infected. Data may be stolen!

This is a good point- if one is running an undetected keylogger, downloader, or worm in the sandbox a network connection allowed will be no good at all.

With Comodo Firewall it can be avoided in a few different ways. Note that the Default Firewall settings (for some odd reason) will not automatically alert to outbound connections, so a change has to be made. Any of the below 3 will do the trick:

1). Change the firewall Setting from Safe Mode to Custom Mode. Now ANYTHING (fair or foul) that requests Outbound connections will prompt an alert.

2). Stay with Safe Mode, but in Firewall Settings uncheck the "Do Not Show firewall Alerts" box. Now anything in the firewall that requests Network connectivity will result in a popup.

3). For those that can't be trusted to make a proper decision, leave the "Do Not Show firewall Alerts" box checked, but change from "Allow Requests" to "Block requests". This will prevent any sandboxed files from OutBound connections silently.

 

[Tony Cole]

Thanks cruelsister, I was giving Comodo a try on my old laptop, looks good and I like the sandbox browser. I wish I had your knowledge on all things IT.

 

[Billcomputerman123]

i personaly use comodo firewall with avast free antivirus and avg free antivirus

 

[Billcomputerman123]

Thanks cruelsister, I was giving Comodo a try on my old laptop, looks good and I like the sandbox browser. I wish I had your knowledge on all things IT.

try this combo avg free antivirus+comodo firewall+malwarebytes antimalware free

 

[hjlbx]

I wish I had your knowledge on all things IT.

It will be alright... keep your sanity.

 

[jamescv7]

Very strong concept made from Comodo Sandbox, it goes very effective that majority of test even before securely execute any applications to an isolated environment and reset the data without any traces happen to the real system itself.

The difference is that use for user interaction method when detected via BB/HIPS feature for as recommended option for unsure prevalence behavior file.

 

[cruelsister]

James- the HIPS feature (and AV for that matter) is really pointless with the Sandbox enabled as it will just be alerting to things already isolated. But even if you enable it, it can be set to "Never Alert" which would never result in a popup and always carrying out the default action- this takes any user interaction out of the equation.

 

[Deleted member 2913]

This is a good point- if one is running an undetected keylogger, downloader, or worm in the sandbox a network connection allowed will be no good at all.

With Comodo Firewall it can be avoided in a few different ways. Note that the Default Firewall settings (for some odd reason) will not automatically alert to outbound connections, so a change has to be made. Any of the below 3 will do the trick:

1). Change the firewall Setting from Safe Mode to Custom Mode. Now ANYTHING (fair or foul) that requests Outbound connections will prompt an alert.

2). Stay with Safe Mode, but in Firewall Settings uncheck the "Do Not Show firewall Alerts" box. Now anything in the firewall that requests Network connectivity will result in a popup.

3). For those that can't be trusted to make a proper decision, leave the "Do Not Show firewall Alerts" box checked, but change from "Allow Requests" to "Block requests". This will prevent any sandboxed files from OutBound connections silently.

But it will also block outbound connections for apps outside sandbox, right?

I think they should have an additional option for sandbox apps wherein one can select to either alert, allow or block outbound connection, what say?

 

[cruelsister]

Actually they have all of the possibilities you note. Consider these Firewall settings in more detail:

1). Custom Mode- this will provide alerts (Allow/Block) for OutBound requests from both Safe and Unknown applications either in or out of the Sandbox.

2). Safe Mode with the "Do Not Sow Popup Alerts" box unchecked- this will automatically allow all whitelisted (safe) applications to connect Outbound without alerts, but any Unknown (sandboxed) application or file will generate the Allow/Block Firewall popup.

3). Safe Mode with the "Do Not Sow Popup Alerts" checked and "Block Requests" option chosen- this will automatically allow all whitelisted (safe) applications to connect Outbound without alerts, and all Unknown (sandboxed) applications will be blocked silently.

I would rather see Firewall choice of "Block all Requests from isolated applications" being present, but this really is just quibbling over words.

 

[Deleted member 2913]

On Unlimited rights alert I selected "Run Isolated" & installed an app.
Now how to access that app?

 

[rocky]

Personally I never run a browser or trusted app. in the sandbox intentional. I reserve it for untrusted or unknown. If something bad comes in it is going to the sandbox anyway so I run my programs out of the sandbox away from the danger. In that theory your session is safe. And then setting the firewall to auto block becomes a very powerful tool . My theory is I want nothing but the bad in the sand box and it is working here for a long time with kids going to game sites everyday.

 

[vivid]

Data theft has been discussed for some time in the forums. Some popular requests include :
* keystroke encryption
* multiple sandboxes
* checks for invalid/corrupt ssl
* secure deletion
* application bandwidth limits
* saving virtualized data to RAM
etc.

These will most likely be implemented in the near future. (some were implemented under business category from my observations)

 

[hjlbx]

Data theft has been discussed for some time in the forums. Some popular requests include :
* keystroke encryption
* multiple sandboxes
* checks for invalid/corrupt ssl
* secure deletion
* application bandwidth limits
* saving virtualized data to RAM
etc.

These will most likely be implemented in the near future. (some were implemented under business category from my observations)

Inside the virtual kiosk there are already keylogger counter-measures. I simply added Oxynger KeyShield.

When you sandbox apps individually there is no cross-over between the sandboxes. Plus the virtual kiosk is separate as well. The hidden directory C:\VTRoot is the same, if that is what you mean, but I believe the individual data is contained within separate sub-directories.

For secure deletion why not simply use CCleaner or any of the other multitude of freeware options?

Set write cache to RAM - this would seem like a really great idea, and I submitted a RAMDisk request, but I think it is technically problematic - depending upon a system's hardware.