Sandboxing in av's question

[blueblackwow65]

Hi Between the different antivirus programs which one of these provide best sandboxing protection for malware and viruses? Thks
Qihoo sandbox
Comodo sandbox
Avast sandbox
Baidu sandbox
sandboxie
others

 

[Deleted Member 333v73x]

Sandboxie and Comodo are definitely the good examples as they are by far the best IMO. I have no experience with any Baidu programs and Avast and Qihoo, while well known their sandboxes are not that great (I have experience with both).

 

[Ink]

There are different types of Sandboxing used by different security software. I cannot think of them at this moment, but @hjlbx @Umbra may be able to provide better details.

Sandboxie is Antivirus-Independent

 

[hjlbx]

Hi Between the different antivirus programs which one of these provide best sandboxing protection for malware and viruses? Thks
Qihoo sandbox
Comodo sandbox
Avast sandbox
Baidu sandbox
sandboxie
others

There are different types of sandboxes - virtual, policy\software restriction, memory, combos, etc.

I will only cover the two that I know well and just make feature comparison =

COMODO (Sandbox)

• virtual container
• system resource access policy restriction (default & user-defined)
  
• block internet access (firewall alert for any sandboxed application if requests network access)
  
• HIPS does not generate alert for any application run inside sandbox or virtual desktop (intended behavior)
• default sandbox is quite restrictive against malwares
• can customize sandbox restriction settings
  
• can be used as only a software restriction policy sandbox without virtualization
  
• can be used to Block all Unrecognized applications from executing (anti-executable)
  
• cannot create individual sandboxes with different settings
• auto-sandboxing of Unrecognized applications
  
• have to manually delete sandbox contents

NOTE: VIrtual Desktop is a pseudo-virtual machine (not a true virtual machine and operates differently than the sandbox)

Sandboxie

• virtual container
• system resource access policy restriction (default & user-defined)
  
• bock internet access
• default sandbox is insufficient for maximum possible security'; need to create custom sandbox
  
• can create individual sandboxes with customized settings
• can either manually reset or set to auto-delete sandbox contents
• low system resource usage

Either of the above are very good in my experience.

Advantage to Sandboxie is that it is a single program, whereas the sandbox in COMODO is integrated with other modules.

 

[blueblackwow65]

Many Thanks for the information, I am trying out the Comodo cloud antivirus and so far like the way auto-sandbox works I guess CCAV sandbox is a little less in options from CIS?
I also found that the qihoo sandbox was so-so, it did little sometimes in prevention.

 

[hjlbx]

Many Thanks for the information, I am trying out the Comodo cloud antivirus and so far like the way auto-sandbox works I guess CCAV sandbox is a little less in options from CIS?
I also found that the qihoo sandbox was so-so, it did little sometimes in prevention.

CIS and CCAV sandbox are different (see FAQ tab)

How CCAV sandbox is different from CIS sandbox?

CCAV sandbox is a light weighted sandbox, it does not rely on service or filter drivers. It is implemented purely from user mode hooks. CCAV sandbox does not have COM/Service virtualization which CIS has. Besides, unlike CIS which has one global sandbox instance, different CCAV applications have their own sandbox instance while child process inherits sandbox instance from parent process.

NOTE: Usermode hooking is potentially less secure than service\filter driver implementation. Somewhere in the implementation there could be vulnerability - but that doesn't mean it will ever be discovered and\or exploited. This last part is true of ANY soft - so no need to get bent out of shape over it. Just be aware of it.

 

[blueblackwow65]

OK Thanks still kind of unsure on what "sandbox does not have COM/Service virtualization which CIS has" and this "while child process inherits sandbox instance from parent process" means ,i'm new to the sandbox thing ,sorry newb here for that technology.

 

[hjlbx]

OK Thanks still kind of unsure on what "sandbox does not have COM/Service virtualization which CIS has" and this "while child process inherits sandbox instance from parent process" means ,i'm new to the sandbox thing ,sorry newb here for that technology.

All you need to know is that COM\Service virtualizaiton in CIS is more secure than CCAV.

Child process inherits parent process restrictions (privileges on system) for increased security.

For basic example, if browser is executed at medium integrity level, then any process executed by browser will "inherit" browser's integrity level = medium.

This is very basic explanation; it is much more complicated.

 

[blueblackwow65]

Too bad Comodo has low detection rate sometimes ,auto sandbox makes up for it ,but with a better detection rate it would be a stellar free antivirus program.

 

[jamescv7]

There two types of Sandbox components

1) One is intended to use by user manually or by automatic query without providing the detection as it will observe throughout the operation. (Comodo, Qihoo, Sandboxie)

2) Meanwhile others rely as a detection capabilities to test for possible malicious actions. (Avast Sandbox)

Overall, sometimes sandbox can be work well when the user wants to engage in rather the software provides own verdict.

Sandbox is powerful where a user can observe the operation in isolated environment.

 

[Sandboxie Help]

Sandboxie doesn't detect, identify or stop malware, ransonware, etc. It simply doesn't allow those files or programs to exit the sandbox and infect your host. Nothing has been shown to "escape" a sandbox. That is something no other sandbox can do or has a history of showing isolating such things in a container. Of course, if you chose to move things out of a sandbox onto your host, well...you've given permission to do that. If you have malware, ransomware in your sandbox or your browser is hijacked under SBIE authority...simply delete your sandbox contents. Problem gone. Everything gone.

SBIE and Ransomware Sandboxie - Stop Ransomware
SBIE and Viruses Sandboxie - FAQ Virus

 

[blueblackwow65]

What are the big differences between paid and free ,am I ok with free for now until I decide what to do? Thks

 

[jamescv7]

@blueblackwow65

The Personal (Home Use) License for Sandboxie:

• Is personal and is not transferable into computers or electronic media that you do not own;
• Permits you to use Sandboxie on one (1) computer;
• Covers the current version and all future versions of Sandboxie;
• Removes the nag screen that initially appears after you have used Sandboxie for more than 30 days;
• Enables the Forced Programs and Forced Folders features;
• Allows you to run programs in more than one sandbox at the same time (see message SBIE1303);
• But does not entitle you to any guaranteed level of technical support.
• Price excludes VAT for European customers.
• Price in USD and other currencies varies according to Euro conversion rate. Please enter the online store to see the actual price.

Source