What is the Best AV with Sandbox Capability?

Status
Not open for further replies.
E

Eddie Morra

Sandboxing doesn't solve possible malware infection problem
COMODO reminds me of a dead flower that needs to be taken out to make room for a new one to grow, but hasn't yet because the Gardner is being lazy.

There is no "COMODO" in a "secure and stable future".
 

Cortex

Level 26
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
COMODO reminds me of a dead flower that needs to be taken out to make room for a new one to grow, but hasn't yet because the Gardner is being lazy.

There is no "COMODO" in a "secure and stable future".

And your basis for that unusual analogy is: ....?
 
D

Deleted Member 3a5v73x

Can I ask is this a reply to me?
Not exactly, just my opinion what I think about people want to use Comodo Firewall/IS/Cloud, who never used any of its company products before. I suggest to never install any Comodo security product for anyone else other than yourself.

Answers are in subforum, dig for them.
Comodo
 
Last edited by a moderator:

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
Idiot Question of The Day:

Not really to do with Sandboxing, more to do with Comodo. OK, I've used Comodo firewall in the past but never any of the AV bits. I've given Comodo AV a try on a laptop (my wife's actually) and it is snappier than with Kaspersky that was on. My questions are: Do I need the 'Internet Security Essentials' & 'Internet Security Premium' at the same time, as they are separate programs?- I've also installed the firewall. Will this combination give decent protection on it's own? As compared to Kaspersky etc? I'm giving it a try as I help a few people I work with to keep their PC's going & I wonder if the above will give decent protection to these people?? Thanks ... Paul :)

Just use Comodo Firewall with @cruelsister settings, anything besides that and you are asking for trouble.

Cruel Comodo doesnt need anything extra, but you can keep Windows Defender enabled if you are using Windows 10.
 

Cortex

Level 26
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
OK :) I think I'll leave it on her laptop & see how things go. It can't come to any harm as all my machines have full images going back to the battle of Hastings in 1066. Thanks
 
  • Like
Reactions: brambedkar59
5

509322

OK :) I think I'll leave it on her laptop & see how things go. It can't come to any harm as all my machines have full images going back to the battle of Hastings in 1066. Thanks

If you are putting security softs onto systems for people who are apt to simply click, then no matter what you put onto their system they will likely install unwanted stuff onto their PCs - knowingly or unknowingly.

I once put CIS onto a friend's system. Configured it with high protection settings. About 9 months later I went back and checked the system. It was full of adware. The girlfriend was a really happy-clicker. If something popped-up and said "Click Here", that's exactly what she did. The system was over-run by stuff like GroupOn, wajam, Chrome was installed, Flash was installed, etc, etc.

For that type of user, restoring the system to a known clean state is the most effective and efficient protection. There are freeware products out there such as RBRx and Drive Vaccine free. If the user wants to save stuff they just need to use a usb flash drive.
 

klaken

Level 3
Verified
Well-known
Oct 11, 2014
112
I occupy comfortable cloud and I am happy.
I have no problems for a long time (more than 1 year) .. I almost do not have to allow new programs etc.

The most important thing is quite light. the lightest thing I've found.
 

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
In my opinion, everything which is developed in-house at COMODO and isn't developed by external parties is ridiculed with bugs. If there's one thing I know... the NSA must absolutely adore COMODO.

If COMODO works great for someone then nice, but I rarely see it happen.

Could you elaborate further? It seems that Comodo was one of the hardest solutions to bypass, at last until version 6.0 (version 8.0 improved a lot with full virtualization).

b70c4543-690f-4d6f-8a15-ae9f595b5b1d.png


Anyway Comodo's HIPS at Paranoid Mode is no joke for any adversary and Auto Containment is a very good trade off between security and usability.
 
Last edited:

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
Could you elaborate further? It seems that Comodo was one of the hardest solutions to bypass, at last until version 6.0 (version 8.0 improved a lot with full virtualization).
Anyway Comodo's HIPS at Paranoid Mode is no joke for any adversary and Auto Containment is a very good trade off between security and usability.

True. WikiLeaks did appear to show that Comodo (at that time with that version) was one of the premier systems.

An additional quote:

In an emailed comment to Newsweek, Comodo said: "The only thing worse than being talked about by the CIA is not being talked about by the CIA. To be called a colossal pain in the posterior and annoying by the CIA, one of the best-funded, most expert hacking organizations in the world, is high praise.

WikiLeaks did indicate that one other AV was better than Comodo though...
 
  • Like
Reactions: Nightwalker
F

ForgottenSeer 69673

I use Shadow Defender on my main system but think I will give RBRx a try in my VM. The site says it is compatible with VMware..
 
5

509322

Could you elaborate further? It seems that Comodo was one of the hardest solutions to bypass, at last until version 6.0 (version 8.0 improved a lot with full virtualization).

b70c4543-690f-4d6f-8a15-ae9f595b5b1d.png


Anyway Comodo's HIPS at Paranoid Mode is no joke for any adversary and Auto Containment is a very good trade off between security and usability.

That statement only applies to COMODO v5.

Choosing a security soft based upon some Wikileaks dump that kinda, sorta says "COMODOD was a pain" is kooky, tin foil hat stuff.

Referring to it is even worse because what the leak says is obsolete.
 
  • Like
Reactions: Eddie Morra

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
for happy clickers, Rollback RX/shadow defender/Deepfreeze is the best solution.

To keep a machine clean is indeed the best solution, but it shouldn't be used alone because those solutions wont do anything against keyloggers, banker trojans or "Agent Tesla" class of malware.
 
  • Like
Reactions: Burrito

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
That statement only applies to COMODO v5.

Choosing a security soft based upon some Wikileaks dump that kinda, sorta says "COMODOD was a pain" is kooky, tin foil hat stuff.

Referring to it is even worse because what the leak says is obsolete.

Your point? Because in my post I already said that ...

The reason to choose Comodo :
"Comodo's HIPS at Paranoid Mode is no joke for any adversary and Auto Containment is a very good trade off between security and usability." (besides its free with very low system impact)

Could you elaborate further? It seems that Comodo was one of the hardest solutions to bypass, at last until version 6.0 (version 8.0 improved a lot with full virtualization).



Anyway Comodo's HIPS at Paranoid Mode is no joke for any adversary and Auto Containment is a very good trade off between security and usability.
 
Last edited:
5

509322

Your point? Because in my post I already said that ...

The point that someone made earlier is that it is common knowledge that COMODO is notorious for having atrocious bugs in abundant supply. It's just not a very good solution in that regard. COMODO is easy to break. And the fact that it is free is going to keep it right where it is at... forever.
 
F

ForgottenSeer 69673

I personally will not ever use Comodo no matter how good it is and you know the reason. It is personal.
 

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
The point that someone made earlier is that it is common knowledge that COMODO is notorious for having atrocious bugs in abundant supply. It's just not a very good solution in that regard. COMODO is easy to break. And the fact that it is free is going to keep it right where it is at... forever.

I know that very well, I was the one in this forum to notice a bug in the Sandbox module while installed at Windows 10:

Video - Comodo Sandbox (Auto-Containment) have a bug on Windows 10?

Video - Comodo Firewall- Cruelsister Variation

But that wasnt the point of my post, bugs or usability problems werent in that context.
 
5

509322

I know that very well, I was the one in this forum to notice a bug in the Sandbox module while installed at Windows 10:

Video - Comodo Sandbox (Auto-Containment) have a bug on Windows 10?

Video - Comodo Firewall- Cruelsister Variation

But that wasnt the point of my post, bugs or usability problems werent in that context

Bugs and messed-up code are the adversary's way in. It's the attack surface and basis they need to develop bypasses and exploits. Exploit COMODO and it doesn't matter what protections it has nor how the user has configured it. I'll let @Vendula Kubová explain if they wish.

I have seen a Chinese ZBot disable COMODO HIPS and smash the sandbox. If I recall correctly, that was back in the v7 or v8 days. The only way to prevent that Zbot from killing COMODO was to set the sandbox to block all unknown, instead of auto-sandboxing. Well, if you have to do that for COMODO to protect itself, then you might as well dispense with all the obnoxious overhead that COMODO has packed into it and brings with it, and just use SRP default deny. Problem solved with a fraction of the hassle.
 
  • Like
Reactions: 2 people
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top