Comodo Sandboxing + Chrome?

I'm wondering how they'll work together. Will Comodo override Chrome or add an extra layer?

Oh... and why is it that in "Manage my configurations" it's either

Internet security
Proactive Security
Firewall security

and only one can be active at a time?

 

I think comodo sandboxes an exe. So whole Chrome with all dependecies runs inside the sandbox in very controlled filesystem (lower privileges etc...). Even temporaries are deleted once sandbox is closed.

I read it on comodo forum perhaps I find it somewhere.

 

I'd love a link for further explanation. I'm not sure I understand.

 

Depends how comodo is built, it might not play nice when trying to do certain things (like downloading) with chrome's box. Comodo runs an actual sandbox, meaning everything you do in that session (not just within chrome) can be nuked from orbit after you are done.

Chrome's sandbox will just delete cookies/cache/info, I'm not sure about downloads or temp files. I don't really think it'll 'add a layer' as you say, comodo by itself should be ok.

 

Meh, trying it out. I have it set to "partially limited" because anything above that would limit chrome to 10 processes, which wouldn't be good.

 

How the Comodo Sandbox works - technical discussion

This is what you want I guess:

Declared purpose
To allow software whose security status cannot be immediately identified to be automatically run safely without alerts while it is investigated (eg via CIMA) by Comodo

Aspects of this purpose intentionally not yet implemented
- installers do not work if sandboxed (?may never be implemented - too difficult in 64 bit?)
- automatic investigation by Comodo is not enabled
- automatic sandboxing does not include virtualisation of program data

Components
The sandbox consists of:
•running software as a Windows ‘job’ with limited OS user account privileges and OS job limits. Referred to below as restricted privileges. (See appended descriptions of privileges).
•file system virtualisation. In C:\Sandbox
•Registry virtualisation. In Hkey_local_machine\system\sandbox\[app name]\[app created keys]
•A special set of D+ restrictions. Technically, automatically sandboxed software can write to the disk but it cannot cannot a) write to (ie infect) existing protected files or registry keys b) key log or screen grab, set windows hooks, access protected COM interfaces or access non-sandboxed applications in memory

 

Yeah I've had it automatically sandbox minecraft.

I tested a .exe (boottimer) and it opened and was "locked" in the sandbox. Comodo warned me and I was able to let it out.

So... pretty cool I'd say. I'm enjoying this suite =p and it's free for a year.

 

Great!

Comodo is very powerful, but not for ordinary "don't bug me" users. You must understand it in order to use it properly.

 

Anyone tried Kaspersky's sandboxing?

 

I didn't but I hear Kaspersky also made a good job.

 

Comodo, no, actually just D+ alone will make you want to throw your laptop at the wall for a week or so. It takes a while to get up and running to the point of where you don't get bugged all the time with notifications. The configuration options are very powerful - don't just flag options to see what they do. Read the documentation and browse their forums. They're relatively active and the company does in fact participate on them, so questions get answered and problems get resolved fairly quickly.

Comodo also played nicely with MSSE, last time I had them running concurrently.

 

I'm running them at the same time (did I already mention this? =p) and it's working well. I haven't been getting bugged but I have it set to bug me on a more-than-normal rate. I'd like to get bugged as much as possible at frist so I can see what it's doing.