Sandboxing is Nice. Auto-Sandboxing is Essential

January 14, 2015 | By Kevin Judge

computer sandbox
The problem with conventional antivirus software is that they are like a bomb disposal unit that has not yet figured out where the bomb is. They have to find the bomb to defuse it. Even worse, if the bomb goes off before it is detected the surroundings are unprotected!

If the bomb disposal unit knows about a threat they can usually deal with it. It is the unknown threats that blow up!

The problem with most antivirus systems is that they rely on detecting a threat in order to protect the computer. They rely on analyzing files to determine if they are on lists of files known to be a valid file or on a list of known threats. In some cases they look for suspicious behavior and that is all fine as far as it goes. What about files that are not on either list? These are unknown files that may or may not be a threat, but inevitably some are. That is why conventional security inevitably fails.

Sandboxing vs Auto-Sandboxing

Some antivirus provide a secure system area called a Sandbox where you can safely run a suspicious. Think about it like a criminal suspect who is held in jail while the police investigate a crime. Unfortunately, they rely on the user to make the decision to put the file in the sandbox. Most users are not able to make that call or make it correctly on a consistent basis.

Unknown files that turn out to be malicious are often called “zero-day threats”. These are threats that are being spread by hackers but have not yet been identified by security experts and security software vendors have not yet been able to update their systems with a solution. For conventional antivirus this a worse case scenario.

For Comodo Security software, a zero day threat is just another day at the office and not to be feared by our users.

Comodo Security Solutions various endpoint solutions include a unique architecture called default-deny Auto-Sandboxing. Unlike conventional security which allow access unless a threat is confirmed, Comodo Systems deny access to the system if it is an unknown file. The file may run in a sandbox where it can be further analyses, but can do no harm to your system or files.

This is part of a broader strategy called application containerization where you can operate safely even on an infected endpoint. What does a bomb disposal unit do with a bomb they have located? If possible they put in a secure containment unit where they can still work with it, but if it explodes all will still be safe. A sandbox accomplishes much the same thing with potentially malicious software. Comodo can analyze it, but if turns malicious the threat is contained.

You can learn more by downloading a White Paper here

Be Sociable, Share!

    Add new comment

    Your name
    Comment

    You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>