Nested KVM works these days, but who knows how that might affect a piece of software like this. Maybe Docker is able to run VirtualBox but just thinking about glueing Docker and a hypervisor together is giving me a headache. This was on Ubuntu at the time, so luckily that it was just a matter of installing dependencies and trying to find compatible versions that didn't clash with normal system tools.
The guest tools in the VM provided were so old that I had to set up an older version of Virtualbox in order to get the system to run, which opened a whole can of worms in itself. One tool I had to use would only work on old Linux kernels, proven to be working on Ubuntu 12.04. It's not day-to-day software so after 3 or 4 months I'll likely never use the software again. I'm sure I could find the exact arcane combination of outdated Java, unsupported C libraries and hardcoded paths and combine them into a Docker container, but in the end it's probably not worth the effort when I can set up a snapshot, configure the software and just run it. Ha, I wish I could just use docker for this. I want to be able to override the system when needed. For my classes I need to run what we call "PhD-ware" every now and then (technically advanced software that is great at doing one specific job but is mostly unmaintained and requires a specific setup to work) and that's never going to be compatible with any security restriction. On the other hand, I do like to have access to each and every file on my system if I so please and I do want to be able to use my toolset anywhere on the system. I do believe that casual users will be using more apps that "just work" than power users though, which is why I mentioned them. This isn't just a casual user thing, system developers also use Spotify and don't want to mess with arcane program settings and directories. Especially for stuff that should Just Work (R), sandboxes are a great tool. This does require some well-thought-out system level abstractions for users and developers to accept the new sandbox, but that's not impossible to do. The security gained by a sandbox is immense and dumb programs and games I use should be restricted to their own little space.
I later disabled the malicious updateS (since there were many attempts to make it run, they changed the update name several times).
And we all know that malicious updateS liked to remove personal files and software installed by the user. Comodo is not supposed to stop updates to but my configuration must have been why it did.
So why the whining about the OS security? For example the first thing I install is a proper Firewall >with advanced configuration control<.Ĭomodo even stopped the malicious Windows 10 update with malicious dialog design hiding how to close it and a delay timer so it can start the update without user consent. When the OS cant deliver you can find software that do. Although Ive got common sense when it comes to what is safe to download but still I like Comodo (most of the time). Have never had anyone break in via internet nor any malicious software issues. It is a good software when you have configured it properly. It can be a bit dialog heavy until you have set it up.
It also blocks software from accessing internet.
It have a feature that blocks all new software from starting, downloading to accessing the filesystems important folders and files.
I run a security program called Comodo Internet Security on Windows 7 (admin).