Author Topic: Comodo memory firewall and drive by downloads  (Read 73644 times)

Offline DaRtH VaDeR.

  • Usability Study Member
  • Comodo's Hero
  • *****
  • Posts: 1782
  • Everything in life comes to an end, exept life
Comodo memory firewall and drive by downloads
« on: June 04, 2008, 04:38:46 AM »
HI all!

I have a question about something that is not really clear to me:

I know that the memoryfirewall protects you against buffer overflowattacks, I know it works pure on heuristicanalyses (Yeah it has to!), but does it act like a webshield like linkscanner does and hautesecure does??

Does a drive by download uses a buffer overflow to create an exploit to install malware?? Do all drive by downloads work that way, so cmf does protect you against most of the drive by downloads???

Any helpfull replies (read answers) are much appreciated!!

Okey, have a nice day folks!!!

 :) (V) (J) :THNK
DaRtH VaDeR says: "The path of success and progress is not to be reached by the things you have done, but by the things you will do, so think before you act,the voice of your history will confirm this fact.."

DaRtH VaDeR says: "Your system is as secure as the weakest link in your entire security"

Offline DaRtH VaDeR.

  • Usability Study Member
  • Comodo's Hero
  • *****
  • Posts: 1782
  • Everything in life comes to an end, exept life
Re: Comodo memory firewall and drive by downloads
« Reply #1 on: June 04, 2008, 05:37:47 AM »
DaRtH VaDeR says: "The path of success and progress is not to be reached by the things you have done, but by the things you will do, so think before you act,the voice of your history will confirm this fact.."

DaRtH VaDeR says: "Your system is as secure as the weakest link in your entire security"

Offline Japo

  • Autonomous Human
  • Comodo's Hero
  • *****
  • Posts: 1773
  • Life starts every day anew. Prospects not so good.
Re: Comodo memory firewall and drive by downloads
« Reply #2 on: June 04, 2008, 09:05:11 AM »
Hi Triple,

It doesn't depend on where the attack comes from (web, downloaded file...). As far as I know CMF monitors the memory and kicks into action whenever a buffer overflow is detected, whatever the source. A buffer overflow attack is when data is maliciously overflown beyond the place in memory where it should be, so that part of it is loaded into a memory region where it will be run as a program. This kind of attack can be attempted from several channels I guess.

As for drive-by-download attacks, maybe buffer overflows are used for that but I think there are also other ways to try to perform them. So CMF can protect you against a drive-by-download attack if it's carried out as a buffer overflow, but I think there are other possible ways to carry it out.
Windows users do not disable UAC

Offline DaRtH VaDeR.

  • Usability Study Member
  • Comodo's Hero
  • *****
  • Posts: 1782
  • Everything in life comes to an end, exept life
Re: Comodo memory firewall and drive by downloads
« Reply #3 on: June 04, 2008, 08:28:59 PM »
HI Japo,

Thanks for your reply. I understand that CMF can protect you only for the drive by downloads that are being carried out by buffer overflow attacks? So other methods of drive by downloads are not protected by CMF??

Okey, thanks this has cleared out a lot for me.


Wish you a nice day Japo!

DaRtH VaDeR says: "The path of success and progress is not to be reached by the things you have done, but by the things you will do, so think before you act,the voice of your history will confirm this fact.."

DaRtH VaDeR says: "Your system is as secure as the weakest link in your entire security"

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek