If i choose to block “run an ececutable” in the defence+ settings for Firefox, would that protect against drive by downloads?
I could be wrong but my understanding is that many(most) Drive by Downloads are triggered by buffer overflows. CIS might not detect this as being triggered by Firefox, and might not prevent this with default settings.
I would say it would be better to go to D+>“Advanced”>“Image Execution Control Settings” and check “Detect shellcode injections (i.e. Buffer overflow protection)” I also run safe surf with the tool bar uninstalled.
Yes, it will prevent “drive-by-download” attacks. It is more reliable than the “Buffer Overflow” protection. Just make sure you aren’t blocking Firefox from executing safe applications that it will / requires to - such as add-ons (eg. FlashGot).
In my opinion it is not necessary, whether Firefox is allowed to run an .exe or not.
We are still talking about a new unknown untrusted probably infected .exe being introduced into the system and executed.
This stuff won’t fly with D+, and all this is after they exploit a software vulnerability in the browser and get around the buffer overflow protection and the AV and the memory scanner.