I have a question about something that is not really clear to me:
I know that the memoryfirewall protects you against buffer overflowattacks, I know it works pure on heuristicanalyses (Yeah it has to!), but does it act like a webshield like linkscanner does and hautesecure does??
Does a drive by download uses a buffer overflow to create an exploit to install malware?? Do all drive by downloads work that way, so cmf does protect you against most of the drive by downloads???
Any helpfull replies (read answers) are much appreciated!!
Okey, have a nice day folks!!!
(V) (J) :THNK
It doesn’t depend on where the attack comes from (web, downloaded file…). As far as I know CMF monitors the memory and kicks into action whenever a buffer overflow is detected, whatever the source. A buffer overflow attack is when data is maliciously overflown beyond the place in memory where it should be, so that part of it is loaded into a memory region where it will be run as a program. This kind of attack can be attempted from several channels I guess.
As for drive-by-download attacks, maybe buffer overflows are used for that but I think there are also other ways to try to perform them. So CMF can protect you against a drive-by-download attack if it’s carried out as a buffer overflow, but I think there are other possible ways to carry it out.
Thanks for your reply. I understand that CMF can protect you only for the drive by downloads that are being carried out by buffer overflow attacks? So other methods of drive by downloads are not protected by CMF??
Okey, thanks this has cleared out a lot for me.
Wish you a nice day Japo!