Drive by downloads

cypressotter · March 18, 2008, 3:28pm

I’m running CAV (2.0.17.58).
I got hit by a nice drive by download. With lots of detective work 4 hours later I finished nixing the half-dozen .exe’s that appeared in my system32 dir.
Google has a whitepaper on drive by downloads dated Feb. 2008 claiming a huge volume of “malicious URL’s” in their research.
From the whitepaper:
“Unfortunately, we also find that even state-of-the-art anti-virus engines are lacking in
their ability to protect against drive-by downloads. While this is to be expected, it does call for
more elaborate defense mechanisms to curtail this rapidly increasing threat.”

Request: “Comodo anti-drive by”

Ragwing · March 18, 2008, 4:32pm

Greetings!

As most drive-by downloads uses buffer overflow, Comodo Memory Firewall should be able to stop these.
Comodo Firewall Pro 3 with Defense+ enabled should be able to prevent the download of .exe-files (as it’ll warn about the creation). They’re the biggest threat, as they’re able to execute malicious code.

Cheers,
Ragwing

cypressotter · March 18, 2008, 5:30pm

Good news! Thanks for the quick reply! I can see my choice to eschew CFP for XP Firewall after an OS reinstall was not the best decision…

Melih · March 18, 2008, 10:34pm

As Ragwing pointed out Comodo Memory Firewall was designed to do that…

between CMF and CFP… you are pretty safe…

Melih