Pardon me for trying, but these are two issues, a direct network attack (covered by firewall) and opening a file/ viewing a webpage , etc.
In the latter, a malicious file is already in your drive because you downloaded (for sake of simplicity), so it’s not about the firewall.
A malicious file could try to execute an exe for instance, in order to infect. Any executable blocker would give you the chance to terminate it. An example would be a .gif file (i’ve seen an example described in Wilders forum) that is actually a spoofed exe. You’re trying to view a picture, or so you think, and CFP 3 prompts you to allow or deny; in this case the answer is obvious- what exe? - BLOCK
But then there are exploits that don’t even need to do this. They are more sophisticated and abuse some buffer overflow flaw in an aplication (eg. a malicious jpeg). CMG is here to prevent this, by detecting that the malicious file is “executing code from a non-executable memory region”, ie a buffer overflow.
There is bound to be a better answer by anyone else though! ;D
Hey Tyler, care to chip in?
1 - IE has a bug which results with an exploitable buffer overflow,
2 - The users visits a an evil site and the site exploits IE with a BO attack.
3- Now the attacker infected the IE in memory. NO virus files or whatsoever. Nothing other than a piece of bytes in IE’s memory.
Now it is upto attackers imagination to decide what to do. As we see, IE is infected with a BO assuming all firewall + AV protection is ON.
Btw, the scenario above is quite common. Some of you may recall such an event : when you visit a site, sometimes myteriously, your computer is installed by an adware advertising itself on your desktop.
How abt if I use sandbox to run those apps?
lets say I run opera under sandboxie; the code can xploit opera but cant xploit sandboxie; however, since opera is run under sandbox meaning the code stil (partly?) interact w opera; can the xploitation carry out?
If no then in the situation that I use sandbox more, the less likely I need CMG?