Question about CMG

MikeG · September 6, 2007, 4:39pm

Hi all.
As you may know I am promoting this excellent program on another Techi forum.

Just had this question asked about CMG; I wonder if you have any reply for the poster?

Quote…

But surely if you have a decent firewall nothing is going to know you’re there to hack?

Would be interested in your views and will pass them on.

Thanks,

Mike.

system · September 6, 2007, 5:19pm

Pardon me for trying, but these are two issues, a direct network attack (covered by firewall) and opening a file/ viewing a webpage , etc.
In the latter, a malicious file is already in your drive because you downloaded (for sake of simplicity), so it’s not about the firewall.

A malicious file could try to execute an exe for instance, in order to infect. Any executable blocker would give you the chance to terminate it. An example would be a .gif file (i’ve seen an example described in Wilders forum) that is actually a spoofed exe. You’re trying to view a picture, or so you think, and CFP 3 prompts you to allow or deny; in this case the answer is obvious- what exe? - BLOCK

But then there are exploits that don’t even need to do this. They are more sophisticated and abuse some buffer overflow flaw in an aplication (eg. a malicious jpeg). CMG is here to prevent this, by detecting that the malicious file is “executing code from a non-executable memory region”, ie a buffer overflow.

There is bound to be a better answer by anyone else though! ;D
Hey Tyler, care to chip in?

Tyler_Durden · September 6, 2007, 5:25pm

Addin’ to Pedro: All software have bugs, even FireWalls. This bugs can be used (exploited) to do anything with your PC.

MikeG · September 6, 2007, 9:13pm

Thanks, have passed these comments on to the poster on the other Forum.

egemen · September 11, 2007, 10:17am

Here is a scenario :

1 - IE has a bug which results with an exploitable buffer overflow,
2 - The users visits a an evil site and the site exploits IE with a BO attack.
3- Now the attacker infected the IE in memory. NO virus files or whatsoever. Nothing other than a piece of bytes in IE’s memory.

Now it is upto attackers imagination to decide what to do. As we see, IE is infected with a BO assuming all firewall + AV protection is ON.

Btw, the scenario above is quite common. Some of you may recall such an event : when you visit a site, sometimes myteriously, your computer is installed by an adware advertising itself on your desktop.

Egemen

Melih · September 11, 2007, 6:06pm

this is called drive-by-download attacks!

http://searchwindowssecurity.techtarget.com/sDefinition/0,,sid45_gci887624,00.html

thanks
Melih

MikeG · September 12, 2007, 9:37pm

Thanks, have passed that on also.

aladinonl · September 18, 2007, 9:26am

How abt if I use sandbox to run those apps?
lets say I run opera under sandboxie; the code can xploit opera but cant xploit sandboxie; however, since opera is run under sandbox meaning the code stil (partly?) interact w opera; can the xploitation carry out?

If no then in the situation that I use sandbox more, the less likely I need CMG?