Question about CMG

Hi all.
As you may know I am promoting this excellent program on another Techi forum.

Just had this question asked about CMG; I wonder if you have any reply for the poster?


But surely if you have a decent firewall nothing is going to know you’re there to hack?

Would be interested in your views and will pass them on.



Pardon me for trying, but these are two issues, a direct network attack (covered by firewall) and opening a file/ viewing a webpage , etc.
In the latter, a malicious file is already in your drive because you downloaded (for sake of simplicity), so it’s not about the firewall.

A malicious file could try to execute an exe for instance, in order to infect. Any executable blocker would give you the chance to terminate it. An example would be a .gif file (i’ve seen an example described in Wilders forum) that is actually a spoofed exe. You’re trying to view a picture, or so you think, and CFP 3 prompts you to allow or deny; in this case the answer is obvious- what exe? - BLOCK

But then there are exploits that don’t even need to do this. They are more sophisticated and abuse some buffer overflow flaw in an aplication (eg. a malicious jpeg). CMG is here to prevent this, by detecting that the malicious file is “executing code from a non-executable memory region”, ie a buffer overflow.

There is bound to be a better answer by anyone else though! ;D
Hey Tyler, care to chip in?

Addin’ to Pedro: All software have bugs, even FireWalls. This bugs can be used (exploited) to do anything with your PC.

Thanks, have passed these comments on to the poster on the other Forum. :slight_smile:

Here is a scenario :

1 - IE has a bug which results with an exploitable buffer overflow,
2 - The users visits a an evil site and the site exploits IE with a BO attack.
3- Now the attacker infected the IE in memory. NO virus files or whatsoever. Nothing other than a piece of bytes in IE’s memory.

Now it is upto attackers imagination to decide what to do. As we see, IE is infected with a BO assuming all firewall + AV protection is ON.

Btw, the scenario above is quite common. Some of you may recall such an event : when you visit a site, sometimes myteriously, your computer is installed by an adware advertising itself on your desktop.


this is called drive-by-download attacks!,,sid45_gci887624,00.html


Thanks, have passed that on also. :slight_smile:

How abt if I use sandbox to run those apps?
lets say I run opera under sandboxie; the code can xploit opera but cant xploit sandboxie; however, since opera is run under sandbox meaning the code stil (partly?) interact w opera; can the xploitation carry out?

If no then in the situation that I use sandbox more, the less likely I need CMG?