Has CoreForce matured?

Ok, that's something like OpenBSD's systrace. It is a valid point.

When you use an exploit that delivers a filesystem (executable) payload you're usually running on very tight restrictions, i.e. you're actually taking advantage on ONE glitch of one program to deliver the bad code. But once the bad code is running, it can do what it's set to do without any further restriction.

Your example instead would need let's say, a webpage to deliver an exploit that does all this: (a) takes advantage of vulnerability in the untrusted browser, and (b) has the browser inject into another "trusted" process and (c) has the "trusted" process itself elevate privileges and behave the way you want, i.e. being able to kill Core Force or to deliver the payload. All this "in memory only" with just the exploit. It's by all means "possible" but much more difficult than the former if you ask me. Also, the actual exploits that take advantage of poor design (i.e. many of the ActiveX exploits) would not work, because they do not rely on memory manipulation but rather on "unintended consequences" of actual known 'features'.

 

(a) is same in both cases, (c) is unnecessary as there is no need to elevate privileges, so only extra step remains is (b) and that is little extra work.

If this is all so unlikely as you suggest, probably all the other vendors of sandbox solutions have wasted much time and money implementing protection for it.

Anyway, enough said I think. My answer in the beginning was mainly addressed to "Someone" who asked SSM users about their opinion and this was my 2 cents. I didn't want to run into a lengthy discussion about a product which I neither use nor find that useful in its current shape. So I'll stop here. If you are happy with CF, fine

 

No, i enjoyed this discussion, and probably so did Mr. Y.
Entertaining and educational, when i could follow you lol.
Please continue

 

That was exactly my findings when i was testing it some months ago and subsequent new releases didn't prove much better so far as performance drains it creates.
It reminds me of a Microsoft Policy editor w/permissional access/deny type capabilties, and if i remember correctly from last time i examined it, a large part of some it's effectiveness is thru using that means already built into XP.

As much as i too was somewhat encouraged by it's development & potential, it's fallen far short of other available safety protectors out there.