Buffer overflow exploits are a grossly understated threat.

Not a classical HIPS, but Threatfire blocks buffer overflows; I think Prevx does too but not completely sure.

If you dont mind a separate program, you could consider Comodo's Memory Firewall.

-{ Quote: "Not a classical HIPS, but Threatfire blocks buffer overflows; I think Prevx does too but not completely sure.

If you dont mind a separate program, you could consider Comodo's Memory Firewall." }-


Turning on data execution protection for all programs prevents buffer overflows, at least according to Gkweb. It only works on 64 bit capable processors.

Both core duo and core 2 duo processors have hardware DEP. Enabling DEP for all programs and services in windows will protect against the exploit.

Also, defenceplus is an app which specifically protects against this exploit.

Hello,

-{ Quote: "Turning on data execution protection for all programs prevents buffer overflows, at least according to Gkweb. It only works on 64 bit capable processors." }-

If you quote that comment from there :
http://www.firewallleaktester.com/docs/Securing%20Windows%20-%20PART%202.pdf

I also say (page 9) that "DEP is not fool-proof". It exists different kinds of overflow methods, DEP prevents the most common ones. If you want to go further to protect you against any type of overflow, it seems that Comodo is doing a software to handle that, although it is in Beta right now :
http://www.wilderssecurity.com/showthread.php?t=194369
http://forums.comodo.com/comodo_memory_firewallbuffer_overflow_protection-b97.0/

They have made a testing app to make you able to test the overflow methods : COMODO BO Tester :
http://forums.comodo.com/comodo_memory_firewall_beta_corner/buffer_overflow_testing_application-t12541.0.html

On Vista x64 DEP blocks all tests except two.

Regards,
gkweb.

-{ Quote: "Not a classical HIPS, but Threatfire blocks buffer overflows; I think Prevx does too but not completely sure.

If you dont mind a separate program, you could consider Comodo's Memory Firewall." }-
The CMF developer has spoken? :D

-{ Quote: "I've digged ThreatFire... It tries to do the same as CMF but in some strange way (VirtualQuery... though I don't fully understand what they 're doin' and for, the code seems to be "strange"). Their method doesn't work anyway. I see they 've got improvements againts last version of "firepack" (very popular exploits package), but it's pretty useless (wrong). And, again, their hookin' method isn't correct (crashes if there're some hooks allready, e.g. CMF's). I've bothered to send bugreports about such issues (e.g. Sandboxie's author do not believe in my reports at all)" }-

Sandboxie does not accept professional help? :D