I recently came across a piece of freeware called 'Comodo Memory Firewall'.
Its said to block buffer overflows (whatever that is).

Is it necessary to install such software on a fully-patched Windoes XP SP2 system??

CMF blocks buffer overflows. For more info on buffer overflows: http://en.wikipedia.org/wiki/Buffer_overflow

Also you may be interested in this thread: What do you feel about buffer overflow protection? (Comodo Memory Guardian) (http://www.wilderssecurity.com/showthread.php?t=189823)

-{ Quote: "I recently came across a piece of freeware called 'Comodo Memory Firewall'.
Its said to block buffer overflows (whatever that is).

Is it necessary to install such software on a fully-patched Windoes XP SP2 system??" }-

Yes, It is necessary. Buffer Overflow is a serious threat.

Comodo Memory Firewall is a buffer overflow detection and prevention tool which provides the ultimate defence against one of the most serious and common attack types on the Internet - the buffer overflow attack.

Comodo Memory Firewall protects against data theft, computer crashes and system damage by preventing most types of buffer overflow attacks. This type of attack occurs when a malicious program or script deliberately sends more data to its memory buffer than the buffer can handle. It is at this point that a successful attack can create a back door to the system though which a hacker can gain access. The goal of most attacks is to install malware onto the compromised PC whereby the hacker can reformat the hard drive, steal sensitive user information, or even install programs that transform the machine into a Zombie PC.

The product is aimed for system administrators as well as desktop users to protect their systems and detects suspicious code executions in the stack or the heap portions of the memory.

Comodo Memory Firewall detects the following types of attack:

* Detection of Buffer Overflows which occur in the STACK memory,
* Detection of Buffer Overflows which occur in the HEAP memory,
* Detection of ret2libc attacks,
* Detection of corrupted/bad SEH Chains

What is a Buffer Overflow attack – The Technical Description?

In computer security and programming, a buffer overflow, or buffer overrun, is a programming error which may result in a memory access exception and program termination, or in the event of the user being malicious, a possible breach of system security.

A buffer overflow is an anomalous condition where a process attempts to store data beyond the boundaries of a fixed-length buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include other buffers, variables and program flow data and may cause a process to crash or produce incorrect results. They can be triggered by inputs specifically designed to execute malicious code or to make the program operate in an unintended way. As such, buffer overflows cause many software vulnerabilities and form the basis of many exploits. Sufficient bounds checking by either the programmer or the compiler can prevent buffer overflows.

It works very well in conjunction with COMODO Firewall Pro 3. COMODO Firewall Pro 3.0.23.364 actually has a "Toolbar" -(COMODO SafeSurf), Which is powered by CMF technology, & Protects against BO's inside the Browser, However CMF has more options and flexibility to protect more things- Not just in the Browser.

3xist.

-{ Quote: "Yes, It is necessary. Buffer Overflow is a serious threat." }-
Hm. Then why have I never got it for many years without restricting myself from starting anything I found interesting in the Web ?

-{ Quote: "Hm. Then why have I never got it for many years without restricting myself from starting anything I found interesting in the Web ?" }-
Specious reasoning.

The fact is more exploits are being delivered without user intervention, ie through something as simple as viewing a WMF image:
http://en.wikipedia.org/wiki/2005_WMF_vulnerability

Buffer overrun is considered a serious security risk by large companies, including Intel and Microsoft:
http://en.wikipedia.org/wiki/Data_Execution_Prevention

Of course, it all depends how worried you are... I added Comodo Memory Firewall to my small list of security apps recently. It hasn't done anything of note yet, but who knows?

It uses barely any resources and it fares well against the few test samples I could find...

-{ Quote: "Yes, It is necessary. Buffer Overflow is a serious threat.

[I]Comodo Memory Firewall is a buffer overflow detection and prevention tool which provides the ultimate defence against one of the most serious and common attack types on the Internet - the buffer overflow attack.

Comodo Memory Firewall protects against data theft, computer crashes and system damage by preventing most types of buffer overflow attacks. " }-

I'd say maybe, and the solution doesn't necessarily have to be the Comodo Memory Firewall.

For a process to cause this kind of attack it first has to run, and 2nd has to be able to cause damage. So any HIPS, that can block it from running. Something that lowers rights, probaby protect as would something like Defense Wall. Running Sandboxie would also probably protect against all the threats mentioned.

So is a good protection scheme important. Absolutely. Is a separate program to protect agains Buffer Overflows absolutely necessary. IMHO, probably not.

Pete

I wonder how many malware don't need a trigger to run, like keyloggers for instance.
Run most malware only, when you double click it or something else ?

-{ Quote: "Of course, it all depends how worried you are... I added Comodo Memory Firewall to my small list of security apps recently. It hasn't done anything of note yet, but who knows?

It uses barely any resources and it fares well against the few test samples I could find..." }-
I'd say I'm middle worried :)

I just do not like to install too much security until I know for sure what do I need it for. Also I hardly install something "just in case". As far As I saw all of those "overflaw" exploits in the end download exe and try to execute it, so having execution control you can feel yourself safe. And to say the truth I have more trust in DEP than in s/w preventors.

You don't have to install it. Sorry for being full on... Just my personal opinion, Buffer Overflows are growing IMHO.

3xist

Buffer overflows are growing?? Are you sure?
Since installing CMF on my system, it hasn't even caught a single overflow.

If it could hardly detect any error, I believe we should use a DEP/HIPS for protection instead.

when will CMF me intergrated to Comodo firewall? i read some where that they were gonna do it?

plus will they put the actual program CMF to Comodo firewall or it would still be better if u use the 2 programs together?