Comodo Memory Guardian Beta v1

Discussion in 'other anti-malware software' started by Coolio10, Aug 15, 2007.

Thread Status:
Not open for further replies.
  1. Coolio10

    Coolio10 Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    1,124
    Well it is suppose to prevent buffer overflow :D.

    Try it and do not complain to me as it is a beta.

    http://forums.comodo.com/comodo_mem...a_v1_buffer_overflow_protection-t11108.0.html
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    I believe this subject was already discussed before, and Ilya said that you don´t really need buffer overflow protection if you have hardware (processor) based DEP. But it didn´t gave me any problems on my virtual machine, so I might install it on my real machine anyways, thanks for the heads up. ;)
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
  4. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: I d/l the Comodo tester, ran a test. Surprised to me, McAfee VisusScan Enterprise 8.5i patch1 equipped with BO protection has failed. Therefore I installed Comodo MG to add extra protection, another surprise--Prevx2 put it into jail. So, so, what should I do next ? What a homogeneous Security community we are having !
     
  5. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    I shutter at the warning of "may cause permanent data loss", even in a beta release. I feel they should NOT release in the public something that can cause such a major issue.

    I know it's beta, and i've lost data before with Legitimate releases before, so call me highly skeptical with this business practice. My machines are not ginney pigs or laboratory rats.
     
  6. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, EASTER: Many thanks for your warning. Should I have known these dangers, I would not even go near it. Luckily, I conduct those testings in DF's Frozen mode, no data loss or system damages done. How dare Comodo kids put these snakes into our surroundings to poison us. Where have they borrowed bal--- from to do these things. Damn, could we live in this cyberworld peacefully without these kids ?
     
  7. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    Standard disclaimer for beta software.
     
  8. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: If this is the case, then all soft-wares SHOULD be rated like movies. All beta should be rated as for Adventurer only, and should not be allowed in NORMAL web sites. An exclusive section of any given forums should be generously allocated for these snakes to maneuver. I hate these betas, just wish they can find their own willing testers.
     
  9. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Perman, it's only accessible to forum members, then these are advised NOT to run it on production machines, giving a frightening warning to the casual reader.

    I would also wait for someone qualified to comment on the testing tool. I would not change my set-up based on it alone.

    EDIT: now i'm looking at it, it seems i missed a new version, not beta. That's why you didn't read that, it's not there :)
     
    Last edited: Sep 23, 2007
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    Btw, I thought that this app would automaticly protect all processes against buffer overflow attacks, but now I see you can make certain rules ("allow" or "kill") what´s the purpose of this?
     
  11. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
  12. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    That's what Tyler from Comodo is saying too. This program is supposed to detect attacks (that one too) and give the option to kill the offending process.

    It's still beta btw, i asked in the forums :doubt:

    If only Ilya would comment on this program, but he probably figures he shouldn't.
     
  13. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    i have just downloaded it coz it looks attractive... but learning the warning bout beta program then I decided to delete it and will not install it. I will wait till it becomes "proven and tested". :D :cautious: ;)
     
  14. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    I think it should defintitely be part of our security layer. The fact that so many of us lack protection in this area, despite our other multiple layers of protection is worrying.

    I think more HIPS should add this function.

    Or better yet, we should get a standalone to do this, because i don't like suites as they put all eggs in one basket. With a seperate bufferoverflow guard, at least if something takes it down, the other HIPS functions will still be working and viceversa.
     
  15. jfd15

    jfd15 Registered Member

    Joined:
    Oct 12, 2007
    Posts:
    234
    Location:
    Sacramento, CA
    Steve Gibson at GRC has a little freeware app called "Securable" that checks to
    see if DEP is avail. and enabled on your CPU....apparently the default setting for
    DEP is to have it disabled....
     
  16. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Default is OptIn, which means it's on only for certain Windows processes. You can change it to OptOut in System's properties (somewhere), or edit the boot.ini file to access 2 more options, one of them AlwaysOn, which is restrictive- you can't make exceptions.
    Even if you don't make exceptions in OptOut, AlwaysOn is better.

    Still, in any mode, DEP is incomplete. How likely it is for you to get such an attack that breaks DEP i have no idea.

    BTW, Process Explorer has an optional column "DEP" where you see what processes have DEP on or off. You'll be surprised probably.
     
  17. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: I can access DEP thru this : control panel>system>advanced>performance(setting)>Data Execution Prevention, but the options there are greyed out, any idea ? Take care.O/S is winxp, sp2, MEC
     
  18. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Read the edit:
    My guess is it's either in AlwaysOn or AlwaysOff mode. If your processor has the capability. If not, i don't know.
    Navigate "System" window until you find an option to open boot.ini , and check there - it's after "noexecute=" or something.
    Wait, i got a link somewhere..
    http://support.microsoft.com/kb/875352

    I'm not on XP, so i can't expand much sorry. The link should explain ok.
    And Vista i have no idea in case someone asks!

    EDIT: if your processor has the nx bit, and it shows gray, check the BIOS first. My computer had it disabled in BIOS, so XP couldn't access it in the first place.
     
  19. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Bits and pieces are coming to mind. I think in my case, before i activated it in BIOS, in this window
    it said on the bottom that my processor didn't support hardware DEP.
    If you're not seing this, perhaps just look at the boot.ini file and read what mode it's on.
     
  20. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, Pedro:

    Thanks for your help. I think I have solved the puzzle; the procedure I described in previous posting was done in DeepFreeze's Frozen mode. Just out of curiosity, I rebooted back to thawed state, and then conducted the same procedure. To my surprise, the option in question has surfaced, I clicked the second option, which will protect all programs and devices except the one I select. As a result, in BOOT.INI, the word(OptIn) is gone. This solution may lead to another puzzle. Why would DF's thaw/froze cycle have such impact on system's DEP feature? Good or bad? I just wonder would other apps, such as returnil, shadow defender, power shadow or shadow user, encounter similar phenomenon ? Hm mm, what a side effect. Take care.
     
  21. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    You should contact them to be sure.
    Intriguing also is why some programs apparently aren't affected by DEP even in AlwaysOn. Security programs like SSM (Process Explorer reports "N/A").
     
  22. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    You made my day, thanks for the laugh :D :thumb: :D
     
  23. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Another backdoor in the security features of Windows? :rolleyes:
     
  24. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Well, undocumented/not well known problems (such as certain overflow) are there. But I do not like that a so called "security" vendor would actually put out code (the test) to give the abilty to all to (possibly) incorparate this within malware.
    What was not a main concern today, can now become a major problem tomorrow, due to available code.
     
  25. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Comodo started it and may be after some time u will find this feature or such products by many vendors. One more layer to put on ur PC.:rolleyes:

    It was better that they incorporate it in their FW a bit silently.
     
Loading...
Thread Status:
Not open for further replies.