Comodo Memory Guardian Beta v1

Perman · Nov 10, 2007

Hi, Stem:

If all security app vendors have your vision, we, as end users will have peaceful cyber days in sight. I suppose they do not go to the very same after-hour club, or do not belong to the same health-fitness club ? A selfish act re Commodo's part we may say, but information/knowledge inside trading/sharing sometimes may not be a very smart idea. IMO, A self-regulatory body is perhaps what these vendors urgently need in the very near future. Take care.

pandlouk · Nov 12, 2007

Stem said:

I understand this problems with some vendors,.. they do prefer to make their products "look" better than perform/protect better. But, my main concern, and from my post you omited:-

I asked this, as it would give indication of the vendor.

Example: I do not know you personally, but I know your product. If you where to suddenly put forward a "compromise", giving code, and the fact that your product protects from such,... would you of first informed other security vendors of this "compromise", or what?

Regards,
Click to expand...

Hi Stem

a member of the comodo forums brought this topic to Melih's (Comodo's CEO) attention. Here is his responce:

http://forums.comodo.com/comodo_mem...programming-t11398.0.html;msg101295#msg101295

Melih said:

I am simply amazed at Stem! Smiley

Stem, I don't get your point?
Please help me understand what you are saying

-Are you saying that we created the Problem? (you are giving an example of an AV vendor creating a virus then providing a solution, this would mean that we created the BO problem.. So are you claiming that we did?)

-Are you saying that: we should simply not alert users about testing whatever software they have, to this well exploited vulnerability, and let them live with false sense of security?

-Are you saying that: we should not give people an ability to test if our product work or not?

-Are you saying that: there are no other C code widely available on the net (yes ready to compile C code) that exploits Buffer Overflow vulnerabilities and that now we have a test application, the malware authors will reverse engineer to figure out how to test!!! Please go to google and just search for a keyword buffer overflow test or buffer overflow code (or many other keywords that will give you test code that will do exactly what we do in our tests)... there are tons of examples of codes available that anyone who cares can get. Test application is a VERY simple code as explained many times before and we clearly specifiy what it tests! There are tons of code out there for anyone to get, .. again at a loss as to what your point is..

BO is one of the most sinister vulnerabilities, that is heavily exploited, we have today and all these users out there are totally vulnerable!!!!!!

Please go ahead and do a search on Secunia website to see how many BO vulnerabilities are found
http://secunia.com/search/?search=buffer overflow
its one a day!!!!

here are some examples!!

Oracle Database PITRIG_DROPMETADATA Buffer Overflow Vulnerability 2007-11-08
Link Grammar "separate_sentence()" Buffer Overflow 2007-11-07
AbiWord Link Grammar "separate_sentence()" Buffer Overflow 2007-11-07
SSReader Pdg2 Control ActiveX Control Buffer Overflow Vulnerability 2007-11-07
OpenBase SQL Command Injection and Buffer Overflow 2007-11-06
Perl Regular Expressions Unicode Data Buffer Overflow 2007-11-06
ACDSee Products Image and Archive Plug-ins Buffer Overflows 2007-11-02
Ourgame GLWorld GlobalLink Chat Control Buffer Overflows 2007-11-02
Novell BorderManager Client Trust Buffer Overflow Vulnerability 2007-11-01
McAfee E-Business Server Authentication Packet Handling Buffer Overflow 2007-10-31
NuFW "samp_send()" Buffer Overflow Vulnerability 2007-10-30
IPSwitch IMail Server IMail Client Buffer Overflow Vulnerability 2007-10-30
GOM Player GOM Manager ActiveX Control Buffer Overflow 2007-10-29
Sony CONNECT Player M3U Playlist Processing Buffer Overflow 2007-10-29
activePDF DocConverter File Parsing Buffer Overflows 2007-10-26
RealPlayer/RealOne/HelixPlayer Multiple Buffer Overflows 2007-10-26
Nagios Plugins "check_snmp" Buffer Overflow Vulnerability 2007-10-26
JustSystems Ichitaro Document Processing Multiple Buffer Overflows 2007-10-25
IBM Lotus Notes File Viewer Buffer Overflow Vulnerabilities 2007-10-23
MultiXTpm Application Server "DebugPrint()" Buffer Overflow 2007-10-23
RealPlayer Playlist Handling Buffer Overflow Vulnerability 2007-10-22
Nortel IP Softphone 2050 Buffer Overflow Vulnerability 2007-10-18
Miranda Multiple Buffer Overflow Vulnerabilities 2007-10-18
IrfanView Palette File Importing Buffer Overflow Vulnerability 2007-10-16
jetAudio M3U Playlist Processing Buffer Overflow 2007-10-15

So I am at a loss as to why Stem would NOT want people to test their systems to see if they suffer from BO or not? (and those users will have access to a free (totally free) solution to protect themselves as well anyway!)

We did NOT invent the BO vulnerability
We did NOT write the exploits for BO vulnerabilities
we are THE ONLY vendor providing FREE PROTECTION for BO!
we are THE ONLY vendor trying to educate users about this vulnerability that is actively causing harm to end users!

Stem, BO is such a huge issue (exploited issue) even CPU manufacturers like Intel and AMD have come up with h/w based solutions (DEP sounds familiar?Wink ) which is still not enough against all the BO exploits out there.

Instead, Stem you should be educating everyone about BO issues and helping them protect themselves! In real world when there is a vulnerability (lets say a new virus/bacteria, like Bird flu etc) that is killing people, the government does not say, hey lets keep it quite.. they make sure everyone is aware of it and teach them how to help themselves!

I think Stem is confusing the difference between:

A new vulnerability that has no exploits for (eg: somoene finds a new vulnerability and there are no exploits/malware out there utilising this new vulnerability). (Of course you keep that vulnerability quite and get it fixed before it can be exploited.)

with

A widely known vulnerability (eg: BO) that has too many exploits. Naturally, for a widely known and exploited vulnerability like BO, you want to educate users and give them tools to test their current security and protect themselves with.

Again, there is a big difference between

A New Vulnerability(unexploited)
and
An Exploited Vulnerability

BO is an Exploited Vulnerability!!!!!!
(Well exploited!!!! like Drive-by-download attacks etc)

Melih
Click to expand...

The following is from a pm I had with Melih some minutes ago.

"posting of any private communications without the express permission of all parties involved is prohibited" per TOS....Bubba~

regards,
Panagiotis

SystemJunkie · Nov 12, 2007

If you worry so much about compromise, unplug your internet and be happier.

At one time, the PC was there for the user, to enjoy, have some fun. It now appears to be there to install security applications.
Click to expand...

This seems to be your way of british humour

I think I will keep my computer on/plugged-in and enjoy it's full potential while knowing it is secure as possible all at the same time

For users to be able to enjoy their computers and have them secure at the same time it is a must for security vendors to know of as many exploits / leaks as possible. How can they seamlessly protect something they do not know about?
Click to expand...

Lool, I guess you don´t come from UK, I understand your point of view.

I can still make certain bypass/dos against Comodo firewall,
Click to expand...

I am not surprise imho Comodo RC1 is extremely vulnerable as well as most other firewalls even if it belongs to the best what this world has to offer. (naturally Outpost and Online Armor belong together with Comodo to the best)

Quote:
Originally Posted by AJohn
Edit: Which DOS attack can COMODO v.3 not stop?
I will let you know after its final release,..
Reply With Quote
Click to expand...

And I bet you´ll still be able to bypass even in final...

Stem · Nov 13, 2007

pandlouk said:

a member of the comodo forums brought this topic to Melih's (Comodo's CEO) attention. Here is his responce:
Click to expand...

I am not going to get involved with cross-forum chats/posts.

My question was simple,

Did Comodo release the code for the last "overflow" problem to all vendors before releasing the code to all?
Click to expand...

which could of been answered with a "yes" or "no". Instead, there is a "Melih overflow"

I am finished with this thread.

solcroft · Nov 13, 2007

Stem said:

My question was simple
Click to expand...

It is also perhaps irrelevent.

Which vendors are Comodo going to release it to? Antivirus vendors? Firewall vendors? HIPS vendors? Do any of them claim that their products detect and prevent buffer overflows? Please correct me if I'm wrong, but as far as I can remember, none of them do.

Not to mention that, like Melih mentioned, this isn't POC code. This isn't something new. And it isn't something available only to privileged members of the computer underworld - it's a widespread attack that's been around for ages, with the code to do so readily available to anyone who wants it anyway.

I, for one, am glad to see you done with this thread.

Log in or Sign up

Comodo Memory Guardian Beta v1

Perman Registered Member

pandlouk Registered Member

SystemJunkie Resident Conspiracy Theorist

Stem Firewall Expert

solcroft Registered Member

Log in or Sign up

Comodo Memory Guardian Beta v1

Perman Registered Member

pandlouk Registered Member

SystemJunkie Resident Conspiracy Theorist

Stem Firewall Expert

solcroft Registered Member

Useful Searches