Is there any HIPS software with Buffer overflow protection

Discussion in 'other anti-malware software' started by Mr. Y, Dec 30, 2007.

Thread Status:
Not open for further replies.
  1. Mr. Y

    Mr. Y Registered Member

    Joined:
    Jan 11, 2006
    Posts:
    257
    Buffer overflow exploits are a grossly understated threat.
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    Not a classical HIPS, but Threatfire blocks buffer overflows; I think Prevx does too but not completely sure.

    If you dont mind a separate program, you could consider Comodo's Memory Firewall.
     
  3. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater

    Turning on data execution protection for all programs prevents buffer overflows, at least according to Gkweb. It only works on 64 bit capable processors.
     
  4. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Both core duo and core 2 duo processors have hardware DEP. Enabling DEP for all programs and services in windows will protect against the exploit.

    Also, defenceplus is an app which specifically protects against this exploit.
     
  5. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Hello,

    If you quote that comment from there :
    http://www.firewallleaktester.com/docs/Securing Windows - PART 2.pdf

    I also say (page 9) that "DEP is not fool-proof". It exists different kinds of overflow methods, DEP prevents the most common ones. If you want to go further to protect you against any type of overflow, it seems that Comodo is doing a software to handle that, although it is in Beta right now :
    https://www.wilderssecurity.com/showthread.php?t=194369
    http://forums.comodo.com/comodo_memory_firewallbuffer_overflow_protection-b97.0/

    They have made a testing app to make you able to test the overflow methods : COMODO BO Tester :
    http://forums.comodo.com/comodo_mem...er_overflow_testing_application-t12541.0.html

    On Vista x64 DEP blocks all tests except two.

    Regards,
    gkweb.
     

    Attached Files:

  6. Coolio10

    Coolio10 Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    1,124
    The CMF developer has spoken? :D

    Sandboxie does not accept professional help? :D
     
Loading...
Thread Status:
Not open for further replies.