What do you feel about buffer overflow protection? (Comodo Memory Guardian)

Well i noticed aigle's post about threatfire and wondering what you all think about buffer overflow protection. Is it needed? Have you encountered it?

Well two products that are suppose to protect against it are threatfire and comodo memory guardian which is being kept quiet in the beta area.

Comodo Memory Guardian was made to protect only against them. It will also be eventually integrated into the firewall.

Like to see some feedback about it.

Sorry about the big pictures. Taken right from the developer.

They are pics of CMG blocking the new vista .ani vulnerability and the yahoo messenger exploit.

 

Hi, folks:

Speaking of buffer overflow protection, Sunbelt Kerio FW does offer this protection, it will block buffer overflow code execution. it will alert user when the problem occurs. So far I have not encountered it yet. I have not tested its strength, therefore no verdict can be delivered. Take care.

 

I wish there could be some way to test it against actual exploiits.

 

Hello,
Not really needed if you keep your software up to date and mainly use less-mainstreams apps. Switch to Firefox / Opera and Pidgin and problem solved.
Mrk

 

Mrk, assuming no bugs, you're right of course.
But with this, you don't need to rely on Mozilla etc., and vulnerabilities are found.
CMG should be incorporated in CFP later on, if my memory serves me right.

 

It can. Those pictures were real tests. The dev just made them by running the same code used in the exploits in ie. Also comodo made a test application.

 

Doesn't turning on DEP for all programs cover buffer overflows?

 

Apparently not. DEP still fails against HTML shellcode files, though the technical details as to why, or if this is even important, are beyond me.

 

DEP Limitations

 

Thank you solcroft and lucas1985. It seems it's over my head also from the link that lucas1985 provided. This is the first I have heard of DEP not up to the task.

I'll assume that it's not urgent at the moment and keep my eyes on the forums.

 

I read a thread over TF forums and TF people were not satisfied with the test utility launched by Comodo.

I can,t say anything as the topic is well beyond my knowledge.

 

Last time i checked companies do not usually compliment each other. Don't you think one app would get an unfair advantage being talked about in their own forums?

A user of threatfire said it cannot block the .ani exploit in vista and cmg can. That should be proof right there that comodo offers more protection if even a bit.

 

Coolio, hard to compare the two. One is built specifically for this, TF aims to be an "intelligent" program that detects malicious behavior in general.

 

I understand that and actually I trust neither of statements.

I will believe only when tested by some trsut worthy third party or somehow by myself. For myself it,s too difficult to test something against such exploits, well beyond my knowledge and expertise.

It,s even too hard to find a link with such an alive exploit!!

 

SolCraft,

Do you have a link to the above. Why is DEP ineffective against HTML shellcode.

Thanks.

 

Well, nice to see CMG in real life action, it´s running just fine on my machine, so it looks like a nice addition to my setup. And I must say that I was also quite impressed to see how many exploits a tool like Buffer Shield could stop, would be cool if CMG could do the same.

http://www.sys-manage.com/PRODUCTS/BufferShield/PreventedExploits/tabid/63/Default.aspx

 

From here

 

@ lucas1985,

Yes I know, but what I meant is that I think it´s impressive that a software based tool can protect against all of this.

 

Understood

 

You are assuming it does so effectively....

 

Yes of course, I assume that these guys have enough knowledge to make a good product, and I already asked you why you said that the CMG testing tool is rubbish. I´m still waiting for your response.