What do you feel about buffer overflow protection? (Comodo Memory Guardian)

Discussion in 'other anti-malware software' started by Coolio10, Oct 31, 2007.

Thread Status:
Not open for further replies.
  1. Coolio10

    Coolio10 Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    1,124
    Well i noticed aigle's post about threatfire and wondering what you all think about buffer overflow protection. Is it needed? Have you encountered it?

    Well two products that are suppose to protect against it are threatfire and comodo memory guardian which is being kept quiet in the beta area.

    Comodo Memory Guardian was made to protect only against them. It will also be eventually integrated into the firewall.

    Like to see some feedback about it.

    Sorry about the big pictures. Taken right from the developer.

    They are pics of CMG blocking the new vista .ani vulnerability and the yahoo messenger exploit.

    [​IMG]
    [​IMG]

     
  2. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks:

    Speaking of buffer overflow protection, Sunbelt Kerio FW does offer this protection, it will block buffer overflow code execution. it will alert user when the problem occurs. So far I have not encountered it yet. I have not tested its strength, therefore no verdict can be delivered. Take care.
     
  3. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I wish there could be some way to test it against actual exploiits.
     
  4. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hello,
    Not really needed if you keep your software up to date and mainly use less-mainstreams apps. Switch to Firefox / Opera and Pidgin and problem solved.
    Mrk
     
  5. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Mrk, assuming no bugs, you're right of course. :)
    But with this, you don't need to rely on Mozilla etc., and vulnerabilities are found.
    CMG should be incorporated in CFP later on, if my memory serves me right.
     
  6. Coolio10

    Coolio10 Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    1,124
    It can. Those pictures were real tests. The dev just made them by running the same code used in the exploits in ie. Also comodo made a test application.
     
  7. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Doesn't turning on DEP for all programs cover buffer overflows?
     
  8. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Apparently not. DEP still fails against HTML shellcode files, though the technical details as to why, or if this is even important, are beyond me.
     
  9. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    DEP Limitations
     
  10. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Thank you solcroft and lucas1985. It seems it's over my head also from the link that lucas1985 provided. This is the first I have heard of DEP not up to the task.

    I'll assume that it's not urgent at the moment and keep my eyes on the forums.
     
  11. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I read a thread over TF forums and TF people were not satisfied with the test utility launched by Comodo.

    I can,t say anything as the topic is well beyond my knowledge.
     
  12. Coolio10

    Coolio10 Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    1,124
    Last time i checked companies do not usually compliment each other. Don't you think one app would get an unfair advantage being talked about in their own forums?

    A user of threatfire said it cannot block the .ani exploit in vista and cmg can. That should be proof right there that comodo offers more protection if even a bit.
     
  13. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Coolio, hard to compare the two. One is built specifically for this, TF aims to be an "intelligent" program that detects malicious behavior in general.
     
  14. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I understand that and actually I trust neither of statements.

    I will believe only when tested by some trsut worthy third party or somehow by myself. For myself it,s too difficult to test something against such exploits, well beyond my knowledge and expertise.

    It,s even too hard to find a link with such an alive exploit!!:oops:
     
  15. Zombini

    Zombini Registered Member

    Joined:
    Jul 11, 2006
    Posts:
    469
    SolCraft,

    Do you have a link to the above. Why is DEP ineffective against HTML shellcode.

    Thanks.
     
  16. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
  17. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    From here
     
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    @ lucas1985,

    Yes I know, but what I meant is that I think it´s impressive that a software based tool can protect against all of this. ;)
     
  19. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Understood :)
     
  20. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    You are assuming it does so effectively....
     
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Yes of course, I assume that these guys have enough knowledge to make a good product, and I already asked you why you said that the CMG testing tool is rubbish. I´m still waiting for your response.
     
Loading...
Thread Status:
Not open for further replies.