What does CMF actually do???

Discussion in 'other firewalls' started by nomarjr3, May 24, 2008.

Thread Status:
Not open for further replies.
  1. nomarjr3

    nomarjr3 Registered Member

    Joined:
    Jul 31, 2007
    Posts:
    502
    I recently came across a piece of freeware called 'Comodo Memory Firewall'.
    Its said to block buffer overflows (whatever that is).

    Is it necessary to install such software on a fully-patched Windoes XP SP2 system??
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
  3. 3xist

    3xist Guest

    Yes, It is necessary. Buffer Overflow is a serious threat.

    Comodo Memory Firewall is a buffer overflow detection and prevention tool which provides the ultimate defence against one of the most serious and common attack types on the Internet - the buffer overflow attack.

    Comodo Memory Firewall protects against data theft, computer crashes and system damage by preventing most types of buffer overflow attacks. This type of attack occurs when a malicious program or script deliberately sends more data to its memory buffer than the buffer can handle. It is at this point that a successful attack can create a back door to the system though which a hacker can gain access. The goal of most attacks is to install malware onto the compromised PC whereby the hacker can reformat the hard drive, steal sensitive user information, or even install programs that transform the machine into a Zombie PC.

    The product is aimed for system administrators as well as desktop users to protect their systems and detects suspicious code executions in the stack or the heap portions of the memory.

    Comodo Memory Firewall detects the following types of attack:

    * Detection of Buffer Overflows which occur in the STACK memory,
    * Detection of Buffer Overflows which occur in the HEAP memory,
    * Detection of ret2libc attacks,
    * Detection of corrupted/bad SEH Chains

    What is a Buffer Overflow attack – The Technical Description?

    In computer security and programming, a buffer overflow, or buffer overrun, is a programming error which may result in a memory access exception and program termination, or in the event of the user being malicious, a possible breach of system security.

    A buffer overflow is an anomalous condition where a process attempts to store data beyond the boundaries of a fixed-length buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include other buffers, variables and program flow data and may cause a process to crash or produce incorrect results. They can be triggered by inputs specifically designed to execute malicious code or to make the program operate in an unintended way. As such, buffer overflows cause many software vulnerabilities and form the basis of many exploits. Sufficient bounds checking by either the programmer or the compiler can prevent buffer overflows.


    It works very well in conjunction with COMODO Firewall Pro 3. COMODO Firewall Pro 3.0.23.364 actually has a "Toolbar" -(COMODO SafeSurf), Which is powered by CMF technology, & Protects against BO's inside the Browser, However CMF has more options and flexibility to protect more things- Not just in the Browser.

    3xist.
     
  4. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    Hm. Then why have I never got it for many years without restricting myself from starting anything I found interesting in the Web ?
     
  5. Stephen2_Aus

    Stephen2_Aus Registered Member

    Joined:
    Feb 17, 2007
    Posts:
    37
    Specious reasoning.

    The fact is more exploits are being delivered without user intervention, ie through something as simple as viewing a WMF image:
    http://en.wikipedia.org/wiki/2005_WMF_vulnerability

    Buffer overrun is considered a serious security risk by large companies, including Intel and Microsoft:
    http://en.wikipedia.org/wiki/Data_Execution_Prevention

    Of course, it all depends how worried you are... I added Comodo Memory Firewall to my small list of security apps recently. It hasn't done anything of note yet, but who knows?

    It uses barely any resources and it fares well against the few test samples I could find...
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,050


    I'd say maybe, and the solution doesn't necessarily have to be the Comodo Memory Firewall.

    For a process to cause this kind of attack it first has to run, and 2nd has to be able to cause damage. So any HIPS, that can block it from running. Something that lowers rights, probaby protect as would something like Defense Wall. Running Sandboxie would also probably protect against all the threats mentioned.

    So is a good protection scheme important. Absolutely. Is a separate program to protect agains Buffer Overflows absolutely necessary. IMHO, probably not.

    Pete
     
  7. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I wonder how many malware don't need a trigger to run, like keyloggers for instance.
    Run most malware only, when you double click it or something else ?
     
  8. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    I'd say I'm middle worried :)

    I just do not like to install too much security until I know for sure what do I need it for. Also I hardly install something "just in case". As far As I saw all of those "overflaw" exploits in the end download exe and try to execute it, so having execution control you can feel yourself safe. And to say the truth I have more trust in DEP than in s/w preventors.
     
  9. 3xist

    3xist Guest

    You don't have to install it. Sorry for being full on... Just my personal opinion, Buffer Overflows are growing IMHO.
     
  10. nomarjr3

    nomarjr3 Registered Member

    Joined:
    Jul 31, 2007
    Posts:
    502
    3xist

    Buffer overflows are growing?? Are you sure?
    Since installing CMF on my system, it hasn't even caught a single overflow.

    If it could hardly detect any error, I believe we should use a DEP/HIPS for protection instead.
     
  11. chaos16

    chaos16 Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,004
    when will CMF me intergrated to Comodo firewall? i read some where that they were gonna do it?

    plus will they put the actual program CMF to Comodo firewall or it would still be better if u use the 2 programs together?
     
Loading...
Thread Status:
Not open for further replies.