Subscribe to our Memory Firewall - Buffer Overflow Attack Prevention
For the sake of trying something new, I downloaded Comodo Memory Firewall. I was getting Quicktime Buffer Overflow on the internet with MPEG-4 QuickTime codec. So I did a quick search and found this. It is described as a Security program so I posted here.
Anyway, QuckTime seems to have stabilised, whether from its' latest update or as a result of this new program. I have had other Buffer issues with other web based things, but cannot remember what they were. Old Timers Disease :-p
I am totally Green in this area and I'm really not convinced by the write-up on the Comodo website, but will bite the bullet and leave it installed just in case. Only uses about 2.5MB constant memory and about 13MB peak at startup. Processor resource needle does not register, so it has quite a small footprint on this Laptop, 2.4GHz dual, 4Gb RAM.
Has anyone else had any experience with this type of program? and
If there are other free ones, which is best? and
Is it really necessary, or highly recommended for a PC that is connected 24/7 to the internet?.
Regards
Sir Surfsalot
Scoffer
Delicious
Digg
StumbleUpon
Please rate this article
This page mentions a single product (Comodo Memory Firewall), which is obsolete - now its functionality is included in Comodo Internet Security.
So, currently, memory overflow protection is a feature/functionality rather than a class of software in its own right. I would remove this page and this item from http://www.techsupportalert.com/pc/security-tools.html .
You might get a more effective response if you post this on the Forum.
Thanks again Peter. How do I link it? Tried to link my other one but gave up.
Does this help?
http://www.techsupportalert.com/freeware-forum/security/862-buffer-overf...
I think it does. I'll "fiddle practice" a bit to learn some of the site's not-too-secret thingamyjigs.
Reply here or there?
Anyway, buffer overflows are a growing menace used by malware to gain access to a machine, especially worms.
This is a good technical explanation of one form of attack as there are in fact several methods possible.
http://en.wikipedia.org/wiki/Stack_buffer_overflow
I believe BO prevention to be a vital part of computer defense and have used Comodo Memory Firewall ever since it first came out. CIS now contains this module as one of it's integrated components so a standalone program is not required so long as the Defense+ is enabled. CMF prevents "most" forms of BO attack so 100% protection is not guaranteed. This kind of vendor statement though is typical as no AV will guarantee 100% either. Some other applications also offer this feature such as Mcafee and Outpost Pro, but they are few and far between. I've found CMF to be stable with everything else I've had installed on various machines and would not set one up without it.
Hope this helps.
In addition to Comodo Memory Firewall and/or the equivalent integrated function in the new CIS release, what other alternatives may you suggest?
I have Online Armor Free and I'm considering to add Comodo Memory Firewall or Threatfire to cover the gap (if any, I guess BO is not properly covered bu this firewall/HIPS that I appreciate a lot).
Threatfire could also cover other threats like keyloggers that are not well detected by OA Free.
Thanks in advance.
Rgds, MT
Are these attacks common? I haven't really seen a lot of references to it.
I think DEP and keeping your software updated provides adequate protection against these threats, is that correct?
Buffer overflow, intended or otherwise, has probably caused more system crashes than any other mechanism.
The original denial of service attacks were based on this mechanism, either the NIC driver would crash, taking out the OS, or something else further up the chain would be overwhelmed and crash.
Today the attacks are more subtle, corrupting a return value from a function, or, if you want to take control, modifying the return address on the stack of the currently executing thread.
These attacks are generally targeted towards code originally written in C/C++ as the runtime libraries do little, if any, bounds checking. Microsoft is sufficiently concerned to have announced that the memcopy function will no longer be included in future versions of Microsoft C/C++. Obviously, they are happily ignoring the fact that this function is included in both the ANSI and ISO C standards.
Please do not take my comments as an attack on C/C++, although I must admit in inexperienced hands these languages are the short route to chaos. In Java, data structures contain header data that identifies the associated security context. It isn't rocket science to manipulate this, with predictable consequences.
If you think this is all sci-fi, then consider this. I have a piece of Delphi code that implements an out of process COM object. The code, which only works under Vista 32, Windows 7 32, in itself does nothing. However, I can wrap a DLL around it that will then allow me to execute anything I like from a standard user account, no UAC, no NTFS permissions problems, nothing. And I'm not a hacker.
Rik Mayell
Thanks for the information. So does DEP provide adequate protection against buffer overflows?
If I'm not mistaken Conficker was a BO exploit so I guess preventing them is quite important.
That's true, but before that it would need to get on your computer. This could have been prevented by simply turing on Windows Firewall, disabling Autorun and keeping Windows up to date.
Post new comment