Please feel free to ask any questions to learn all about Computer Security.

[Guest]

[asker]

I tried Comodo Buffer Overflow utility. Defense+ and Windows Vista UAC intercepted it, but ThreatFire from PCtools did not even blink. I fully trust ThreatFire but since this test I have gone a little suspicious about effectiveness of Threatfire. Do you have any idea why ThreatFire did not react? Is it possible it recognized your testing utility as something not dangerous or did it completely fail?
I do not want to use Defense+ because it is too intrusive with warnings no matter how much I strive to silent it. Since I test a lot of software I can not afford this. I wish it was smart hips.

www.computorial.blogspot.com

[andyman35]

I tried Comodo Buffer Overflow utility. Defense+ and Windows Vista UAC intercepted it, but ThreatFire from PCtools did not even blink. I fully trust ThreatFire but since this test I have gone a little suspicious about effectiveness of Threatfire. Do you have any idea why ThreatFire did not react? Is it possible it recognized your testing utility as something not dangerous or did it completely fail?
I do not want to use Defense+ because it is too intrusive with warnings no matter how much I strive to silent it. Since I test a lot of software I can not afford this. I wish it was smart hips.

www.computorial.blogspot.com

It's difficult to say with regards to TF,why it didn't react.It could well be that it determined that nothing malicious was actually occurring.

[asker]

It's difficult to say with regards to TF,why it didn't react.It could well be that it determined that nothing malicious was actually occurring.

maybe you are right. But I would like to be sure. 
Thanks for reply andy

[Info-Sec]

maybe you are right. But I would like to be sure. 
Thanks for reply andy

Yes, threatfire is very good at alerting you to real malicious behavior.  For example a bufferoverflow may occur, but if no code is being injected, threatfire will not alert you.

[andyman35]

Yes in order to generate a warning from Threatfire a certain threshold of suspicious behaviour must be exceeded.So even if a single factor shares a similarity with malware,TF uses intelligence to determine whether or not it's truly malicious (sometimes it's over zealous but that's another point).

[Info-Sec]

Yes in order to generate a warning from Threatfire a certain threshold of suspicious behaviour must be exceeded.So even if a single factor shares a similarity with malware,TF uses intelligence to determine whether or not it's truly malicious (sometimes it's over zealous but that's another point).

Yes, that point is exactly what makes TF a great solution.  Its usually quiet when it has to be, and its effective when it has to be.

[andyman35]

Yes, that point is exactly what makes TF a great solution.  Its usually quiet when it has to be, and its effective when it has to be.

Quite so.If it'd just stop with the automated blocking it'd be a near perfect BB.

[OmeletGuy]

Can Bufferoverflow attacks happen on Unbuffred memory??

Logic says no! but then again it could right?

[panic]

Buffer overflows refer to software buffers, not what type of RAM  is installed in your system.

[MorphOS REBOL]

Wise answer

The REBOL

[pwindfeld]

Most links from a Google search is forcibly done via bestwebsearch.net which appears to be a Chinese outfit (with a rather amusing take on the use of the English language!) and is slowing web access to a crawl. Neither Comodo nor Spybot find any spy/malware on the pc. What is this and how do I get rid of it?

Many thanks

[JamesFrance]

Most links from a Google search is forcibly done via bestwebsearch.net which appears to be a Chinese outfit (with a rather amusing take on the use of the English language!) and is slowing web access to a crawl. Neither Comodo nor Spybot find any spy/malware on the pc. What is this and how do I get rid of it?

Many thanks

Hi pwinfeld, welcome to the forum.

Do you have this installed?

A malicious Firefox extension called FirestarterFox is being installed by some of the latest malware variants. This extension hijacks all search requests through Google, Yahoo and Microsoft Live search and redirects them through the Russian site thebestwebsearch.net

If so maybe you have other problems too and should post here:
http://forums.comodo.com/virusmalware_removal_assistance-b58.0/

[pwindfeld]

Hi James - I don't have Firefox installed, but between SuperAntiSpyware and Malwarebytes the problem has now been fixed. Many thanks; you're indeed a star.

[morgan]

Comodo has trapped my msn in its security system as some kind of a danger and I cannot reload it. I have tried removing msn and loading it again even without Comodo but I talked to an "expert" and he says Comodo security has it trapped or blocked.

I went to Comodo and can't find anything that says "msn" blocked. I tried to free my "locked" messages but that didn't help. At the moment my msn "premium" will not work at all (I'm paying for it) even though live mail will, thank God.

Could somebody email me if you have an answer? Anybody have similar problems? I'm not always available to access this site. Thank you!!

By the way, I tried reinstalling msn with Comodo turned off and that didn't help either, it's still blocking it.

[fatherflap]

My Anti- virus scans freeze at about 55823 folders scanned. I have tried both connected and disconnected from the internet.

I have un-installed and reinstalled a fresh copy of Commodo Anti- virus of it but it still freezes about 2 minutes from the usual time it takes to scan .

Would welcome any ideas or a solution

cheers fatherflap

[Tags:]