CMF fails this test, apparently | Comodo Memory Firewall Beta Corner

qwerty

Comodo Loves me

Offline

Posts: 155

CMF fails this test, apparently

« on: January 05, 2008, 06:29:49 AM »

Hi all, I came across this thread at wilders, apparently CMF fails all 5 tests. Sad

Test is downloadable here.(scroll down)


	Logged

gibran

Average User
Comodo's Hero

Offline

Posts: 5056

A bad workman always blames his tools

Re: CMF fails this test, apparently

« Reply #1 on: January 05, 2008, 07:30:48 AM »

Yep this has already been discussed. CMF block api calls from BO so if POCs are only used to demonstrate Buffer Overflows there would be no way to block those.
Anyway any malicious code needs to call some API to accomplish something so real exploits will be catched by SMF.

It would be interesting to run Comodo BO tester 3rd test against BufferShield. It should fail.
Also CMF should protect your PC if some malware disable widows enforced hardware DEP.

I looked at that thread and found out http://www.sys-manage.com/PRODUCTS/BufferShield/PreventedExploits/tabid/63/Default.aspx CFM is not mentioned I guess that someone could ask them to include it in their tested products list Grin


« Last Edit: January 05, 2008, 07:39:53 AM by gibran »	Logged

"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."- Douglas Adams

qwerty

Comodo Loves me

Offline

Posts: 155

Re: CMF fails this test, apparently

« Reply #2 on: January 05, 2008, 07:17:02 PM »

I'm a bit confused here... so does CMF actually prevent BO's from occurring, or does it just limit what the BO can do?
From what you said, it looks like the latter?


	Logged

gibran

Average User
Comodo's Hero

Offline

Posts: 5056

A bad workman always blames his tools

Re: CMF fails this test, apparently

« Reply #3 on: January 06, 2008, 01:47:54 AM »

Quote from: qwerty on January 05, 2008, 07:17:02 PM

I'm a bit confused here... so does CMF actually prevent BO's from occurring, or does it just limit what the BO can do?
From what you said, it looks like the latter?

IIRC BO cannot be prevented. BO can be detected and the offending proces killed. That's what CMF will do. If a BO is exploited then an API will be called.


	Logged

"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."- Douglas Adams

atomas31

Comodo Loves me

Offline

Posts: 120

Re: CMF fails this test, apparently

« Reply #4 on: January 07, 2008, 11:48:39 AM »

Quote from: gibran on January 05, 2008, 07:30:48 AM

Hi,

How does CMF compare, in term of security, to Buffershield?
From the link in your test, how many "green hook" could CMF have/had and against wich of this exploit does CMF doesn't protect us?

Thanks,
Atomas31


	Logged

gibran

Average User
Comodo's Hero

Offline

Posts: 5056

A bad workman always blames his tools

Re: CMF fails this test, apparently

« Reply #5 on: January 07, 2008, 01:55:42 PM »

Quote from: atomas31 on January 07, 2008, 11:48:39 AM

I cannot test those exploit myself Shocked

as those are only link to advisories that give exploit specifics. I guess that is up to BS developers to add CFM and Microsoft HW DEP too.
From a thecnical standpoint. CMF catch some exploits that could be catched by MS HW dep and also some exploit that ms HW dep doesn't catch.
DS developers tested only MS software dep (that is MS not hardware supported DEP used on old CPUs).

As it turns out MS enforced dep could be disabled in some cases so CMF will provide protection in such scenarios too.


	Logged

"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."- Douglas Adams

atomas31

Comodo Loves me

Offline

Posts: 120

Re: CMF fails this test, apparently

« Reply #6 on: January 08, 2008, 03:28:08 PM »

Well, I hope BS developper will add CMF to there tests...

As for me, I have tried CMF but after two BSOD causes by the addition of CMF, I remove it from my system Cry

I hope Comodo will solved the BSOD issue soon...

I have windows XP with SP2, Nod32 2.70.39, Comodo Boclean and Prosecurity 1.41 and Rollback Rx 8.1 and when BSOD happens I had Utorrent downloading in background, Mailwasher pro 6.1 in the tray bar, and I was navigating with Firefox on comodo website (both times) and listening music with Winamp 5.50....

Best regards,
Atomas31


	Logged

condar

Newbie

Offline

Posts: 9

Re: CMF fails this test, apparently

« Reply #7 on: March 17, 2008, 05:12:41 PM »

Quote from: gibran on January 05, 2008, 07:30:48 AM

It would be interesting to run Comodo BO tester 3rd test against BufferShield. It should fail.
Also CMF should protect your PC if some malware disable widows enforced hardware DEP.

I looked at that thread and found out http://www.sys-manage.com/PRODUCTS/BufferShield/PreventedExploits/tabid/63/Default.aspx CFM is not mentioned I guess that someone could ask them to include it in their tested products list Grin

Well. Buffershield didn´t pass the Comodo BO Tester... Tongue