CMG & DEP

[Guest]

[SiberLynx]

Greetings all,
Ok! Another Comodo product installed. (B)
We have system software DEP implemented. Most contemporary PCs (like this one here) have Hardware-enforced DEP, which is enabled in BIOS, as recommended.
May I ask the respective community where CMG stands?
Is it a strong(-est!) additional layer of such particular type of needed security or, ideally,  in the nearest “after-beta” future – that’s all we may pray for and use?
Where can one read more detailed technical info, comparisons, reviews,.. how CMG can fight some known methods to circumvent HD and/or  SW DEP protection etc.
Thanks in advance

[Tyler Durden]

I've allready answered that question in other topic mate Ok here we go again:
1. Software DEP is nothing but SEH chain validator (means it's not a DEP but some way to prevent one rare type of shellcode's injection)
2. Hardware DEP is very incompatible thing, that's why:
 a) DEP mode by default is OptIn = all system services are protected, user apps aren't protected
 b) DEP is _VERY_ incompatible thing so we 've got one more "layer" over DEP-mode - windows disables DEP for app which is know to be incompatible with DEP (this includes many checks, like exe-packers check and so on)
3. DEP-protection is vulnerable to ret2libc kind of attack (so you're not protected at all)

So we 've got CMG A fast and compatible way to be protected. It protects all apps against ret2libc and common BO attacks, and it doesn't treminate your favorite apps as well

[SiberLynx]

Hi Tyler,
Thank you very much, mate
Very interesting and that's info I was searching for (ret2libc in particular).
As a matter of fact, I was searching for "DEP" before posting. I usually do that. I found some DEP-CPF related Q&A but missed that "other topic" you are referring to.
I'm sure another mate will come with the similar Q and you will be quite annoyed to
write:

I've allready answered that question in other topic mate Ok here we go again:...

It is very helpful and important info, mate . It deserves to be Sticky
I do appreciate your reply.
Ok here we go again...Mate!    

[Tyler Durden]

No problem 

[SiberLynx]

7 beers!!!???
I am not sure I will be interested in DEP after that...
unless it stands for Damn Enuresis Piss
 

[MikeH]

It is very helpful and important info, mate . It deserves to be Sticky

I could not agree more!

Regards,
Mike

[SS26]

Just to make sure: can someone who has CMF running disable DEP completely (NoExecute=AlwaysOff) as it is useless (with CMF running)?

[Tyler Durden]

Yes, you can. But overprotection is not bad too

[SS26]

Yes, you can. But overprotection is not bad too

Thanks for reply

[BigWoop]

Confused, where is CMG available? Is it different to CMF? Does CIS include anything like either of the two?

[SS26]

It's an evolution: first was CMG (Comodo Memory Guardian), than it was renamed at some stage to CMF (Comodo Memory Firewall).
...And CIS has SafeSurf (if you agreed to install it during installation process of CIS) which do (nearly) same job as CMF.
Hopefully I'm not mistaken anywhere

[BigWoop]

Safe surf being the same safe surf toolbar thing that comes with CFP3 I guess?

I thought that scanned websites you were surfing or something, unless it does also have the functionality of CMF.

I would have thought that CIS would have something similar to CMF, other than safe surf.

[SS26]

Safe surf being the same safe surf toolbar thing that comes with CFP3 I guess?

Yes. It is same thing (even same version: 1.0.0.6), but I'm referring to cssurf.exe, which provides BO protection but is not related to toolbar - you can uninstall toolbar (ask.com entry under add\remove apps) but still have BO protection.

[BigWoop]

But isn't BO protection what CBOClean does? CMF handles memory buffer overflow attacks (whatever those are )

[Japo]

BOClean doesn't protect against buffer overflow. The BO in BOClean stands for Back Orifice, believe it or not.

The Comodo products that protect against buffer overflow (also usually abbreviated BO) are CMF and SafeSurf, not BOClean.

[Tags:]