3 (annoying) Questions about the memory firewall.

who_te_fuc · December 24, 2008, 8:27pm

Iam running vista and today I installed Comodo Memory Firewall.
I Got 3 questions.

I installed this today and did a reboot. After that I saw that I have a file in exclusions, (without clicking ok to anything)
This file is called slsvc.exe.
And located at:
C:\windows\system32\slsvc.exe

Is this app safe? And why was it added there automatically?

Comodo Memory Firewall versus “Comodo safe surf”, whats the differences?

Does Vistas “UAC” protect you from buffer overflow attacks somewhat? I mean, not the actual overflow in the attack but the possible installation of files? or does Defence+ defend you somehow?

alaertsxan · December 24, 2008, 10:58pm

Hey there (:HUG)

I don’t know if this is standart in the exclusion files, but if you didn’t add it I assume it’s safe :).
SafeSurf protects your browsers only, CMF protects your whole computer
No, no program in the whole world except CMF protects again Buffer Overflows for now…

See ya

Xan

Bad_Frogger · December 24, 2008, 11:29pm

Vista software licensing service.
Safe Surf is the newer version of CMF. From Safe Surf help file.-
After installation, the program will monitor and protect the memory space of all applications that are running on your system and immediately block any buffer overflow attacks.
UAC no. there may be other buffer overflow protection out there.

Xan are you drinking the holidays away :■■■■

Kyle142 · December 24, 2008, 11:37pm

Incorrect Buzzer sound (:TNG)

Acouple of other programs do Sandboxie and Geswall for example.

who_te_fuc · December 25, 2008, 12:14am

2 new questions:

So you are saying that Safe Surf is the way to go?
I mean, you keep that one better up-to-date?
Its the “new-est”…?

Why have 2 almost identical softwares?
That confuses me.

LeoniAquila · December 25, 2008, 12:17am

New answers

SS is newer than CMF but it uses CMF technology. I don’t think (I’m not 100% certain though) SS is better at all.
SS was developed as a program simple to bundle with CFP and later CIS, that’s the story! If you start from scratch, I would go with CMF instead.

LA

who_te_fuc · December 25, 2008, 12:41am

Tack (thanks) LeoniAquila. (I know you speak swedish). (:WIN)
and eXPerience and Bad Frogger and Kyle for all sharing your thoughts.

Two last questions… :THNK

Is there someone currently coding on Comodo Memory Firewall or do you consider it to be fully finished (for now until maby a totally new type of Buffer Overflow is detected or a major bug? 90% plus is very good, but wouldn’t 98% be awesome?)?

Is it the same coders coding CMF and SS? (If not, do they share the code? so you can expect the same quality of code in both softwares, I mean they are both there to do the same job and a new detection should be implanted in both softwares, that what I think…)

fazio93 · December 25, 2008, 12:52am

I think the next version will be integrated into CIS.

LeoniAquila · December 25, 2008, 1:38am

(:HUG)

I’m sure they’re thinking of how to improve it, but it has been considered stable for a long time now.
I guess the same team handle CMF and SS. Anyhow, SS is “powered” by CMF so code should be shared.

Your questions are better answered by a developer. My advice though would still be CMF unless anyone in the staff says otherwise.

LA

alaertsxan · December 25, 2008, 10:39am

If you were pointing at the water… yes

I was pointing at a product that really protects you from it. With SBX or GSW you will still be attacked, but the attack will stay in the box while with CMF you’re from the attack

Xan

alaertsxan · December 25, 2008, 10:44am

Well, I’m not sure if the others actually happen that much. But I’m sure that CMF/SS are being updated all the time so normally they will become 99% bulletproof

2) Is it the same coders coding CMF and SS? (If not, do they share the code? so you can expect the same quality of code in both softwares, I mean they are both there to do the same job and a new detection should be implanted in both softwares, that what I think..)

As LA pointed out already : The source code from SS and CMF are the same, but SS is a newer version AFAIK (with less bugs)

Tack

That's one of the only norwegian/swedish I know and you can place : duzend (phonetic ;)) in front of it :P

Xan

system · December 25, 2008, 2:58pm

UAC does not protect from BO, but DEP will. As everything else, it won’t protect 100%. Anyway, if you enable DEP you’ll be better protected than if you didn’t.

If you turn on UAC, you may also run IE7 and IE8, if the case, in Protected Mode, which will lower IE’s rights to the system.

fazio93 · December 25, 2008, 3:46pm

DEP is actually useful. I have it set to protect all applications and when I ran the BO tester DEP caught the first couple before SS did, but it missed the last one (SS got it).

system · December 25, 2008, 9:56pm

And that’s why I’m a fan of layered security. What one may miss, the other may prevent.