Lets see if your security products (AV, firewall or other) protect you from a Buffer Overflow (BO) attack, which is one of the most common form of attacks for users. Especially Drive-by-Download attacks extensively utilise BO to inject malware to users's machines.
COMODO BO Tester is a testing utility which checks whether your system is vulnerable to buffer overflow attacks or not.
I test it today, my PC CIS setting listed as following no matter it is Sandbox enalbe or not. and three of the BO Tester are all Vulnerable from COMODO Buffer Overflow Attack Test, I wonder if CIS V4 can protect buffer overflow attack?
I do (CIS V3, and thus no sandbox), but it is the first time i receive a very detailed defense+ alert, suggesting the “thing” is in fact signed by Comodo, and undirectly saying a real buffer overflow maybe would not.
The BO testing applications are not signed nor safelisted. Nor that being signed/safelisted would make a difference whereas it is unclear what made you direcly say this much. ???
On the other hand Comodo BO protection is not hardware based (AFAIK) and thus it might have implementation limits.
Nevertheless it doesn’t look there is much to prevent anyone to have both MS DEP and Comodo BO protection enabled: Exploits that bypass Microsoft DEP are possible and it wouldn’t hurt to have one additional layer of BO defense.
I disabled DEP for both botester32.exe and botester.exe and I got the same result as well:
Despite all test always get a protected result, I don’t always get an alert.
Though if I attempt to run each test more than once I get to see an alert for each of them. ???
Disabling “Detect Shellcode injections (i.e. Buffer overflow protection)” option along with MS DEP had all those test fail with a vulnerable result.
Disabling “Detect Shellcode injections (i.e. Buffer overflow protection)” option without disabling MS DEP had Ret2Libc (X32) fail with a vulnerable result (Heap and stack execution were protected)
OS Windows XP32 32bit SP3 and latest patches
CF 4.0.141842.828
I sometimes get three alerts, sometimes two, and sometimes no alert. :-\
My CPU does not support hardware DEP, and XP lacks ASLR, so Comodo is my only BO protection. Also, DEP is disabled for BO Tester (can be verified with Process Explorer), unless it is enabled for all processes, which is not the default setting in Windows.
I mentioned that step because I usually use “Turn on DEP for all programs and services except those I select” and get both DEP and Comodo BO protection enabled.
Just to amend another omission of mine I guess I’ll have to mention my CPU support also hardware DEP.
In first two tests botester64.exe just crashes, but still it says that system is protected. I guess hardware DEP kicks in, which by the way is set to protect only important programs and Windows’ services. Rel2Libc (x64) is not passed, but I think it’s intended behaviour since it was disabled on purpose for 64-bit operating systems and I think it still is.
Last three test are passed but I get random number of BO alerts from CIS or none at all.
