Lets see if your security products (AV, firewall or other) protect you from a Buffer Overflow (BO) attack, which is one of the most common form of attacks for users. Especially Drive-by-Download attacks extensively utilise BO to inject malware to users’s machines.
COMODO BO Tester is a testing utility which checks whether your system is vulnerable to buffer overflow attacks or not.
COMODO Memory Guardian protects your applications against these attacks in both 32 bit and 64 bit environments.
It includes 3 separate tests each of which tries to exploit a different type of attack technique.
Tests the protection against stack overflows i.e. code execution in the stack
Tests the protection against heap overlows i.e. code execution in the heap
Tests the protection against ret2libc attacks i.e. one of the most difficult to detect BO attacks.
If your host (PC/Machine) is protected, the utility will report the status “Protected”
ortherwise it will report “Vulnerable”
I have installed the Comodo Memory Guardian, and it told me all three tests are protected, but I’m just wondering if I should be seeing any activity to know that this is working? Since I installed it, it just sits in my tray. Does it need to get updated? Just curious.
Thank you for the great products, I appreciate the time and expense that your company puts into deveopments for people like me who have no clue! (V)
If HIPS warns about a file attempting to do something and then is able to stop that file’s action then surely this is a form of protection. Merely a different type or ‘added layer’ of protection.
I know the HIPS in CAVS at present will not prevent some files from acting (though I believe CFP beta is better), as I have discovered with a few nasties, however it is reassuring that it can stop some files. All part of Melih’s concept of layered protection - what one layer misses another catches. ;D
i have CAVS 22.214.171.124, CFP 2.4, CBOclean, & CMG. i disabled CMG and tried the tester, i failed all of the tests, (HIPS warning showed up though).
is it normal?
so AV & firewall can’t protect our computer from BO attack at all?
EDIT : i’m talking about CMG and not the tester which works fine, I’m in the wrong post.
Seems interesting. However, what is the overhead caused by CMG ? I mean, it must check every memory access for every application constantly ? Doesn’t it slow down the system ?
Also, I’m on Vista x64 and wanted to give it a try, but it cannot install as apparently one file is not signed.
Yes, in vista64 unsigned drivers are not allowed. CMG’s driver will be signed for release ofcourse, anyway you can test it by pressin’ F8 during boot (as you’re doin’ to enter safe mode), there’s a boot variant to disable drivers’ sign checking.
It’s kind of fun to see issues about some comodo drivers not signed, when comodo live by and for things such as digital signature / certificate.
This place comodo freeware in a nice position as i imagine very few 100% free software (no ads, nothing) can support the cost of such digital certificate by certified roots
Maybe this could lead Comodo to some support free software(/security) initiative to help some choosen freeware in exchange of some comodo visibility. But i guess we have to wait for more spread 64 bit computing before we can see things such as these.
I have updated to v. 126.96.36.199 and noted that when run for the first time it brings up the CMG test program.
Is this incorporated into the new version, or does it just call the test program if already installed? Just curious.