The reality is: No single browser can guarantee no vulnerability, so instead of ping ponging users from one browser to other and thinking that browsers should and can offer security, lets accept that these vulnerabilities are bound to happen and protect ourselves with proper security products like CIS!
AVs are totally useless against these type of attacks as we have seen, but Prevention based products like CIS (especially our Memory firewall/Safesurf) stops these attacks on their tracks!
Just like not every human being is not expert at defending themselves, not every application can protect themeselves! They need to be protected! That’s where the power of “prevention based protection” comes in to play like CIS.
So IE users, just enable Memory firewall and surf in safety!
I have attached a screenshot our safesurf preventing this nasty on its track!
Nice, but it would have been even nicer if the AV would have picked up something as well. With a threat that was big enough for Microsoft to release an unscheduled patch\update, that would have been reassuring “news” about the weakest link of the CIS package. http://news.bbc.co.uk/2/hi/technology/7788687.stm
And apparently it’s not impossible:“We have conducted tests in a controlled environment and found that exploits are consistently stopped by Sophos Anti-Virus using detection Exp/Datbi-A, Mal/JsShell-B or Mal/JShell-E.” http://www.sophos.com/support/knowledgebase/article/50389.html
I think the point is missed that it is stopped by Safe Surf before the
payload gets a chance to be delivered.
Which would be when an AV may or may not see it.
(B)
SophosLabs testing result: Sophos Anti-Virus includes a buffer overflow protection module which generically prevents exploits attempting to exploit this vulnerability.
Either way, Comodo also prevents this using it’s own buffer overflow. And so does Sophos, But how do you know other Vendors might not “detect” and Sophos is the only one to detect it?
Your quote from the Sophos blog is beside the point. I know they have some sort of HIPS and suggest enabling it. But as you can see their AV picked up the problem as well. Melih did not say a word about the AV component of CIS, which is a shame knowing the severity of the problem.
Unless this applies to CIS, of course:“AVs are totally useless against these type of attacks as we have seen”.
What was it again? Prevention, Detection, Cure, I believe.
This specific vulnerability is trapped by MS-DEP (if enabled) or Comodo BO protection engine (which extends DEP and includes ret2libc protection).
Anyway regardless of any additional protection and/or mitigating factors I hope that many IE users will restrict Internet Explorer usage only on Microsoft owned sites.
Internet explorer is still the most targeted browser and its usually better compatibility it is not really due to a superior and efficient design but to its legacy support to MS non standard implementation that due to IE marketshare and MS bundling policies, encouraged many web-designer to overlook standard compliance.
As for antivirus detection, even though it would be possible to detect specific versions of the same exploit there are actually many ways to prevent AV detection in first place.
Prevention, whereas software and/or user enforced, would still provide a more effective security.
That’s great Melih, however I am not interested in installing Safe surf tool bar. Hopefully when CMF is integrated into CIS, we won’t have to install safesurf toolbar to have it active.
X
PS I am using FF but it still has other Bufer overflow vulnerabilites, as do some other programs that have access to the internet that are not protected by safe surf.
If you ask my opinion, Crackers will soon find anothet hole in IE that is most likely included in previous versions also. But as long we have Comodo up and running, we can be worry free, since the crackers are most likely to use some “old” malware once the code to succesfully use the hole for own gains is released to internet and sold to someone who will spread it. The only thing we should worry about, are the professional Crackers that will create a new, very nasty piece of malware once they find the new security issue. But since they would probably use same kind of buffer owerflow attacks like todays malware use, would Safe surf and CMF prevent them from doing any major harm to our computers.
And a question that has no relations to this subject, but i jsut must ask it. Is Comodo going to expand CIS or atleast CFP to Mac and Linux? I bet a huge amount of people using Linux and Mac operating systems would become extremely happy. Especially now, that attacks against Mac are increasing since it is gaining even more powerfull position on markets than it had few years ago.
Hey xiuhcoatl and anyone else that is misunderstanding Safe Surf.
Safe Surf protects against all applications buffer overflow.
It is not tied to the browser.
The whole toolbar thing was a marketing decision that has caused a lot
of confusion.
If you don’t want the toolbar Uninstall it. It has a separate uninstaller in
windows add remove programs list.
For the few seconds it takes to remove the toolbar, getting Safe Surf
is so very worth it.
As evidenced by this recent exploit, and your own words re: the
potential for other internet facing apps to become attack vectors.
I dislike tool bars as much as anyone, but for the minuscule effort of
removing it to get some great FREE software you won’t find me
whining about it.
You see with a BO attack, there simply is no point in having an AV trying to play the catch up with ever changing payloads. Simply prevent the BO attack in the first place, eg: remove the vulnerability that causes a payload to be injected in the first place.
Why not release SafeSurf as a plug-in instead of tied into a toolbar (especially one that I won’t install for anything no matter how good the app may be)?
While I agree with you, you still can install SafeSurf. You just have to uninstall Ask.com toolbard afterwards. But, would be great to see Comodo ditch the Ask.com toolbar. I would rather donate to Comodo than to use the toolbar to help them out.
Thanks B. Frogger
I did not know that. I will probably try it again. I installed the toolbar once and uninstalled it, but I had since Reformated and was using the old version CMF.
I will assume that I need to uninstall CMF prior to installing safesurf.
Nah I meant you no malice.
I could see that you misunderstood.
I too live in a bizzarro dream world induced by some of the finest
military brainwashing money can buy.
If and when I attack, I leave little to doubt.
Strange…I feel the urge to have a nice big chunk o cheddar.
Damn mind controlling subliminal messages.
Later
PS: “I will assume that I need to uninstall CMF prior to installing safesurf” I would guess yes.
