Should firewall have protection against Buffer Overflow attacks?

Do you expect this feature from a personal firewall?
Should you expect this from a personal firewall?
do you know any firewall that has that in?

EG: a good chunk of zero days attacks happen due to BO attacks like this one https://forums.comodo.com/index.php/topic,2547.0.html

thanks for your feedback.

Melih

Hi,

Wow I have never really thought of that, it really makes me have a whole different idea on the perspective on being secure. Melih, in my opinion I think Comodo Personal Firewall should protect against BO attacks, think of how much safer you could be! I will research and see if any other personal firewalls “protect” against these kind of attacks.

Justin

As far as I know, there’s no firewall is capable to stop this attack.
…even in the “famous” Linux world.

And if, CPF’s going to have this feature; then we better post that at ZDNet.

“Hello world! Here comes the rock-solid firewall. The SCOmod…oops! CPF!”

It depends, everyone wants to have different levels of protection, some people like combining different functions from different products. The only way to satisfy everyone is the following:

  1. Program in a Modular way, this means that components/ sections can be shutdown and maybe not installed in the first place.(The EXACT opposite to this rule is Windows XP dependance on IE6, as they share .dll’s)

The great thing about modular programming is that users can disable parts they don’t need and also they can disable parts that may be causing problems, making troubleshooting exceptionaly fast.

Please make the HIPS(In future version 2.4), either be availible to disable on the COMODO install at least.

(I hope i have not insulted the intelligence of the COMODO programmers, as this stuff is taught in most programming course/qualification in the first year.)

cheers, rotty

everything we do is modular and optional…including HIPS etc…
don’t worry, you will get a pure firewall with extra capabilities, if you choose to. The choice will always be yours!

Melih

I like the idea of a modular program structure.
This will prevent CPF becomes the awesomely bloated software.

…and Rotty, I think you’ll know when the dev.s become anoyed when you see your CPF’s tray icon change to one of those SComodo bunnies.

As slow as Microsoft is to respond to these zero-day attacks, I think it would be a great idea.

I’m glad to here that COMODO is built on a good base!!

Symantec are even trying to do this more i think.

cheers, rotty

Just don’t push “them” to hard, Melih.
A chain, whip and a tight leather pants sometimes do the work.

*. See marc57’s avatar for more reference. ;D

Sunbelt Kerio Personal Firewall offers buffer overflow protection (in their paid version). Personally, I would like to see this feature in CAVS.

:slight_smile:

Wow! That raise the bar.
I’ve tried Kerio before, but never know that it has this capability.
I must be too ignorant or something…

Thanks for the info, Graham.

This would be a nice feature in Comodo FW!

Lol! I’m sure Bill Gates will install CPF on his personal computer. :stuck_out_tongue:

LOL!
(:LGH)

Well, I’ve checked Wikipedia to see what Buffer Overflow actually means and to be honest, I don’t fully understand the technical details. But don’t call me stupid. :wink:

But if it means that CPF could offer additional protection that might\will (also) cover holes left by others (i.e Windows or IE), then yes please, add it to CPF.

Just to throw in a few words, I was wondering if this wouldn’t be better for the CAV and Firewall together? As a firewall, it would have to prevent the stack\address from being written to, and mostly for poorly written code. Wouldn’t the firewall have to determine each program, some have well written prevention but how can a firewall decide what to prevent unless it integrates into the system and detects the changes not allowing the return to be written to? Or is this more for blocking the HTTP request from the malicious little ■■■■■■ etc…We know application gateway\proxy is safer but not 100% either. If a shell is executed and a new account is created, wouldn’t CPF have to prevent itself\settings from being tampered with? Wouldn’t it change and bypass the firewall if the flow\allowances are changed? With all this in mind, I in my mind, I am thinking the firewall would have to work as two entities, one to prevent the stack corruption and yet prevent itself from being bypassed and stop controlled flow from a malicious attack? would this slow CPF down?

I don’t know that much about buffer overflow as you can tell and may be a bit off, but my mind’s gears are turning so I had to ask or else my brain would burn up. :stuck_out_tongue: And as you know, I don’t explain well so please bare with me. :wink:

Thank you,

Paul

You don’t know much about it??? Dang Paul I wish I knew as “little” about it as you do!!! ;D

loll, I am never sure of what I know to be honest, things change so much in the tech world, what you thought you knew, you no longer know, etc…I know that MS has a patch for the latest exploit on the 10th of October, but as I mentioned, poorly written code is the no.1 bad boy and allowance for BOs. I simply think that if CPF was to try to implement this, it would be a major slowdown to CPF in general. I would think this better left to Anti-virus. For more than one reason. One if CPF uses IDS which I am fairly sure it does, then it already has a fairly good means of protection to BOs. Updating obviously but a specific BO stopper, I don’t know. Some Firewalls do monitor and prevent the BOs from sending out\executing\connecting from the code to wherever it needs to go ,usually to download the initial hurt after hijacking the firewall, ok, with that said, enter Anti-virus, which won’t detect the ins and outs of the malicious code, but when run it will. Now, for both an Anti-virus and Firewall, most will say ONLY ONE can run BO protection , otherwise they will completely clash. This would cause incompatability issues for Comodo as well as other securities and it’s own AV if ever implemented into AV. That’s all i’m trying to say really and as long as CPF monitors in\out, and people run some form of AV, not all can use proxie, loll, but should be left as is unless it can be done without running up resources. But on the other hand, the people at Comodo know a hell of a lot more than I , and will probably fall over in their chairs laughing when they read my thoughts on this, lollll. I am more or less just giving my opinion and if I am wrong, then I have learned something new. Married for 15 years, i’m used to being wrong. :wink: :smiley:

cheers,

Paul