I was reading the article Vulnerability (computing) on Wikipedia and it shows a big list of ways to exploit software bugs and I was wondering if CIS can prevent all those types of attacks, or whether if only a buffer overflow is within it’s radar.
Always keep your software updated, don’t give it more privileges than needed… Disable services you don’t need/use…
Then you got a long way in fighting “software vulnerabilities…” =) as for software crashes and stuff like that CIS will usually not prevent it… but its no harm done if for instance your browser crashes. If a vulnerability is used to put shit in your comp and to do harm then D+ will pop. But make sure you apply all windows updates as well… And no need to have 20 apps starting usually the less programs the less holes… =)
Also I suggest having the firewall to “high”… and for those apps that only need one port and so just let them use one port… Anyway don’t get too paranoid… xO
=)
What in case of a buffer overflow? From what I understand, it is supposed to prevent it, right? About the payload(poo), shouldn’t blocking all my internet facing applications from running an executable most like thwart the threat?
I am not paranoid, but find/believe protection for such types for attacks is pretty crucial. I do make sure that all my softwares are up-to-date, but if Comodo can provide defense for these attacks, my job would become more easier.
Of course, but it would also destroy usability of those applications as well (such as downloading updates for whatever program you’re using). Some programs call other executable files which are legit and required by the program. How is Comodo suppose to separate good or bad exe’s (assuming they are not a virus)?
You’re still far better off limiting the programs privileges and restricting what it can and cannot do.
True, but you can minimize the inconvenience by applying execution-restriction to only those applications which don’t require frequent updating or those which don’t run other executables for functioning; P2Ps?
Although it won’t provide complete protection, since other applications remain open for takeover.
Can vulnerable applications be compromised and be used to tamper with the registry and system resources?
It’s not that easy.
First, it’s impossible for Comodo to track which programs need this functionality and which do not (so the user would make this decision).
Second, the majority of applications use multiple exe’s that make up the program (not just for updating). CIS alone has around 10 different exe’s associated with it which can be called on at different times throughout the use of the program.
Third, (the part you seem to be concerned with) would only be relevant when the program has internet access. Which programs need internet access? Web browser, email client, misc security apps, and P2P apps. The rest usually only need access for updating, help files, and misc extra features. A program like Word 2003 has a large number of vulnerabilities associated with it, but it doesn’t need access to the internet. Block it’s internet access and it’s risk drops to nearly 0%.
The programs that obviously need internet access, you restrict. D+ allows you to block the program from altering the registry, memory, critical files, etc. One setting you might be interested in is “Run an executable”, which sounds like what you might be looking for. By default it prompts the user to allow the program to use an exe… you can set it to block, although that won’t make you any safer (you just wont get a popup and the program will most likely freeze and crash if it’s a required exe).
Let me give you a real world example.
If there is a program called ‘metal’ which has a Vulnerability in you PC, CIS can’t prevent hacking.
Why?
Because ‘metal’ is one of your favorite software which is trusted software by CIS.
If ‘metal’ looks around your folders and files, CIS does nothing because ‘metal’ is a trusted software.
If ‘metal’ does delete, modify, copy etc, CIS does nothing because ‘metal’ is a trusted software.
If ‘metal’ sends your files to the hacker, also CIS does nothing.
That’s why Vulnerability is very dangerous.