Feeds

Comodo punts buffer overflow protection

BO test smells your pits

Protecting against web application threats using SSL

Updated Security firm Comodo, which is best known for its digital certificate business, has released a free diagnostic tool designed to identify buffer overflow flaws. Initially we reckoned Comodo's BO Tester was principally designed to help poach users from other free security products than provide a detailed breakdown of bugs.

This is perhaps a little unfair and what the firm is actually promoting is a free memory protection product. Comodo said no other firm provides a stand-alone buffer overflow protection tool.

"Even our other security products fail this test, and hence there is no-one else who is offering a comparable product in the market place, we couldn't possibly be poaching from anyone. This is an additional layer of security one should use, whether they are using Comodo or Symantec products. There is no, leave your product, use ours. Its simply an additional layer of security one should deploy with whatever product they have," explained Melih Abdulhayoglu, chief exec and chief security architect at Comodo.

The diagnostic tests are touted as a way to determine if anti-virus, firewall and other desktop security software products are able to protect against buffer overflow attacks - one of the most prevalent sources of security bugs.

Comodo's thesis is that users need memory protection on top of what they have, whatever it is.

Buffer overflows occur when a program attempts to store data beyond the boundaries of a fixed-length buffer. Programming errors in this area can be used to either crash programmes or inject hostile code onto vulnerable systems.

Buffer the security slayer

From a technical perspective, there are three variants of buffer overflow attacks, Comodo explains. A stack overflow attack occurs when too much memory is used on the call stack, the limited amount of memory used to run many program functions. Heap overflow is another type of buffer overflow attack that occurs when the dynamic memory allocation needed by the application is exceeded, triggering a crash. Last comes the return-to-libc attack in which the return address on the stack is replaced by the address of another function in the program and the correct portion of the stack is overwritten.

Comodo said its free diagnostic tests to help users "understand how well prepared they are to defend against these types of attacks". Each test is a small non-destructive program that deliberately attempts to by-pass a user's current security software, which sounds like penetration testing for the masses.

Rattling the doors

Downloading the tests requires free registration on Comodo's Forum. We decided to give the technology a spin but were somewhat taken aback when we discovered BO Tester ran all three tests in less than two seconds, concluding that we were vulnerable to all three types of buffer overflow attack. BO Tester doesn't give any details of where the vulnerability might reside.

This lack of information made us suspicious because of an unfortunate resemblance to scare tactics of a type more commonly seen in malware protection scams. Comodo said the tests were designed to be simple and weren't designed to highlight specific buffer overflow bugs in either security products or operating systems.

"The test application, like leak tests for firewalls, checks to see if it can execute a specific attack technique or not. (its like trying different keys in a padlock to see which one opens it)," explained Comodo's Abdulhayoglu.

"The bottom line is this test program tests to see if it can 'execute' an 'executable code' in a specific memory segment (stack/heap) or not. In theory no code should be able to execute in this memory segment," he added.

Comodo said the publication of the tests are part of its "continuing commitment to keep users PCs safe from malware" but its worth noting that its suggested remedial actions for identified problems include prompting users to try its free consumer security products.

The firm has developed a range of desktop security products (e.g. Comodo AntiVirus, Comodo AntiSpam) that are available to consumers at no charge. The latest of these products is Comodo Memory Guardian (currently in beta), which Comodo claims is "effective at stopping 90 per cent plus of buffer overflow attacks" in both 32 bit and 64 bit environments. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.