Feeds

Comodo punts buffer overflow protection

BO test smells your pits

Top three mobile application threats

Updated Security firm Comodo, which is best known for its digital certificate business, has released a free diagnostic tool designed to identify buffer overflow flaws. Initially we reckoned Comodo's BO Tester was principally designed to help poach users from other free security products than provide a detailed breakdown of bugs.

This is perhaps a little unfair and what the firm is actually promoting is a free memory protection product. Comodo said no other firm provides a stand-alone buffer overflow protection tool.

"Even our other security products fail this test, and hence there is no-one else who is offering a comparable product in the market place, we couldn't possibly be poaching from anyone. This is an additional layer of security one should use, whether they are using Comodo or Symantec products. There is no, leave your product, use ours. Its simply an additional layer of security one should deploy with whatever product they have," explained Melih Abdulhayoglu, chief exec and chief security architect at Comodo.

The diagnostic tests are touted as a way to determine if anti-virus, firewall and other desktop security software products are able to protect against buffer overflow attacks - one of the most prevalent sources of security bugs.

Comodo's thesis is that users need memory protection on top of what they have, whatever it is.

Buffer overflows occur when a program attempts to store data beyond the boundaries of a fixed-length buffer. Programming errors in this area can be used to either crash programmes or inject hostile code onto vulnerable systems.

Buffer the security slayer

From a technical perspective, there are three variants of buffer overflow attacks, Comodo explains. A stack overflow attack occurs when too much memory is used on the call stack, the limited amount of memory used to run many program functions. Heap overflow is another type of buffer overflow attack that occurs when the dynamic memory allocation needed by the application is exceeded, triggering a crash. Last comes the return-to-libc attack in which the return address on the stack is replaced by the address of another function in the program and the correct portion of the stack is overwritten.

Comodo said its free diagnostic tests to help users "understand how well prepared they are to defend against these types of attacks". Each test is a small non-destructive program that deliberately attempts to by-pass a user's current security software, which sounds like penetration testing for the masses.

Rattling the doors

Downloading the tests requires free registration on Comodo's Forum. We decided to give the technology a spin but were somewhat taken aback when we discovered BO Tester ran all three tests in less than two seconds, concluding that we were vulnerable to all three types of buffer overflow attack. BO Tester doesn't give any details of where the vulnerability might reside.

This lack of information made us suspicious because of an unfortunate resemblance to scare tactics of a type more commonly seen in malware protection scams. Comodo said the tests were designed to be simple and weren't designed to highlight specific buffer overflow bugs in either security products or operating systems.

"The test application, like leak tests for firewalls, checks to see if it can execute a specific attack technique or not. (its like trying different keys in a padlock to see which one opens it)," explained Comodo's Abdulhayoglu.

"The bottom line is this test program tests to see if it can 'execute' an 'executable code' in a specific memory segment (stack/heap) or not. In theory no code should be able to execute in this memory segment," he added.

Comodo said the publication of the tests are part of its "continuing commitment to keep users PCs safe from malware" but its worth noting that its suggested remedial actions for identified problems include prompting users to try its free consumer security products.

The firm has developed a range of desktop security products (e.g. Comodo AntiVirus, Comodo AntiSpam) that are available to consumers at no charge. The latest of these products is Comodo Memory Guardian (currently in beta), which Comodo claims is "effective at stopping 90 per cent plus of buffer overflow attacks" in both 32 bit and 64 bit environments. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
Burnt out on patches this month? Oracle's got 104 MORE fixes for you
Mass patch for issues across its software catalog
Reddit users discover iOS malware threat
'Unflod Baby Panda' looks to snatch Apple IDs
Oracle working on at least 13 Heartbleed fixes
Big Red's cloud is safe and Oracle Linux 6 has been patched, but Java has some issues
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.