Feeds

Comodo punts buffer overflow protection

BO test smells your pits

Security for virtualized datacentres

Updated Security firm Comodo, which is best known for its digital certificate business, has released a free diagnostic tool designed to identify buffer overflow flaws. Initially we reckoned Comodo's BO Tester was principally designed to help poach users from other free security products than provide a detailed breakdown of bugs.

This is perhaps a little unfair and what the firm is actually promoting is a free memory protection product. Comodo said no other firm provides a stand-alone buffer overflow protection tool.

"Even our other security products fail this test, and hence there is no-one else who is offering a comparable product in the market place, we couldn't possibly be poaching from anyone. This is an additional layer of security one should use, whether they are using Comodo or Symantec products. There is no, leave your product, use ours. Its simply an additional layer of security one should deploy with whatever product they have," explained Melih Abdulhayoglu, chief exec and chief security architect at Comodo.

The diagnostic tests are touted as a way to determine if anti-virus, firewall and other desktop security software products are able to protect against buffer overflow attacks - one of the most prevalent sources of security bugs.

Comodo's thesis is that users need memory protection on top of what they have, whatever it is.

Buffer overflows occur when a program attempts to store data beyond the boundaries of a fixed-length buffer. Programming errors in this area can be used to either crash programmes or inject hostile code onto vulnerable systems.

Buffer the security slayer

From a technical perspective, there are three variants of buffer overflow attacks, Comodo explains. A stack overflow attack occurs when too much memory is used on the call stack, the limited amount of memory used to run many program functions. Heap overflow is another type of buffer overflow attack that occurs when the dynamic memory allocation needed by the application is exceeded, triggering a crash. Last comes the return-to-libc attack in which the return address on the stack is replaced by the address of another function in the program and the correct portion of the stack is overwritten.

Comodo said its free diagnostic tests to help users "understand how well prepared they are to defend against these types of attacks". Each test is a small non-destructive program that deliberately attempts to by-pass a user's current security software, which sounds like penetration testing for the masses.

Rattling the doors

Downloading the tests requires free registration on Comodo's Forum. We decided to give the technology a spin but were somewhat taken aback when we discovered BO Tester ran all three tests in less than two seconds, concluding that we were vulnerable to all three types of buffer overflow attack. BO Tester doesn't give any details of where the vulnerability might reside.

This lack of information made us suspicious because of an unfortunate resemblance to scare tactics of a type more commonly seen in malware protection scams. Comodo said the tests were designed to be simple and weren't designed to highlight specific buffer overflow bugs in either security products or operating systems.

"The test application, like leak tests for firewalls, checks to see if it can execute a specific attack technique or not. (its like trying different keys in a padlock to see which one opens it)," explained Comodo's Abdulhayoglu.

"The bottom line is this test program tests to see if it can 'execute' an 'executable code' in a specific memory segment (stack/heap) or not. In theory no code should be able to execute in this memory segment," he added.

Comodo said the publication of the tests are part of its "continuing commitment to keep users PCs safe from malware" but its worth noting that its suggested remedial actions for identified problems include prompting users to try its free consumer security products.

The firm has developed a range of desktop security products (e.g. Comodo AntiVirus, Comodo AntiSpam) that are available to consumers at no charge. The latest of these products is Comodo Memory Guardian (currently in beta), which Comodo claims is "effective at stopping 90 per cent plus of buffer overflow attacks" in both 32 bit and 64 bit environments. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
FBI boss: We don't want a backdoor, we want the front door to phones
Claims it's what the Founding Fathers would have wanted – catching killers and pedos
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.