Feeds

Comodo punts buffer overflow protection

BO test smells your pits

3 Big data security analytics techniques

Updated Security firm Comodo, which is best known for its digital certificate business, has released a free diagnostic tool designed to identify buffer overflow flaws. Initially we reckoned Comodo's BO Tester was principally designed to help poach users from other free security products than provide a detailed breakdown of bugs.

This is perhaps a little unfair and what the firm is actually promoting is a free memory protection product. Comodo said no other firm provides a stand-alone buffer overflow protection tool.

"Even our other security products fail this test, and hence there is no-one else who is offering a comparable product in the market place, we couldn't possibly be poaching from anyone. This is an additional layer of security one should use, whether they are using Comodo or Symantec products. There is no, leave your product, use ours. Its simply an additional layer of security one should deploy with whatever product they have," explained Melih Abdulhayoglu, chief exec and chief security architect at Comodo.

The diagnostic tests are touted as a way to determine if anti-virus, firewall and other desktop security software products are able to protect against buffer overflow attacks - one of the most prevalent sources of security bugs.

Comodo's thesis is that users need memory protection on top of what they have, whatever it is.

Buffer overflows occur when a program attempts to store data beyond the boundaries of a fixed-length buffer. Programming errors in this area can be used to either crash programmes or inject hostile code onto vulnerable systems.

Buffer the security slayer

From a technical perspective, there are three variants of buffer overflow attacks, Comodo explains. A stack overflow attack occurs when too much memory is used on the call stack, the limited amount of memory used to run many program functions. Heap overflow is another type of buffer overflow attack that occurs when the dynamic memory allocation needed by the application is exceeded, triggering a crash. Last comes the return-to-libc attack in which the return address on the stack is replaced by the address of another function in the program and the correct portion of the stack is overwritten.

Comodo said its free diagnostic tests to help users "understand how well prepared they are to defend against these types of attacks". Each test is a small non-destructive program that deliberately attempts to by-pass a user's current security software, which sounds like penetration testing for the masses.

Rattling the doors

Downloading the tests requires free registration on Comodo's Forum. We decided to give the technology a spin but were somewhat taken aback when we discovered BO Tester ran all three tests in less than two seconds, concluding that we were vulnerable to all three types of buffer overflow attack. BO Tester doesn't give any details of where the vulnerability might reside.

This lack of information made us suspicious because of an unfortunate resemblance to scare tactics of a type more commonly seen in malware protection scams. Comodo said the tests were designed to be simple and weren't designed to highlight specific buffer overflow bugs in either security products or operating systems.

"The test application, like leak tests for firewalls, checks to see if it can execute a specific attack technique or not. (its like trying different keys in a padlock to see which one opens it)," explained Comodo's Abdulhayoglu.

"The bottom line is this test program tests to see if it can 'execute' an 'executable code' in a specific memory segment (stack/heap) or not. In theory no code should be able to execute in this memory segment," he added.

Comodo said the publication of the tests are part of its "continuing commitment to keep users PCs safe from malware" but its worth noting that its suggested remedial actions for identified problems include prompting users to try its free consumer security products.

The firm has developed a range of desktop security products (e.g. Comodo AntiVirus, Comodo AntiSpam) that are available to consumers at no charge. The latest of these products is Comodo Memory Guardian (currently in beta), which Comodo claims is "effective at stopping 90 per cent plus of buffer overflow attacks" in both 32 bit and 64 bit environments. ®

3 Big data security analytics techniques

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.