Feeds

Comodo punts buffer overflow protection

BO test smells your pits

Securing Web Applications Made Simple and Scalable

Updated Security firm Comodo, which is best known for its digital certificate business, has released a free diagnostic tool designed to identify buffer overflow flaws. Initially we reckoned Comodo's BO Tester was principally designed to help poach users from other free security products than provide a detailed breakdown of bugs.

This is perhaps a little unfair and what the firm is actually promoting is a free memory protection product. Comodo said no other firm provides a stand-alone buffer overflow protection tool.

"Even our other security products fail this test, and hence there is no-one else who is offering a comparable product in the market place, we couldn't possibly be poaching from anyone. This is an additional layer of security one should use, whether they are using Comodo or Symantec products. There is no, leave your product, use ours. Its simply an additional layer of security one should deploy with whatever product they have," explained Melih Abdulhayoglu, chief exec and chief security architect at Comodo.

The diagnostic tests are touted as a way to determine if anti-virus, firewall and other desktop security software products are able to protect against buffer overflow attacks - one of the most prevalent sources of security bugs.

Comodo's thesis is that users need memory protection on top of what they have, whatever it is.

Buffer overflows occur when a program attempts to store data beyond the boundaries of a fixed-length buffer. Programming errors in this area can be used to either crash programmes or inject hostile code onto vulnerable systems.

Buffer the security slayer

From a technical perspective, there are three variants of buffer overflow attacks, Comodo explains. A stack overflow attack occurs when too much memory is used on the call stack, the limited amount of memory used to run many program functions. Heap overflow is another type of buffer overflow attack that occurs when the dynamic memory allocation needed by the application is exceeded, triggering a crash. Last comes the return-to-libc attack in which the return address on the stack is replaced by the address of another function in the program and the correct portion of the stack is overwritten.

Comodo said its free diagnostic tests to help users "understand how well prepared they are to defend against these types of attacks". Each test is a small non-destructive program that deliberately attempts to by-pass a user's current security software, which sounds like penetration testing for the masses.

Rattling the doors

Downloading the tests requires free registration on Comodo's Forum. We decided to give the technology a spin but were somewhat taken aback when we discovered BO Tester ran all three tests in less than two seconds, concluding that we were vulnerable to all three types of buffer overflow attack. BO Tester doesn't give any details of where the vulnerability might reside.

This lack of information made us suspicious because of an unfortunate resemblance to scare tactics of a type more commonly seen in malware protection scams. Comodo said the tests were designed to be simple and weren't designed to highlight specific buffer overflow bugs in either security products or operating systems.

"The test application, like leak tests for firewalls, checks to see if it can execute a specific attack technique or not. (its like trying different keys in a padlock to see which one opens it)," explained Comodo's Abdulhayoglu.

"The bottom line is this test program tests to see if it can 'execute' an 'executable code' in a specific memory segment (stack/heap) or not. In theory no code should be able to execute in this memory segment," he added.

Comodo said the publication of the tests are part of its "continuing commitment to keep users PCs safe from malware" but its worth noting that its suggested remedial actions for identified problems include prompting users to try its free consumer security products.

The firm has developed a range of desktop security products (e.g. Comodo AntiVirus, Comodo AntiSpam) that are available to consumers at no charge. The latest of these products is Comodo Memory Guardian (currently in beta), which Comodo claims is "effective at stopping 90 per cent plus of buffer overflow attacks" in both 32 bit and 64 bit environments. ®

Mobile application security vulnerability report

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you on YouPorn lately, perhaps? White House website?
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
British data cops: We need greater powers and more money
You want data butt kicking, we need bigger boots - ICO
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.