Comodo 再出精品：缓冲区溢出保护 Comodo Memory Guardian Beta v1.0.1.5

ubuntu

Comodo 刚推出的免费、面向个人用户的缓冲区溢出 (Buffer overflow Protection) 保护工具 : Comodo Memory Guardian Beta v1

主要特性：
检测 Stack Overflow
检测 Heap Overflaw
检测 ret2libc 攻击
完全 的 32/64 bit 支持 (Windows 2000 SP5/XP SP2/Vista)

目前，还在 Beta测试阶段，一般用户慎用。正式版发布以后，待时机成熟，BO 保护 将整合至 Comodo V3 Firewall 。

主界面：
添加程序、移除程序、查看日志；可以通过双击来修改程序的默认行为 ： Allow/Kill



检测到攻击的提示窗口，采用 CMG 自带的测试工具：
Save answer for this application 会生成规则，Kill 将结束程序。



单击 click here 会显示攻击信息：



日志：

1. [31-07-2007 07:51:21 AM]
   
2. process: C:\Program Files\Comodo Memory Guardian\test32.exe
   
3. attack type: buffer overflow
   
4. address: 0x0006FFBD
   
5. memory type: stack
   
6. action: kill

复制代码

资源占用 ：不占 CPU，内存 7M-8M



[ 本帖最后由 ubuntu 于 2007-8-24 08:17 编辑 ]

ubuntu

Melih Comodo's Hero Administrator Comodo's Hero Offline Posts: 2762

Comodo Memory Guardian Beta v1 ( Buffer overflow Protection) « on: Today at 12:39:04 AM » Comodo Memory Gurdian is a buffer overflow detecion and protection tool which provides the ultimate defense against one of the most serious and common attack types on the Internet. What is a Buffer Overflow attack? ------------------------------------- ...excerpt from http://en.wikipedia.org/wiki/Buffer_overflow " In computer security and programming, a buffer overflow, or buffer overrun, is a programming error which may result in a memory access exception and program termination, or in the event of the user being malicious, a possible breach of system security. A buffer overflow is an anomalous condition where a process attempts to store data beyond the boundaries of a fixed-length buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include other buffers, variables and program flow data and may cause a process to crash or produce incorrect results. They can be triggered by inputs specifically designed to execute malicious code or to make the program operate in an unintended way. As such, buffer overflows cause many software vulnerabilities and form the basis of many exploits. Sufficient bounds checking by either the programmer or the compiler can prevent buffer overflows." Features : * Detection of Buffer Overflows which occur in the STACK memory, * Detection of Buffer Overflows which occur in the HEAP memory, * Detection of ret2libc attacks, * Full 32 bit and 64 bit Support, Important Note : This is a BETA product and is intended only for the users who would like to test the product and provide us some feedback. It may contain major bugs which may cause your system to be unstable or cause permanent data loss. Please do not instal this software into a production machine or distribute it. You may download it from the following locations : For Windows 2000 SP5 /XP SP2(32 Bit), http://download.comodo.com/cpf/download/setups/beta/cmg32_install.exe For Windows Vista(32 Bit) http://download.comodo.com/cpf/download/setups/beta/cmg32vista_install.exe For XP (64 Bit - X64) http://download.comodo.com/cpf/download/setups/beta/cmg64_install.exe For Windows Vista(64 Bit - X64) http://download.comodo.com/cpf/download/setups/beta/cmg64vista_install.exe Please go ahead and give us your feedback. thank you Melih

Melih Comodo's Hero Administrator Comodo's Hero Offline Posts: 2863

Comodo Memory Guardian Beta v1.0.1.5 (download here) « on: Today at 12:48:13 AM » Hi Everyone Here is CMG v1.0.1.5 with all reported bugs fixed! Vista x32 http://download.comodo.com/cpf/download/setups/beta/CMG_Setup_1.0.1.5_Vista_x32_BETA.exe (Size 399 KB (408,688 bytes)) Vista x64 http://download.comodo.com/cpf/download/setups/beta/CMG_Setup_1.0.1.5_Vista_x64_BETA.exe (Size: 442 KB (452,712 bytes)) XP x64 http://download.comodo.com/cpf/download/setups/beta/CMG_Setup_1.0.1.5_XP_x64_BETA.exe (Size: 442 KB (452,976 bytes)) XP x32 http://download.comodo.com/cpf/download/setups/beta/CMG_Setup_1.0.1.5_XPSP2_2KSP5_x32_BETA.exe (Size: 399 KB (409,192 bytes)) Please go ahead and give us your feedback and bug reports (on the report bugs section). thank you

[ 本帖最后由 ubuntu 于 2007-8-24 08:18 编辑 ]

ubuntu

The protection against termination will be provided by CFP v3. There was no point in writing the same code in 2 different products. This product is a natural fit for CFP v3. However we are releasing it on its own to first get it to a mature level, then we will include it in CFP v3 as well as making it available (most likely) on its own as well. So the tests we would like to see would be: Any kind of BO attacks to see if CMG can stop them or not.
Thank you.
Melih

BO 保护未来会整合到 CFP V3.

aquahouse

越来越期待v3beta版了

不知道会不会跟mcafee起冲突

ubuntu

原帖由 paola 于 2007-7-31 11:54 发表
不知道会不会跟mcafee起冲突

关掉 咖啡的 缓冲区保护试试，CMG 功能更强。

siman.yu

期待整合的新V3

gaige

V3给人很大的向往力。

jlennon

等待V3,3ks无版图

tizeeme

comodo想一统江湖么……这么搞下去，其它的可没得混了。