Comodo Memory Firewall(原CMG) 是一个缓冲区出溢出保护工具 (buffer overflow detecion and prevention tool) .为INTERNET上最常见和最严重的攻击行为BO(缓冲区溢出)提供了强有力的保护.
新的版本使用了与Comodo Firewall V3 相同的界面,为系统管理员增加更多的设置选项。
Comodo Memory Firewall is a buffer overflow detection and prevention tool which provides the ultimate defense against one of the most serious and common attack types on the Internet – the buffer overflow attack.
Comodo Memory Firewall protects against data theft, computer crashes and system damage by preventing most types of buffer overflow attacks. This type of attack occurs when a malicious program or script deliberately sends more data to its memory buffer than the buffer can handle. It is at this point that a successful attack can create a back door to the system though which a hacker can gain access. The goal of most attacks is to install malware onto the compromised PC whereby the hacker can reformat the hard drive, steal sensitive user information, or even install programs that transform the machine into a Zombie PC.
The product is aimed for system administrators as well as desktop users to protect their systems and detects suspicious code executions in the stack or the heap portions of the memory.
Comodo Memory Guardian detects the following types of attack:
Detection of Buffer Overflows which occur in the STACK memory,
Detection of Buffer Overflows which occur in the HEAP memory,
Detection of ret2libc attacks,
Detection of corrupted/bad SEH Chains
What is a Buffer Overflow attack – The Technical Description?
In computer security and programming, a buffer overflow, or buffer overrun, is a programming error which may result in a memory access exception and program termination, or in the event of the user being malicious, a possible breach of system security.
A buffer overflow is an anomalous condition where a process attempts to store data beyond the boundaries of a fixed-length buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include other buffers, variables and program flow data and may cause a process to crash or produce incorrect results. They can be triggered by inputs specifically designed to execute malicious code or to make the program operate in an unintended way. As such, buffer overflows cause many software vulnerabilities and form the basis of manys exploits. Sufficient bounds checking by either the programmer or the compiler can prevent buffer overflows."
[ 本帖最后由 ubuntu 于 2007-12-13 00:22 编辑 ] |
发表于 2007-12-13 00:15:39
发表于 2007-12-13 00:22:40
楼主