Giới thiệu Comodo Memory Firewall
Comodo Memory Firewall is a buffer overflow detection and prevention tool which provides the ultimate defence against one of the most serious and common attack types on the Internet – the buffer overflow attack.
Comodo Memory Firewall protects against data theft, computer crashes and system damage by preventing most types of buffer overflow attacks. This type of attack occurs when a malicious program or script deliberately sends more data to its memory buffer than the buffer can handle. It is at this point that a successful attack can create a back door to the system though which a hacker can gain access. The goal of most attacks is to install malware onto the compromised PC whereby the hacker can reformat the hard drive, steal sensitive user information, or even install programs that transform the machine into a Zombie PC.
The product is aimed for system administrators as well as desktop users to protect their systems and detects suspicious code executions in the stack or the heap portions of the memory.
Comodo Memory Firewall detects the following types of attack:
- Detection of Buffer Overflows which occur in the STACK memory,
- Detection of Buffer Overflows which occur in the HEAP memory,
- Detection of ret2libc attacks,
- Detection of corrupted/bad SEH Chains
What is a Buffer Overflow attack – The Technical Description?
In computer security and programming, a buffer overflow, or buffer overrun, is a programming error which may result in a memory access exception and program termination, or in the event of the user being malicious, a possible breach of system security.
A buffer overflow is an anomalous condition where a process attempts to store data beyond the boundaries of a fixed-length buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include other buffers, variables and program flow data and may cause a process to crash or produce incorrect results. They can be triggered by inputs specifically designed to execute malicious code or to make the program operate in an unintended way. As such, buffer overflows cause many software vulnerabilities and form the basis of many exploits. Sufficient bounds checking by either the programmer or the compiler can prevent buffer overflows.