News

The latest news from Comodo

Comodo Launches Free Diagnostic Tests to Determine Effectiveness of Firewall Desktop Security Solutions

Tests are designed to determine if Anti-Virus, Firewall and other desktop security software are able to protect against buffer overflow attacks - one of the most prevalent threats on the Internet today

JERSEY CITY, N.J., September 19, 2007 - In its continuing commitment to keep users PCs safe from malware, Comodo today announced an important set of free diagnostic tests that will help users understand how vulnerable their computers are to buffer overflow attacks. Buffer overflow attacks can take many forms, including stack attacks, heap attacks and ret2libc attacks. In each case, the goal is to destabilize or crash a computer system by deliberately causing a buffer overflow - creating the opportunity for the hacker to then run malicious code and even gain control of the entire operating system.

Buffer overflow attacks are emerging as one of the Internet's most sinister mechanisms for injecting malware onto a user's computer. New "drive by download" attacks occur when a visitor navigates to a site that injects malware onto the PC, often by exploiting the vulnerability operative in the memory buffer. In fact, according to Secunia.com - a security information resource, 3 of the top 10 most searched threats are related to buffer overflow attacks.

From a technical perspective, there are three variants of buffer overflow attacks that are very prevalent on the Internet today:

  • Stack overflow:
    A stack overflow attack occurs when too much memory is used on the call stack, the limited amount of memory used to run many program functions.

  • Heap Overflow:
    Heap overflow is another type of buffer overflow attack that occurs when the dynamic memory allocation needed by the application is flooded causing a crash.

  • Ret2libc Attacks:
    A return-to-libc attack is an attack usually starting with a buffer overflow, in which the return address on the stack is replaced by the address of another function in the program and the correct portion of the stack is overwritten. This attack is one of the most difficult to detect and, hence to defend against.

Comodo created its free diagnostic tests to help users understand how well prepared they are to defend against these types of attacks. Each test is a small non-destructive program that deliberately attempts to by-pass the current measures of existing security software. Based on the results of these tests, users can then take remedial action including downloading Comodo's free solutions such as its award winning Comodo Firewall Pro and Comodo Memory Guardian, a new solution (now in BETA) effective at stopping 90%+ of buffer overflow attacks in both 32 bit and 64 bit environments.

" Users should be able to test if their security products such as anti-virus and firewall can protect them from a buffer overflow attack, " said Melih Abdulhayoglu, CEO and Chief Security Architect of Comodo." These attacks are now very widespread and are especially harmful for users because drive-by-download attacks extensively utilize the buffer overflow to inject malware to user's machines. With our combination of free solutions, user can stay safe despite these prevalent threats. "

To download these tests, please click here (please note that free registration to the Comodo Forum is required to get these downloads if one is not currently a member). To download our free firewall, please visit personalfirewall.comodo.com . To download the BETA version of Comodo Memory Guardian, please click here .

About Comodo

The Comodo companies provide the infrastructure that is essential in enabling e-merchants, other Internet-connected companies, software companies, and individual consumers to interact and conduct business via the Internet safely and securely. The Comodo companies offer PKI SSL , Code Signing , Content Verification and Email Certificate ; award winning PC Security software; Vulnerability Scanning services for PCI Compliance ; secure e-mail and fax services.

Continual innovation, a core competence in PKI, and a commitment to reversing the growth of Internet-crime distinguish the Comodo companies as vital players in the Internet's ongoing development. Comodo secures and authenticates online transactions and communications for over 200,000 business customers and 3,000,000 users of our desktop security products.

For additional information on Comodo - Creating Trust OnlineĀ® visit Comodo.com

For more information, reporters and analysts may contact:

Comodo
Email: media-relations@comodo.com
Office: +1 (888) 266-6361