Comodo Launches Memory Firewall
Dark Reading reports that Comodo, an security interest group / company has developed and released a memory firewall, purported to block 90% of all buffer overflow attacks, as well as several other common attack vehicles. Comodo also markets several products, including the standard suite of anti-virus, network firewall, and anti-malware, as well as consulting and network monitoring services.
The prospect of a ‘firewall’ that a user can run to prevent attacks on various types of buffer overflow attacks is really quite exciting. Presumably working by blocking execution of code in invalid memory regions (namely the stack or the heap), it holds the potential to be an excellent preventative measure for anyone concerned about the security of their applications.
While the product is just out of beta, and information and reviews hard to find, such an application brings to light some interesting issues regarding performance, security, and trust. In order to detect attempted illegal execution locations in an arbitrary virtual memory space, the firewall would likely need to be run with elevated permissions. In addition, peeking into foreign virtual memory spaces will have some performance impact, however small, which may or may not be a significant impact to performance-critical applications.
Using the application while aware of both, or either of these issues implies a fair amount of trust in Comodo as a company. From their website, they are involved in many facets of the security world, not just developing secure applications. They disclose a fair number of partners, as well as a research program, and offer ‘services’ in both research and cryptographic expertise. While probably most of this information is completely benign, it nonetheless opens potential avenues for vulnerabilities to manifest in a company that provides you with a program to be run at elevated permissions.