Released on: September 19, 2007, 9:44 am

Press Release Author: Comodo Group

Industry: Software

Press Release Summary: Tests are designed to determine if Anti-Virus, Firewall and
other desktop security software are able to protect against buffer overflow attacks
- one of the most prevalent threats on the Internet today

Press Release Body: JERSEY CITY, N.J., September 19, 2007 - In its continuing
commitment to keep users PCs safe from malware, Comodo today announced an important
set of free diagnostic tests that will help users understand how vulnerable their
computers are to buffer overflow attacks. Buffer overflow attacks can take many
forms, including stack attacks, heap attacks and ret2libc attacks. In each case, the
goal is to destabilize or crash a computer system by deliberately causing a buffer
overflow - creating the opportunity for the hacker to then run malicious code and
even gain control of the entire operating system.

Buffer overflow attacks are emerging as one of the Internet\'s most sinister
mechanisms for injecting malware onto a user\'s computer. New \"drive by download\"
attacks occur when a visitor navigates to a site that injects malware onto the PC,
often by exploiting the vulnerability operative in the memory buffer. In fact,
according to Secunia.com - a security information resource, 3 of the top 10 most
searched threats are related to buffer overflow attacks
http://secunia.com/advisory_statistics/.

From a technical perspective, there are three variants of buffer overflow attacks
that are very prevalent on the Internet today:

* Stack overflow:
A stack overflow attack occurs when too much memory is used on the call stack,
the limited amount of memory used to run many program functions.
* Heap Overflow:
Heap overflow is another type of buffer overflow attack that occurs when the
dynamic memory allocation needed by the application is flooded causing a
crash.
* Ret2libc Attacks:
A return-to-libc attack is an attack usually starting with a buffer overflow,
in which the return address on the stack is replaced by the address of another
function in the program and the correct portion of the stack is overwritten.
This attack is one of the most difficult to detect and, hence to defend
against.

Comodo created its free diagnostic tests to help users understand how well prepared
they are to defend against these types of attacks. Each test is a small
non-destructive program that deliberately attempts to by-pass the current measures
of existing security software. Based on the results of these tests, users can then
take remedial action including downloading Comodo\'s free solutions such as its award
winning Comodo Firewall Pro and Comodo Memory Guardian, a new solution (now in BETA)
effective at stopping 90%+ of buffer overflow attacks in both 32 bit and 64 bit
environments.

\"Users should be able to test if their security products such as anti-virus and
firewall can protect them from a buffer overflow attack,\" said Melih Abdulhayoglu,
CEO and Chief Security Architect of Comodo.\"These attacks are now very widespread
and are especially harmful for users because drive-by-download attacks extensively
utilize the buffer overflow to inject malware to user\'s machines. With our
combination of free solutions, user can stay safe despite these prevalent threats.\"

To download these tests, please click here
http://forums.comodo.com/comodo_memory_guardian_buffer_overflow_protection-b97.0/
(please note that free registration to the Comodo Forum is required to get these
downloads if one is not currently a member). To download our free firewall, please
visit http://www.personalfirewall.comodo.com. To download the BETA version of Comodo
Memory Guardian, please click here
http://forums.comodo.com/comodo_memory_guardian_beta_corner-b98.0/
About Comodo

The Comodo companies provide the infrastructure that is essential in enabling
e-merchants, other Internet-connected companies, software companies, and individual
consumers to interact and conduct business via the Internet safely and securely. The
Comodo companies offer PKI SSL, Code Signing, Content Verification and E-Mail
Certificates; award winning PC security software; vulnerability scanning services
for PCI Compliance; secure e-mail and fax services.

Continual innovation, a core competence in PKI, and a commitment to reversing the
growth of Internet-crime distinguish the Comodo companies as vital players in the
Internet\'s ongoing development. Comodo secures and authenticates online transactions
and communications for over 200,000 business customers and 3,000,000 users of our
desktop security products.
For additional information on Comodo - Creating Trust OnlineT visit
http://www.comodo.com

Direct Link : http://www.comodo.com/news/press_releases/19_09_07.html

For more information, reporters and analysts may contact:
Judy Shapiro
Comodo
+1 (201) 963-9471
Email: judy.shapiro@comodo.com

Web Site: http://www.comodo.com

Contact Details: +1 888 266 6361
media-relations@comodo.com
www.comodo.com