contents

software
 
Comodo Users React to Conficker Virus with Confidence, Not Fear

While users of other firewall and web security products scrambled to prepare for the possibly devastating effects of the Conficker virus, Comodo Internet Security users had nothing to fear, Comodo CEO and security expert Melih Abdulhayoglu has reported.

"Conficker was, like so many other web-based malware assaults, a buffer-overflow attack", said Abdulhayoglu. "We designed Comodo Internet Security to stand up against attacks like this. We didn't even need to provide our customers with an update! They were safe as is."

Buffer overflow (or "BO") attacks occur when a seemingly safe website, actually infected with malware, overruns a computer with so much information that a "buffer", or temporary data storage area, is breached. Once this breach occurs, data flows over the buffer and into what is supposed to be a secure memory storage area containing the computer's instructions on how to perform. The hacker who infected the initial site is now free to fill up a computer with his own instructions, however nefarious these may be.

Conficker, thought by security professionals to be named after a combination of the word "configure" and a German obscenity, struck fear in the hearts of many PC users because it appeared to be a more advanced worm than had previously been seen in the computing world. Unlike the usual buffer overflow attack, which can easily be shut down once a user determines the source of the attack's malware, Conficker generated hundreds of illegitimate URLs a day, only downloading malware onto a PC from one of these sites.

"For non-Comodo users, this certainly could have been a problem. Conficker was a very intelligently designed piece of malware", said Abdulhayoglu. "Happily, users of our security suite were spared any panic. And we here at Comodo were spared the task of warning our users to download updates or face the consequences. After all, nobody enjoys scaring their own customers."



write your comments about the article :: 2009 Computing News :: home page