Over the past few years, there has been a sharp rise in the number of reported vulnerabilities and worms.
The main reason existing security technologies fail to protect organizations from emerging security threats, is that they rely on incomplete or inaccurate information. Some rely on analyzing network traffic, others use signatures of known attacks, whilst some combine both.
But, none of these technologies can effectively protect organizations from the new breeds of computer worms and other malicious attacks.
Our customers use BufferShield in a wide variety of ways:
- Add an additional security layer to Windows update, virus scanners and firewalls
- Enhance the security on current desktop and server operating systems
- Enhance the security on critical infrastructure systems
- Enhance the security for no longer supported legacy OS like Windows NT 4.0 and Windows 2000, still being targeted
- Survive the day-0 phase, that any publicly known vulnerability goes through, until hotfixes / patches are available
- As a honeypot component, triggering an alarm in order to discover new and harmful threats at the earliest possible stage
Contrary to Microsoft's hardware based DEP technology, requiring the installation of service pack 2 for XP and the availability of certain processor features (Intel's XD and AMD's NX technology), BufferShield protects all Microsoft operating systems beginning with NT4, even if such a hardware is not present.
Beside of that the hardware enforced Data Execution Prevention feature (DEP) in Windows XP SP2 and Windows Server 2003 SP1 and SP2 doesn't offer a reliable protection against buffer overflows in its default settings. Please click here to learn more about the benefits of using BufferShield instead of hardware DEP.
Microsoft's DEP software based approach does, opposed to the widespread believe of protecting from buffer overflows, explicitly protect from one specific exploit that occurred one time only and is based on overwriting the pointer to the SEH exception handler.
Please feel free to use our DEPTest tool to verify your computer’s current security settings regarding the mentioned pitfalls with MS software & hardware based NX protection.
To combat these security threats BufferShield uses an innovative pro active technology, which prevents that malicious code exploits a system function or takes advantage of functionality inside the executables.
BufferShield is capable of detecting and preventing the exploitation of buffer overflows, responsible for the majority of security related problems faced today.
Upon detection it creates an entry within the event log and optionally terminates the application in question, preventing the execution of potentially malicious code.
Buffer overflows are commonly used by hackers and viruses to introduce malicious code into your systems. For example the Zotob, Sasser or LovSan / MSBlaster worms used such a technique to attack remote systems.
BufferShield uses similar technologies, implemented by the PaX project to protect the Linux platform from buffer overflows.
BufferShield is the only product available for Microsoft platforms allowing the definition of a protection scope, specifying which applications or services should or should not be protected. Additionally the protection scope allows the exclusion of certain memory ranges that should be excluded. This is necessary because some applications actually generate dynamic code on the stack or heap and attempt to execute it afterwards, being detected by BufferShield as an attempted exploitation of a buffer overflow.
BufferShield's key features:
- Detects code execution on the stack, default heap, dynamic heap, virtual memory and data segments
- Can terminate applications in question if a buffer overflow was detected
- Reports to the Windows® event log in case of any detected overflows
- Allows the definition of a protection scope to either protect only defined applications or to exclude certain applications or memory ranges from being protected
- Utilizes Intel XD / AMD NX hardware based technology if available
- SMP support
- Address Space Layout Randomization (ASLR)
BufferShield supports the following operating systems:
- Microsoft Windows® NT 4.0 Workstation
- Microsoft Windows® NT 4.0 Server
- Microsoft Windows® NT 4.0 Server Enterprise Edition
- Microsoft Windows® NT 4.0 Terminal Server Edition
- Microsoft Windows® 2000 Professional
- Microsoft Windows® 2000 Server
- Microsoft Windows® 2000 Advanced Server
- Microsoft Windows® XP Professional
- Microsoft Windows® XP Home Edition
- Microsoft Windows® 2003 Server Standard Edition
- Microsoft Windows® 2003 Small Business Server
- Microsoft Windows® 2003 Server Enterprise Edition
- Microsoft Windows® 2003 Server Web Edition
- Microsoft Windows® 2003 Datacenter Edition
BufferShield is compatible with Antivirus Software like:
- Symantec Norton AntiVirus™
- Kaspersky Anti-Virus
- CA EZ Antivirus
- G Data AntiVirenKit
- Trendmicro PC-cillin Internet Security
BufferShield is currently incompatible with VMWare, Microsoft Virtual PC & Virtual Server 2005 R2