6 Replies Latest reply on Dec 19, 2012 11:04 AM by Hayton

    Buffer Overflow Checking

    Nisa51

      Can someone explain a little to me exactly what this is and what it means please.

       

      I noticed it says its off on my Mcafee programme.

        • 1. Re: Buffer Overflow Checking
          echo

          I have had the same thing as per below:

           

          McAfee overflow.JPG

          • 2. Re: Buffer Overflow Checking
            Hayton

            Probably this is Intrusion Protection set to 'High'. It should be 'Basic'. I saw a few of these until I reset to the recommended setting.

             

            Go into Security Center / Firewall settings / Intrusion Protection and see what the setting is.

            • 3. Re: Buffer Overflow Checking
              Nisa51

              Going back to my original question for this thread.

               

              I was asking exactly what Buffer Overflow Checking is and what does it do.

               

              I have this Checked Off on my programme, seems as default as the image below, should I be turning this on?

               

              http://i.imgur.com/TbdDs.png

              • 4. Re: Buffer Overflow Checking
                Hayton

                Yes, turn it on. It's an essential check that should always be carried out.

                 

                In essence, this is dead simple. Every programmer (once upon a time, ie when I were a lad) used to check for this. Perhaps things are more complicated now, or maybe it got dropped from basic training, but ....

                 

                When a user enters something into an input field - name, address, whatever - the input is detected and assigned to an appropriate variable to hold it. Then the program uses the data in the variable to do whatever it's intended to be used for. Sometimes the data gets passed back and forth between programs. There is always the assumption that once the program has accepted the data it's valid, usable data. So checking for non-validity should be done at the pojnt of entry. Except .... all too often it's not.  By entering a stream of garbage followed by some malicious code you can fill all the space allocated for the input field, and the input then spills over into and overwrites an adjacent area of computer memory. Once you put executable code into memory, it will execute. In principle, easy to do if input checking is sloppy. And that's a buffer overflow.

                 

                All Software Contains Bugs : that's a fact of life. Microsoft code used to be riddled with sloppy input checking, but they've done a rigorous overhaul of old code and tightened up programming of new code. Lots of Microsoft updates are put out with fixes for this particular bug, because it's so easy to manipulate once found. Find an input field that's doesn't check for length of input, work out how much the field can hold internally, give the program (x) bytes of garbage followed by your own code, and you might be able to take over a user's machine.

                 

                That is the best explanation I can give. If it's not entirely right, at least it's not entirely wrong :-)

                 

                Let Wikipedia have the final word.  It's all on https://en.wikipedia.org/wiki/Buffer_overflow

                • 5. Re: Buffer Overflow Checking
                  Nisa51

                  Thank you for that, trying to find the setting is it this

                   

                  Real Time Scanning Settings - Buffer overlow exploits?

                  • 6. Re: Buffer Overflow Checking
                    Hayton

                    If you see it there, turn it on. It used to be there in mine but isn't any more. It's still listed on this Help page though.

                     

                    Every time Microsoft fixes a potential buffer-overflow weakness McAfee adds protection for it, just in case.

                     

                    Message was edited by: Hayton on 19/12/12 17:04:27 GMT