dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
7
Rebirth
join:2009-06-18
33333

Rebirth to scottp99

Member

to scottp99

Re: Buffer Overflow blocked by AV, what should I do?

@ Steve

"unfortunately-named Windows error codes"

You can say that again ! Thanks for the info
scottp99
join:2010-12-11

scottp99

Member

@NetFixer

Well, I am very security cautious when it comes to IS Security.
I am indeed very happy that my AV blocked it, but most security experts say that even though AV blocks the nasty stuff out there, still, one should reimage or reinstall the OS because now days, most of these malicuous code can be so hooked deep inside of your system that we really should not assume that it has been blocked or removed by AV.

I did all the searches on Buffer Overflows, but has been very techy for me. Are these more dangerous than an ordinary infection by a trojan or a worm or a virus? I dont quite understand.

But in any case, I did restore my clean OS image just in case.

NetFixer
From My Cold Dead Hands
Premium Member
join:2004-06-24
The Boro
Netgear CM500
Pace 5268AC
TRENDnet TEW-829DRU

NetFixer

Premium Member

said by scottp99:

@NetFixer

Well, I am very security cautious when it comes to IS Security.
I am indeed very happy that my AV blocked it, but most security experts say that even though AV blocks the nasty stuff out there, still, one should reimage or reinstall the OS because now days, most of these malicuous code can be so hooked deep inside of your system that we really should not assume that it has been blocked or removed by AV.

But in any case, I did restore my clean OS image just in case.

You should always do whatever makes you feel comfortable and safe (my previous post was simply my own viewpoint). FWIW, if I did not trust the security software that was on a system under my control, I would also look into replacing it with something that I did trust after a secure reformat of the HDD and reinstalling the OS.

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

3 edits

1 recommendation

Blackbird to scottp99

Premium Member

to scottp99
said by scottp99:

... Are these more dangerous than an ordinary infection by a trojan or a worm or a virus? I dont quite understand. ...

No... a buffer overflow is a description of a system's legitimate software's flaw or weakness that may be attacked by an infection to get into the computer, not a measure of the infection seriousness itself, once it has gotten in. An infection is an infection, by whatever means of arrival. Once safely inside, an initial infector may invite any number of nasty friends in from outside or it may self-contain any manner of malicious "payloads"... it all depends on the coding attached to the initial infector.

However, an exploitable buffer overflow is a weakness existing within a legitimate piece of software installed on your system, and that is grounds for continuing concern. It raises the chances for the same or some other exploit to attack that same vulnerability in some future encounter. So, if possible, you really should identify and plug that security hole, either by updating/patching the vulnerable software (preferred solution), by blocking the attack point within that software using some settings option in the software or the OS, or by making use of external protective software that responds to this kind of threat... or some combination of these.