New: Malwarebytes Anti-Exploit Premium

Status
Not open for further replies.

Cats-4_Owners-2

Level 39
Verified
Honorary Member
Top Poster
Well-known
Dec 4, 2013
2,800
Thanks for sharing this Dragonx....:)
Honestly it isn't even worth trying.
Fantasy, after reading your post I'm also wondering "Why not?", and whether you feel similarly about the free version too.o_O
 
  • Like
Reactions: Kent

Koroke San

Level 29
Verified
Jan 22, 2014
1,804
Thanks for sharing this Dragonx....:)

Fantasy, after reading your post I'm also wondering "Why not?", and whether you feel similarly about the free version too.o_O
Coz it's a paid version, free version is useless since it doesn't include all type of exploit protection compared to it's paid version, in most cases no one wants to paid for 'another security' suite since it will slow their startup time, will take some resources, maybe be there AV also included exploit protection, maybe they get tired of layered security & they increased their knowledge regarding safe surfing/downloading & computing habits so why they want to live with a free or only one paid security product since they didn't catch any malware or malware related suspicious activity on their PC from long time. Also they always up to date their OS, adobe flash player, PDF, media player type programs which r affected by exploits to minimize exploits attack. That's wut i know my catuu boy tehehe :D
 
  • Like
Reactions: Kent and Oxygen

Holysmoke

Level 2
Verified
Jul 31, 2014
82
in all my tests and watching malware doesnt need coffee, it stopped every 0 day thrown at it. Fantasy is in a fantasy
 

FleischmannTV

Level 7
Verified
Honorary Member
Well-known
Jun 12, 2014
314
It certainly does a lot more than all those kind-of-fake exploit protection mechanisms which are now becoming standard in AVs.
 
  • Like
Reactions: Nightwalker

Cch123

Level 7
Verified
May 6, 2014
335
I definitely think there isn't a need for this. Malwarebytes is keeping whatever technique they use to mitigate exploits secret, which does not sound nice to me instantly. Without knowing the techniques involved we cannot critique of compare it with other solutions.

However, based on in depth analysis of the software by other researchers, I think the most powerful component inside the product is layer 3, the payload block. It is this component that allows malwarebytes to seemingly "outperform" other solutions. What happens is that the component injected into the protected process detects the execution of shellcode by monitoring the functions called and using heuristics, which it then proceeds block. This works well if indeed shellcode or an executable payload is dropped. However, there a disadvantages, such as how the exploit can call different functions from the ones being monitored and it can bypass Anti exploit. Also, there is the case of false positives.

While this feature sounds nice, you need to note that with a good antivirus/BB, layer 3 is quite obsolete as your antivirus should be able to block your payload. Many products can achieve what Anti-Exploit does in layer 1 and 2, so there isn't a need for another program.
 

Kent

Level 10
Verified
Well-known
Nov 4, 2013
468
Eset SS8 already has this feature;so it is not needed if you are using it :cool:
 

FleischmannTV

Level 7
Verified
Honorary Member
Well-known
Jun 12, 2014
314
Eset SS8 already has this feature;so it is not needed if you are using it :cool:

Unless you know exactly how it works you cannot really say that. Exploitation is complex stuff and most AVs nowadays offer some kind of protection against it, though none of them cover everything and the companies won't tell how their exploit protection works exactly and, most importantly, where the deficiencies are. So basically no one can say for sure whether the exploit protection in the AV is sufficient or if you need MBAE to complement it, or even if MBAE is not good enough.

Most of the official testing I've seen in this matter leaves much to be desired. Either the test is so small that it's basically a joke or they are testing it with ancient CVE's and well known exploit kits. The main problem with these tests is that you can say that being patched would have stopped 100%, whereas even the specialized exploit protection didn't catch everything; so in the end it was inferior to being fully patched. Hence you can say that being up-2-date is much more important than third-party exploit protection. Regarding future threats you can barely use those old tests in order to predict the outcome because the attackers weren't planning against anti-exploit tools and now they probably are; or they aren't, but who knows that?

So in the end it boils down to a highly abstract guessing game.

Though in reality most of us haven't seen exploits in years. Even if you prep your machine with a whole compilation of ridiculously outdated software and try to find a malicious website on the malware domain list with an exploit kit waiting, it hardly yields success.
 
  • Like
Reactions: Moose and Kent
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top