Products to compare
EMET 5.52
MBAE
Compare
Performance and System Impact
Proactive protection (Behavior blocker, HIPS, Sandbox)

Nagisa

Level 1
Verified
I'm asking this question just for my old pentium laptop which runs windows 7, as Windows 10 already has EMET-like program embedded called as Windows Defender Exploit Guard.

MBAE performed better than EMET at the hmpalert exploit test. Also it's still being developed and probably have less vulnerability than EMET.

But, It shouldn't interfere the process of the program it protects. For example, it shouldn't make Tor Browser more fingerprintable or making it more susceptible to attacks.

If I use MBAE, I also will block all of its executables from firewall, because of privacy concerns. I prefer update it manually.

What's your thoughts?

Additional question:

Where is the free version of MBAE? There is only premium beta version available on the forum.
 
Last edited:

bribon77

Level 27
Verified
I do not know if I understood you well, but in any case, it would not complicate my life I would use MBAE if you use W7. EMET, it is heavy and complicated to configure.:giggle:

In addition, today, antivirus almost all have an anti-exploit module. and it is not easy to find an Exploit either.:p
 
Last edited:

Arequire

Level 23
Verified
Content Creator
EMET's almost a year past its end of life date so I wouldn't recommend it.
Where is the free version of MBAE? There is only premium beta version available on the forum.
The original free version was discontinued after it was integrated into Malwarebytes 3.0. The premium beta now acts as the standalone free version.
 
  • Like
Reactions: plat1098 and Nagisa

oldschool

Level 32
Verified

bribon77

Level 27
Verified
MBAE and is fully functional. I have a license and it is valid for the beta version. (at least in W7)

You can also try this program created by @Andy Ful.
 
Last edited:

plat1098

Level 8
Verified
I used EMET way back in Windows 8.1. You needed to use the Microsoft tutorial to set it up properly because it was weak as water out of the box. I would use any anti-exploit, free or paid, that is regularly maintained and updated. HitmanPro.Alert, Malwarebytes, those are the two that come to mind. Not EMET.
 
4

436880927

If you're running an updated version of Windows 7, Microsoft already implemented native protection to block Null-Pointer Dereference exploitation. It can be disabled on Windows 7 64-bit, but it cannot just be disabled on Windows 8+ 64-bit.

The work-around on Windows 8+ 32-bit is to use NTVDM for 16-bit application emulation and then inject code into ntvdm.exe which will then allow you to allocate virtual memory for and write to a null page, so that can be a target if you need to exploit a kernel NPD vulnerability still. However, NTVDM can only be enabled with administrative rights, and if you already have administrative rights, there's vulnerable drivers or test mode that can be used anyway.

So just to provide you with that peace of mind... one of the largest attack vectors from the past for arbitrary code execution has already been patched by Microsoft. And it doesn't just mitigate it for the Windows kernel, but all other software on the environment.

Therefore, Null Pointer Dereference bugs can only be exploited for something like a DoS attack nowadays unless you can bypass Microsoft's patch. And it won't be an eligible or valuable bypass unless it's with standard rights.

If you are running outdated Windows 7 or enable the 16-bit mode compatibility with NTVDM, EMET does support protection against virtual memory allocation for a null page. IIRC it actually allocates a null page itself for the protected processes under their virtual address space and then restricts memory write so people can't put malicious shellcode at the pre-allocated null page. But, it might just be hooking the NtAllocateVirtualMemory/NtWriteVirtualMemory APIs instead and checking the inputs. Either way, it'd be sufficient.