Battle EMET 5.52 vs MBAE

Compare list
EMET 5.52
MBAE

Nagisa

Level 7
Thread author
Verified
Jul 19, 2018
341
I'm asking this question just for my old pentium laptop which runs windows 7, as Windows 10 already has EMET-like program embedded called as Windows Defender Exploit Guard.

MBAE performed better than EMET at the hmpalert exploit test. Also it's still being developed and probably have less vulnerability than EMET.

But, It shouldn't interfere the process of the program it protects. For example, it shouldn't make Tor Browser more fingerprintable or making it more susceptible to attacks.

If I use MBAE, I also will block all of its executables from firewall, because of privacy concerns. I prefer update it manually.

What's your thoughts?

Additional question:

Where is the free version of MBAE? There is only premium beta version available on the forum.
 
Last edited:

bribon77

Level 35
Verified
Top Poster
Well-known
Jul 6, 2017
2,392
I do not know if I understood you well, but in any case, it would not complicate my life I would use MBAE if you use W7. EMET, it is heavy and complicated to configure.:giggle:

In addition, today, antivirus almost all have an anti-exploit module. and it is not easy to find an Exploit either.:p
 
Last edited:

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,815
EMET's almost a year past its end of life date so I wouldn't recommend it.
Where is the free version of MBAE? There is only premium beta version available on the forum.
The original free version was discontinued after it was integrated into Malwarebytes 3.0. The premium beta now acts as the standalone free version.
 
  • Like
Reactions: plat and Nagisa

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044

bribon77

Level 35
Verified
Top Poster
Well-known
Jul 6, 2017
2,392
MBAE and is fully functional. I have a license and it is valid for the beta version. (at least in W7)

You can also try this program created by @Andy Ful.
 
Last edited:

plat

Level 29
Top Poster
Sep 13, 2018
1,793
I used EMET way back in Windows 8.1. You needed to use the Microsoft tutorial to set it up properly because it was weak as water out of the box. I would use any anti-exploit, free or paid, that is regularly maintained and updated. HitmanPro.Alert, Malwarebytes, those are the two that come to mind. Not EMET.
 
4

436880927

If you're running an updated version of Windows 7, Microsoft already implemented native protection to block Null-Pointer Dereference exploitation. It can be disabled on Windows 7 64-bit, but it cannot just be disabled on Windows 8+ 64-bit.

The work-around on Windows 8+ 32-bit is to use NTVDM for 16-bit application emulation and then inject code into ntvdm.exe which will then allow you to allocate virtual memory for and write to a null page, so that can be a target if you need to exploit a kernel NPD vulnerability still. However, NTVDM can only be enabled with administrative rights, and if you already have administrative rights, there's vulnerable drivers or test mode that can be used anyway.

So just to provide you with that peace of mind... one of the largest attack vectors from the past for arbitrary code execution has already been patched by Microsoft. And it doesn't just mitigate it for the Windows kernel, but all other software on the environment.

Therefore, Null Pointer Dereference bugs can only be exploited for something like a DoS attack nowadays unless you can bypass Microsoft's patch. And it won't be an eligible or valuable bypass unless it's with standard rights.

If you are running outdated Windows 7 or enable the 16-bit mode compatibility with NTVDM, EMET does support protection against virtual memory allocation for a null page. IIRC it actually allocates a null page itself for the protected processes under their virtual address space and then restricts memory write so people can't put malicious shellcode at the pre-allocated null page. But, it might just be hooking the NtAllocateVirtualMemory/NtWriteVirtualMemory APIs instead and checking the inputs. Either way, it'd be sufficient.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top