- Jan 17, 2013
- 410
I have to agree with moose (mostly). Nothing is 100% and layered security is the way to go. Norton's detection rate is partially determined by Sonar. Even before that Norton's detection rate isn't the greatest. I'm not saying that its horrific just not the greatest. Having said that without an internet connection you lose some of Norton's detection score. MBAM has all off line sigs. MBAM has a very good PUP and Rootkit detection rating. I wouldn't say that it rivals some security suites but it is very good. Apart from that it also has a very good IP filter. Keeping one out of trouble before they actually get in any. Norton is known to be very light which is good because MBAM can use up some resources (100k mem resources last time I used it).
Now there is a difference between EMET and MBAM AE. There is a good reason to keep both.
"EMET is mainly designed to enforce OS protections on third party (i.e. non-Microsoft) applications. So for example you can force non-ASLR compliant apps to use ASLR. It also includes other mitigations which are very nice and handy as well as the certificate trust feature.
MBAE on the other hand has been designed as a global (i.e. complete, as in you don't need anything else) multi-layer anti-exploit real-time protection. While some of the mitigations are similar in nature, MBAE is more complete as an anti-exploit as it includes multiple techniques against both stage 1 and stage 2 of the exploit attacks (while EMET is just stage 1). So basically in case something bypasses exploit stage 1 protections with EMET, you are out of luck. With MBAE if some exploit bypasses stage 1 you still have the stage 2 protection layers protecting you as a safety net.
Some other differences are the following:
Now there is a difference between EMET and MBAM AE. There is a good reason to keep both.
"EMET is mainly designed to enforce OS protections on third party (i.e. non-Microsoft) applications. So for example you can force non-ASLR compliant apps to use ASLR. It also includes other mitigations which are very nice and handy as well as the certificate trust feature.
MBAE on the other hand has been designed as a global (i.e. complete, as in you don't need anything else) multi-layer anti-exploit real-time protection. While some of the mitigations are similar in nature, MBAE is more complete as an anti-exploit as it includes multiple techniques against both stage 1 and stage 2 of the exploit attacks (while EMET is just stage 1). So basically in case something bypasses exploit stage 1 protections with EMET, you are out of luck. With MBAE if some exploit bypasses stage 1 you still have the stage 2 protection layers protecting you as a safety net.
Some other differences are the following:
- MBAE is growing and including EMET protections and even other types of protections not found currently in EMET or MBAE. We keep on adding new techniques every other week to make MBAE even more robust and complete as an anti-exploit.
- EMET’s protections are limited in older Operating Systems such as XP, while MBAE is not. Under XP MBAE is much more effective than EMET. This is especially important for larger companies where they still rely on older OS versions and are much more vulnerable.
- Finally potential bypasses for EMET (there have been a few in the past) do no affect MBAE as we include the exploit stage 2 protections not found in EMET as a safety net."