Advice Request Malwarebytes anti-exploit -- effectiveness?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
how effective is it? I mean, how do we know it is actually offering added protection? Are there any tests?
I have it installed on Windows 10 pro x64, along with Windows Defender and Spyshelter free.
 
  • Like
Reactions: _CyberGhosT_, Rishi and CySecy825
jamescv7

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
@shmu26: Well here are in-related search inquiry videos that you may interested even though some are not on MBAE but sure enough to provide your own conclusion.

Link
 
Last edited:
  • Like
Reactions: Rishi
generalwu

generalwu

Level 5
Verified
Well-known
Jan 25, 2016
219
To me it's more like "Better be safe than sorry", as long as there's many people endorsing the software, it should be effective to a certain extend. To what extend is another question though. :confused:
 
  • Like
Reactions: shmu26
Atlas147

Atlas147

Level 30
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 28, 2014
1,990
I think I have only run into an exploit page once my entire life and safe to say that MBAE caught it. Although I thought that it was generally safe because it was a known gaming forum site but it might have been compromised by malware. In any case I agree with @generalwu it's better to be safe than sorry!
 
  • Like
Reactions: frogboy, russ0408, Rishi and 1 other person
D

Deleted member 178

Stop asking for tests, they means nothing, you can do all tests you want , they are just "tests"; real life scenario are different. Not saying it is difficult to test anti-exploits software since "legit" exploits are needed.

what matters then? just check the product forum and see if people get compromised while using the product.
 
  • Like
Reactions: silversurfer, frogboy, shukla44 and 4 others
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Umbra said:
Stop asking for tests, they means nothing, you can do all tests you want , they are just "tests"; real life scenario are different. Not saying it is difficult to test anti-exploits software since "legit" exploits are needed.

what matters then? just check the product forum and see if people get compromised while using the product.
Click to expand...
interesting approach!
I glanced through the titles of the first three pages on their forum. Doesn't look to me like anyone actually got infected. One person thought he was being attacked by an exploit, but the moderator explained that the media file he was trying to open had a protection that conflicted with MBAE.
 
L

LabZero

Well, we consider that a small bug or 0day vulnerability in a web-application can open the door to a deeper system impairment. The pirate, once he has access to a system, can attack a network from within, find and exploit relationships of trust and penetrate connected systems otherwise unattainable. For this reason the sql injection, for example, and other bugs in web-applications should never be underestimated!

A sql injection attack is to exploit a lack of validation of user-supplied input to the web-application. Taking advantage of this gap the pirate has the right to insert sql code and subvert the default logic, forcing the system. SQL is the language used to interrogate databases. By manipulating the logic of these scripts, he can also find passwords (encrypted) stored in the database itself. This is one of the most common hacking techniques of recent times.

As I always say, a security system is as strong as the weakest link. Find a weakness and exploit it properly can lead to the total defeat of the security system itself and ... all this because of a clumsy handling user input and no anti-exploit app can 100% protect you!
 
Last edited by a moderator:
  • Like
Reactions: Davidov, Rishi, silversurfer and 4 others
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Klipsh said:
Well, we consider that a small bug or 0day vulnerability in a web-application can open the door to a deeper system impairment. The pirate, once he has access to a system, can attack a network from within, find and exploit relationships of trust and penetrate connected systems otherwise unattainable. For this reason the sql injection, for example, and other bugs in web-applications should never be underestimated!

A sql injection attack is to exploit a lack of validation of user-supplied input to the web-application. Taking advantage of this gap the pirate has the right to insert sql code and subvert the default logic, forcing the system. SQL is the language used to interrogate databases. By manipulating the logic of these scripts, he can also find passwords (encrypted) stored in the database itself. This is one of the most common hacking techniques of recent times.

As I always say, a security system is as strong as the weakest link. Find a weakness and exploit it properly can lead to the total defeat of the security system itself and ... all this because of a clumsy handling user input and no anti-exploit app can 100% protect you!
Click to expand...
MBAE doesn't protect against that. Quoting their FAQ:

MBAE will not protect against exploits which take advantage of insufficient or incorrect configuration or information disclosures, XSS, SQL injection, etc.

What does protect against it?
 
L

LabZero

shmu26 said:
MBAE doesn't protect against that. Quoting their FAQ:

MBAE will not protect against exploits which take advantage of insufficient or incorrect configuration or information disclosures, XSS, SQL injection, etc.

What does protect against it?
Click to expand...
Yes, what does protect against it?
Edit: rhetoric question...
 
Last edited by a moderator:
  • Like
Reactions: Sr. Normal and frogboy
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Klipsh said:
Yes, what does protect against it?
Edit: rhetoric question...
Click to expand...
I understood you (it was typical Jewish humor, don't know if you are or aren't...)
but more to the point, it sounds to me like it depends on the dev to write safe code. So if you are using chrome or firefox, you should be pretty safe, no?
 
_CyberGhosT_

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
Klipsh said:
Well, we consider that a small bug or 0day vulnerability in a web-application can open the door to a deeper system impairment. The pirate, once he has access to a system, can attack a network from within, find and exploit relationships of trust and penetrate connected systems otherwise unattainable. For this reason the sql injection, for example, and other bugs in web-applications should never be underestimated!

A sql injection attack is to exploit a lack of validation of user-supplied input to the web-application. Taking advantage of this gap the pirate has the right to insert sql code and subvert the default logic, forcing the system. SQL is the language used to interrogate databases. By manipulating the logic of these scripts, he can also find passwords (encrypted) stored in the database itself. This is one of the most common hacking techniques of recent times.

As I always say, a security system is as strong as the weakest link. Find a weakness and exploit it properly can lead to the total defeat of the security system itself and ... all this because of a clumsy handling user input and no anti-exploit app can 100% protect you!
Click to expand...

Well spoken, and knowing this you also know that herein lies the chess match between hacker and prevention. PeAcE
 
  • Like
Reactions: LabZero
L

LabZero

shmu26 said:
I understood you (it was typical Jewish humor, don't know if you are or aren't...)
but more to the point, it sounds to me like it depends on the dev to write safe code. So if you are using chrome or firefox, you should be pretty safe, no?
Click to expand...
MBAE can block zero-day exploits developed to hit browsers and vulnerable applications with the restrictions that you said above.

In a real scenario it's difficult anyway to test the real reliability because you need to test it with "live" zero day.

If you are interested take a look here:

Written Review - MalwareBytes Anti-Exploit 1.07.1.1015 free version.
 
  • Like
Reactions: Rishi, silversurfer and frogboy
Status
Not open for further replies.

Similar threads

Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Malwarebytes Premium Anti-Malware v5
Replies
5
Views
976
Video Reviews - Security and Privacy
anirbandutta01
anirbandutta01
Shadowra
    • +Reputation
    • Like
    • Applause
App Review SpyShelter Pro 2024
Replies
13
Views
876
Video Reviews - Security and Privacy
LennyFox
L
M
  • Locked
BBWC not detected by malwarebytes and rkill but is there?
Replies
13
Views
474
Windows Malware Removal Help & Support
icotonev
icotonev

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top