Depending upon browser you use, it might be worthwhile to take a look at HitmanPro.Alert (another paid) for anti-exploit protection.
I don't agree: exploits do something (behaviour) against something else (HIPS).HIPS or Behavior Blockers - absolutely no defense against an exploit.
That's not what these were designed to do: BB can detect a process doing something it normally doesn't do and HIPS protects sensitive areas against any process that doesn't belongNo payload for the HIPS or Behavior Blocker to trigger on.
The only 100% defence against 0-day attacks is the power switch.If that it to stringent for you, then, in order of importance:
-1. Switch to linux
0. 0-day software updates
1. Never, ever, ever click on an ad or a link in an e-mail. Ever. Nevereverneverevereverevernever do that. Ever. No exceptions
2. Hardened OS/configuration (that's one notch lighter than the power switch..not something I recommend for ordinary use, only here for completeness)
3. Layered security:
3.a.Firewall (Comodo)
3.b. HIPS (Comodo)
3.c. Behaviour Blocker (Qihoo)
3.d. Anti-Virus (Qihoo)
3.e. Adblocker (Adguard or uBlock Origin)
3.f. Browser security extension (pick any really, Avast, BD, Qihoo, etc.--it's a separate product)
4. VirusTotal Uploader
5. Test stuff on a real VM (VirtualBox) before running on your production host if you have any doubts (and test your security software configuration on it)
6. Never use defaults: make conscientious decisions when configuring every. single. option. Read the manual--an option so important that there's an acronym for it!
Total cost: $0
I don't know about "Anti-Exploit" software. My only experience with it (MBAE) was one detection, a false positive that couldn't be any more false: it protected Foxit Reader from Foxit Reader during Foxit Reader installation and it kept all my other security software from working. Test on a VM first!
I don't agree: exploits do something (behaviour) against something else (HIPS).
That's not what these were designed to do: BB can detect a process doing something it normally doesn't do and HIPS protects sensitive areas against any process that doesn't belong
One can eliminate 99.9% of exploit risks by not using those softs that are most frequently targeted for vulnerabilities: Microsoft Office Suite, Adobe Acrobat and Flash, Windows Media Player, Oracle Java and Java Runtime Environment, etc....
Anti-executables are great for a lot of things, but not a solution to exploit protection.Adding an anti-executable will not stop the exploitation of a vulnerability itself, but will stop the payload from executing... if properly configured....
If protecting system becomes too much work for user, they will quickly tire of it and abandon the whole config... whatever that may be...
Or I could just keep my software up-to-date.Anti-exploit softs only protect against well-defined vulnerabilities - more specifically, documented CVE exploits.