Which AV is known for its quick response to new attacks? Should I have non-traditional AV software? I went through similar threads but I'm not sure there was a definitive answer 
Second best zero-day security (after common sense)?
- Thread starter Marco2
- Start date
- Aug 23, 2013
- 1,073
Several people have referred to HitmanPro.Alert as paid, yet I have it for free. At its website it appears to be free. I saw a testing service where it performed phenomenally well.
As it comes to the differences in HPA paid and free, please refer to hjlbx's post (#5) here: http://malwaretips.com/threads/malwarebytes-anti-exploit-vs-hitmanpro-alert-3.43217/
You may also use the license from Hitman Pro (Scanner) for HPA with no extra cost, in case you paid it after using the 30-days trial to remove malware.
You may also use the license from Hitman Pro (Scanner) for HPA with no extra cost, in case you paid it after using the 30-days trial to remove malware.
- Jun 14, 2015
- 857
I don't agree: exploits do something (behaviour) against something else (HIPS).
That's not what these were designed to do: BB can detect a process doing something it normally doesn't do and HIPS protects sensitive areas against any process that doesn't belong
Not to question HitmanPro but let me decrypt the brochure:
On-demand Malware Detection and Remediation Integrated Anti-Malware scanner -- ANTI-VIRUS
Safe Browsing (Man-in-the-Browser Detection) Warns when malware manipulates the browser; behavior-based -- UMM..BEHAVIOUR BLOCKER
Active Vaccination Makes sandbox-aware malware self-terminate -- SANDBOX-AWARE MALWARE ALREADY DOES THAT ON ITS OWN TO AVOID DETECTION (THAT'S WHY IT'S VM-AWARE) AND IF A SANDBOX IS SAFE, WHAT DOES IT MATTER?
CryptoGuard Protects your data against Cryptolocker-like ransomware; behavior-based -- I'M GONNA GO WITH BEHAVIOUR BLOCKER AGAIN
Webcam Notifier Blocks the webcam when it is (secretly) accessed -- HIPS
Keystroke Encryption Protects credentials against keyloggers in the browser -- HIPS -- IF YOU HAVE A KEYLOGGER, WHAT WENT WRONG?
Process Protection Protects the main executable of a process against unmapping -- BB FOR HOLLOWING, HIPS FOR PAYLOAD
BadUSB Protection Blocks malicious USB devices that pose as a keyboard -- HIPS/BB
Exploit Mitigations Aims to stop attackers from exploiting software vulnerabilities HIPS/BB AUTO-UPDATES
Pseudo Address Space Layout Randomization (ASLR) Prevents predictable code locations of modules, incl. on Windows XP -- UPDATE OS TO 64-BIT VISTA OR NEWER OR RUN EMET
Network Lockdown Helps to stop attacks that connect back to command-and-control -- FIREWALL !
The only 100% defence against 0-day attacks is the power switch.
-1. Switch to linux
0. 0-day software updates
1. Never, ever, ever click on an ad or a link in an e-mail. Ever. Nevereverneverevereverevernever do that. Ever. No exceptions
2. Hardened OS/configuration (that's one notch lighter than the power switch..not something I recommend for ordinary use, only here for completeness)
3. Layered security:
3.a.Firewall (Comodo)
3.b. HIPS (Comodo)
3.c. Behaviour Blocker (Qihoo)
3.d. Anti-Virus (Qihoo)
3.e. Adblocker (Adguard or uBlock Origin)
3.f. Browser security extension (pick any really, Avast, BD, Qihoo, etc.--it's a separate product)
4. VirusTotal Uploader
5. Test stuff on a real VM (VirtualBox) before running on your production host if you have any doubts (and test your security software configuration on it)
6. Never use defaults: make conscientious decisions when configuring every. single. option. Read the manual--an option so important that there's an acronym for it!
Total cost: $0
I don't know about "Anti-Exploit" software. My only experience with it (MBAE) was one detection, a false positive that couldn't be any more false: it protected Foxit Reader from Foxit Reader during Foxit Reader installation and it kept all my other security software from working. Test on a VM first!
Absolutely nothing in that list from suggestion 3 and all the way down including suggestion 6 - nothing of that will protect you against an exploit.
Maybe you can be in luck and have a possible payload detected and blocked.
But that's about it.
Anything else that was conducted - you will never know.
I don't think you are fully aware of what happens when vulnerabilities are exploited.
Again, a possible payload can be detected. If you are in luck.
But the exploit - no.
The OP just wanted to know what would be good alternative to traditional AV soft?
I was the one who pointed out that he\she should also consider adding anti-exploit.
One can eliminate 99.9% of exploit risks by not using those softs that are most frequently targeted for vulnerabilities: Microsoft Office Suite, Adobe Acrobat and Flash, Windows Media Player, Oracle Java and Java Runtime Environment, etc.
Adding an anti-executable will not stop the exploitation of a vulnerability itself, but will stop the payload from executing... if properly configured.
If protecting system becomes too much work for user, they will quickly tire of it and abandon the whole config... whatever that may be...
I was the one who pointed out that he\she should also consider adding anti-exploit.
One can eliminate 99.9% of exploit risks by not using those softs that are most frequently targeted for vulnerabilities: Microsoft Office Suite, Adobe Acrobat and Flash, Windows Media Player, Oracle Java and Java Runtime Environment, etc.
Adding an anti-executable will not stop the exploitation of a vulnerability itself, but will stop the payload from executing... if properly configured.
If protecting system becomes too much work for user, they will quickly tire of it and abandon the whole config... whatever that may be...
Not really true. Some of these are embedded in the OS - protect what's there.
And the concept of "just use something else and you will be safe" are simply not true.
The software mentioned are some of the most vetted software around. Meaning vulnerabilities are found AND patched.
Changing to a lesser known product produced by two guys in an attic, does not equal no vulnerabilities - it just means that the vulnerabilities that are there will take a lot longer to be patched, and can therefore be exploited for a longer time.
The only product I would tell a home-user to stay clear of are the web component in Java. Java itself are not a problem in the same way (but should be guarded by an anti-exploit product nevertheless)
But then again, it's not a solution to just tell people not to use Java's web component since a lot of corporate applications rely upon it and some countries online banking still uses it.
Anti-executables are great for a lot of things, but not a solution to exploit protection.
The moment a vulnerability are exploited, you have no way of knowing what are done to your system.
Maybe there will be something for the anti-executable to trigger on, maybe not.
Running a anti-exploit product stops the exploit itself and there are never a payload to worry about.
Here we agree 100%.
And part of the problem are the culture found in most tech sites and security sites.
A lot of sites has a culture promoting : "if two products are good, then twenty products are much better".
Nothing could be further from the truth.
Any home user out there will be perfectly safe with a plain Windows installation, a AV of choice and a anti-exploit like HitmanPro.Alert.
All of it in default settings, no tinkering with any settings.
Done deal, get on with their lives and enjoy every day of it.
Exploit writers have to target the most widely distributed softs to increase the odds that they will succeed at exploiting at least some systems. In other words, no malware writer in their right mind is going to waste time targeting - for example - NitroPDF even with a vulnerability that will "hand them the money" - since it is installed on less than 1% of all Windows systems.
Reducing the attack surface - by using something else - is a widely accepted as well as an easy - yet highly effective - means to mitigate software vulnerability risks.
Anti-exploit softs only protect against well-defined vulnerabilities - more specifically, documented CVE exploits. In other words, they do not provide wide-ranging, "generic" exploit protection against any and all vulnerabilities for any and all softs. The protections that MBAE and HMPA provide are for exploits against certain software... Microsoft Office Suite, Oracle Java, Windows Media Player, etc, etc.
That means using HMPA and MBAE does not protect every soft on your system... so, in the end, there may be vulnerabilities in less popular softs, but unless they are targeted, those vulnerabilities are irrelevant. This goes back to reducing the attack surface area...
Reducing the attack surface - by using something else - is a widely accepted as well as an easy - yet highly effective - means to mitigate software vulnerability risks.
Anti-exploit softs only protect against well-defined vulnerabilities - more specifically, documented CVE exploits. In other words, they do not provide wide-ranging, "generic" exploit protection against any and all vulnerabilities for any and all softs. The protections that MBAE and HMPA provide are for exploits against certain software... Microsoft Office Suite, Oracle Java, Windows Media Player, etc, etc.
That means using HMPA and MBAE does not protect every soft on your system... so, in the end, there may be vulnerabilities in less popular softs, but unless they are targeted, those vulnerabilities are irrelevant. This goes back to reducing the attack surface area...
And that's the beauty of life - freedom to make your own choices.
If you fancy trying to find a browser, PDF reader or office suite that nobody uses, that you hope nobody will ever happen to find vulnerabilities in and that you pray for never will be recognized when you are suddenly redirected to that landing page you always feared was out there - then that's your choice to make.
Personally I prefer to use software that are well vetted, maintained and quickly patched when needed.
As for Anti-Exploit solutions only protecting against well-defined vulnerabilities, then you do understand that there are not infinite ways to abuse the system. The techniques used are fundamentally the same. Staying on top of what is possible, that IS the name of the game for both HMP.A, MBAE, EMET and so forth.
They do that VERY well, evolving as needed.
If you fancy trying to find a browser, PDF reader or office suite that nobody uses, that you hope nobody will ever happen to find vulnerabilities in and that you pray for never will be recognized when you are suddenly redirected to that landing page you always feared was out there - then that's your choice to make.
Personally I prefer to use software that are well vetted, maintained and quickly patched when needed.
As for Anti-Exploit solutions only protecting against well-defined vulnerabilities, then you do understand that there are not infinite ways to abuse the system. The techniques used are fundamentally the same. Staying on top of what is possible, that IS the name of the game for both HMP.A, MBAE, EMET and so forth.
They do that VERY well, evolving as needed.
- Jun 14, 2015
- 857
Or I could just keep my software up-to-date.
I could also not open shady PDFs, etc.
I'm having a hard time seeing users with up-to-date OS/software, a singular decent security product, and exercising good horse sense having to be concerned with exploits. The primary target of AE software is Windows XP, a 14-year old end-of-life OS. Mission-critical boxes will be hardened and not viewing PDFs, etc. anyway.
- Status
Similar threads
- Microsoft Threat Intelligence
- Microsoft Defender
