Advice Request Should I use a Exploit Protection Software?

[DJ Panda]

Hello everyone so a question I have ands peobally others have is should we use exploit peotwxctrion software? Why should we use it? I have seen staff configurations and some of them have software that does include or is exploit software. Some guides involving layered security say exploit protection is important, but what if your activities have never given you an exploit attack. Wouldn't a software that gives protection from exploits just make the system more bloated or unstable at times.

What do you guys think? Do people NEED exploit protection?

(I know that !many other software encorperates exploit protection but I mainly only know about MBAE)

 

[XhenEd]

I would say yes, you need an anti-exploit program.
Because even if you strive for up-to-date software or OS, cyber criminals are clever and they are many. If many cyber criminals try to find a vulnerability in a software, there's a higher probability that it will be exploited.

 

[Solarlynx]

Anti-exploit adds additional security but not so badly needed. Anti-exploit protection mitigates exploit attacks at early stages. If you have good HIPS or Anti-executable they must stop drive-by attack at the last stage. If you feel comfortable with EMET or MBAE you can add one of them to your setup. They will harden your security config.

 

[_CyberGhosT_]

Agreed @ Solar & Xhen,
and MBAE is a good one with a well proven track record.
It's what I add to any security config as a "booster shot"
so to speak.
PeAcE

 

[Soulbound]

Personal choice to be honest. I do not use additional software, tho Kaspersky AV already has an anti exploit module.
Other systems that run AV solutions that do not have such module, I have not seen the need to have it installed, and those systems are in a shared environment.

You can essentially plug in the holes but in the end, it will come down to your own usage and would it affect your day to day tasks.

 

[Deleted member 2913]

I dont use additional exploit protection.
If my security software has it then fine & if not then too I am fine.
I keep OS & other software updated.

IMO If you keep OS & other software updated with good security software then fine & no need standalone exploit protection software.

 

[Solarlynx]

Agreed @ Solar & Xhen,
and MBAE is a good one with a well proven track record.
It's what I add to any security config as a "booster shot"
so to speak.
PeAcE

I would add MBAE is a very light app.

tho Kaspersky AV already has an anti exploit module.

I believe its anti-exploit module is way weaker than full fledged anti-exploit app like EMET or MBAE.

 

[hjlbx]

If you keep your software and OS updated - and aren't a high-risk user, then the probability of an exploit is low - something like less than 2 % according to industry data. Therefore, anti-exploit protection isn't needed - statistically - for the vast majority of users.

If you want layered protection, then anti-exploit is one of the basic layers.

My attitude towards exploits that they are very unlikely - yet still possible (true 0-Day). Therefore, I run all commonly exploited programs - browsers, Adobe products, office suites, archivers, etc - with limited file system and registry access rights using AppGuard. AppGuard will not prevent an exploit, but it will block the post-exploit actions. I have seen it stop a nasty exploit payload from altering the system.

 

[XhenEd]

OS and software patching is, in my opinion, reactive. Vulnerabilities are exposed and some are already exploited even before a patch is released.

That's why I think it's better to have an anti-exploit protection, regardless of full-fledged, or bundled like in Kaspersky or ESET, for proactive approach.

But of course, I acknowledge that even with a full anti-exploit program, there is always a probability that your computer's system will be compromised.

 

[Solarlynx]

OS and software patching is, in my opinion, reactive. Vulnerabilities are exposed and some are already exploited even before a patch is released.

I agree with this. That's why I don't pay that much attention to updating.

 

[bunchuu]

OS and software patching is, in my opinion, reactive. Vulnerabilities are exposed and some are already exploited even before a patch is released.

That's why I think it's better to have an anti-exploit protection, regardless of full-fledged, or bundled like in Kaspersky or ESET, for proactive approach.

But of course, I acknowledge that even with a full anti-exploit program, there is always a probability that your computer's system will be compromised.

I agree with you and for me, I sometimes browse shady website that have been hit by malvertising campaign in the past, so anti exploit is needed.

 

[arsenaloyal]

its one of those things you don't need untill you need it if you know what i mean.

 

[AlphaBeta]

You do need anti-exploit protection but Malwarebytes anti-exploit only prevents a certain number of known exploits. It can't prevent new ones with heuristics.

 

[cruelsister]

The answer would depend on what you are using as your primary security solution. If you depend on the traditional AV, then yes, you can use exploit protection. If on the other hand you utilize something that is actually of value (like virtualizing the system and/or browser, a good anti-exe, etc), then no, an anti-exploit app would be redundant.

 

[Duotone]

"Yes"

• For high risk user
• AV dependent as @cruelsister stated
• An additional security layer
• For those who doesn't update there software/OS

"No"

• As CS also stated if you use some isolation/anti-exe/whitelist techniques

Probability of an exploit attack as stated by @hjlbx is slim like 1~2% in the wild even for high risk users, As exploit can be delivered thru adds, other means, and for those av dependent anti-exploits is needed rather than taking your chance w/o one specially this days were ransomware is prevalent.

I'm one of those 1-2% that caught an exploit... ROP attack

 

[DJ Panda]

I am following this guide How to setup Avast Internet Security 2016 for Maximum Protection (Guide)

Running ZAM with Pandora

90% of the time web browsing in a sandbox.
I know layered security is really good but I have never dealt with an exploit and would rather no bloat my systemm solsol I have no idea what I should do.

I would use Kaspersky but have no idea if it will run on my system (most AV) don't. I also have no money

 

[jamescv7]

Since Anti-exploit became a separate module by some programs then you need to consider things if its really need or not.

Usually vulnerabilities should solve by patches provided by manufacturers and let your current AV do the rest.

Now since exploits able to drop files or bypass some circumstances then as mentioned use programs linked to Anti-EXE or HIPS based.

 

[Cch123]

I'm one of those 1-2% that caught an exploit... ROP attack

What exploit did you actually encounter? ROP is a technique to bypass DEP and not an actual exploit itself. Many legitimate programs use ROP techniques too for various reasons.

 

[Duotone]

What exploit did you actually encounter? ROP is a technique to bypass DEP and not an actual exploit itself. Many legitimate programs use ROP techniques too for various reasons.

I know its not the actual exploit type but that's what HMP.A informed me ROP attack and the another incident was regarding with Lockdown didn't go further in to other details. That happened last year I'm not yet an MT member.

 

[Ink]

Never encountered an exploit, agree with the points made by @hjlbx. Anti-Exploit for some, but not for everyone.