Advice Request What is a good anti-exploit software for Windows 7?

Please provide comments and solutions that are helpful to the author of this topic.

RoboMan

RoboMan

Level 35
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,485
Spawn said:
"You are wrong."

"Windows 7 is the best OS ever! No bloatware. No security updates. No probems."

/s

Source: Windows user's mindset.
Click to expand...
I have heard this so many times... Even on "IT professionals forums/groups", disabling updates and calling others to do it, because according to them: updates always ruin your system and make it slower. And here I was, thinking patches are meant to fix, stupid Robo.
 
  • Like
Reactions: Venustus, Dave Russo, shmu26 and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,511
shmu26 said:
...
If you are concerned about exploit of MS Office applications, and this is a very valid concern, EMET is probably effective on Windows 7, although the "anti-document exploit" feature of Hard_Configurator might be even better. Maybe @Andy Ful has something to say about it.
Click to expand...
Windows 7 OS and applications are coded in C, C++, and C# - they are by design vulnerable to memory exploits, and there is not exist an application that could prevent this.
Using SUA can mitigate about 80% of OS exploits. Very important is also updating Windows and applications.
HitmanPro Alert or Emet can be used to mitigate memory exploits in applications. Restricting MS Office and Adobe Acrobat Reader (or even better not using both) can prevent most exploits introduced via weaponized documents.
SRP and anti-exe can be used to prevent running some exploits and block execution of payloads (post-exploitation protection). But, this also will require to block LOLBins.
Restricting scripts can be beneficial for preventing exploits (exploit kits) introduced by scripts.
Generally restricting/hardening Windows (disabling SMB, remote features, unused services, etc.) or using isolation/virtualization can prevent or mitigate many exploits too.
 
Last edited:
  • Like
Reactions: Venustus, Gandalf_The_Grey, shmu26 and 2 others
DDE_Server

DDE_Server

Level 22
Verified
Top Poster
Well-known
Sep 5, 2017
1,173
Gandalf_The_Grey said:
Regular Acrobat Reader and Foxit Reader are supported, not sure the paid version isn't?
You can ask the dev or add them yourself in the pro version.
Click to expand...
unfortunately i donot have pro version also in pro (also i have bought cheap licence for Foxit phantom standard ) i cannot afford the fees of upgrade so i want to know if i can protect it from exploitation as it will not receive any major updates which of course include security updates
 
  • Like
Reactions: Behold Eck, Venustus, Dave Russo and 2 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,260
DDE_Server said:
unfortunately i donot have pro version also in pro (also i have bought cheap licence for Foxit phantom standard ) i cannot afford the fees of upgrade so i want to know if i can protect it from exploitation as it will not receive any major updates which of course include security updates
Click to expand...
I don't know, because I don't use those 2 programs.
Just ask Dan the developer by mail: support at voodooshield.com
It could be that they are already supported or that he will add them. :unsure:
Doesn't hurt to ask...
 
  • Like
Reactions: Protomartyr, Venustus, Dave Russo and 2 others
F

ForgottenSeer 823865

The real definition of "Exploits" are in-memory attacks which can only be circumvented by tools like HMPA, MBAE, EMET/Windows Exploit Protection (those are true anti-exploit) or apps with some memory containment.
The worst kind, Kernel Exploits can only be prevented via OS patching.
What all of you are saying when talking about exploits is misnomer, and is in fact POST-exploitation (use of LOLbins, scripts, etc...).

But it is more exciting marketing-wise to use the term "anti-exploit" than "anti-post-exploitation". After all , average users won't do the difference and justy buy.
 
  • Like
Reactions: Behold Eck, Protomartyr, Venustus and 3 others
DDE_Server

DDE_Server

Level 22
Verified
Top Poster
Well-known
Sep 5, 2017
1,173
Umbra said:
the real definition of "Exploits" are in-memory attacks which can only be circumvented by tools like HMPA, MBAE, Windows Exploit Guard or apps with some memory containment.
The worst kind, Kernel Exploits can only be prevented via OS patching.
What all of you are saying when talking about exploits is misnomer, and is in fact POST-exploitation (use of LOLbins, scripts, etc...).

But it is more excuting marketing-wise to use the term "anti-exploit" than "anti-post-exploitation". After all , average users won't do the difference and justy buy.
Click to expand...
So blocking those types of script excuting via osarmor may be a proactive defense about this type of attacks related to memory one or need some didcated programs such as MBAE or HMPA ??
 
  • Like
Reactions: Behold Eck, Venustus and oldschool
F

ForgottenSeer 823865

DDE_Server said:
So blocking those types of script excuting via osarmor may be a proactive defense about this type of attacks related to memory one or need some didcated programs such as MBAE or HMPA ??
Click to expand...
Everything acting in-memory need in-memory protection as i mentioned above (if not we won't need HMPA and co). there is no other way.
However, if the exploit is using LOLBins/LOLscript to do other malicious actions, then yes anti-exe like OSarmor may interrupt the attack chain but your system is still already breached.

note: some security suites (especially corporate ones like SEP, etc...) usually offers some kind of Exploit Protection on top of their Post-Exploit prevention system.
 
Last edited by a moderator:
  • Like
  • +Reputation
Reactions: Behold Eck, Protomartyr, Venustus and 4 others
oldschool

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,613
DDE_Server said:
So blocking those types of script excuting via osarmor may be a proactive defense about this type of attacks related to memory one or need some didcated programs such as MBAE or HMPA ??
Click to expand...

Your best free anti-exploit option is MBAE.

I would also email Dan at VS and ask him about joining the forum and using beta (for its anti-exe protection).

Those two work well together on older hardware.
 
  • Like
Reactions: Behold Eck, Protomartyr, Venustus and 5 others
DDE_Server

DDE_Server

Level 22
Verified
Top Poster
Well-known
Sep 5, 2017
1,173
Umbra said:
Everything acting in-memory need in-memory protection as i mentioned above (if not we won't need HMPA and co). there is no other way.
However, if the exploit is using LOLBins/LOLscript to do other malicious actions, then yes anti-exe like OSarmor may interrupt the attack chain but your system is still already breached.

note: some security suites (especially corporate ones like SEP, etc...) usually offers some kind of Exploit Protection on top of their Post-Exploit prevention system.
Click to expand...
Does EAM offer such protection :unsure: :unsure: ??
 
  • Like
Reactions: Behold Eck, harlan4096, Protomartyr and 2 others
F

ForgottenSeer 823865

DDE_Server said:
Does EAM offer such protection :unsure: :unsure: ??
Click to expand...
EAM is an AV, not an anti-exploit, however he has a behavior blocker which is able to monitors attack vectors and block post-exploitation.

I have to say that the chance for a home user to cross a memory exploit is slim.
Even me, all the exploits alerts I got from HMPA were false positive due to other security softs doing dlls injections.

So if you are on Win10, using a decent AV having a default-deny component, you should be good. Of course don't have risky behaviors.
 
  • Like
  • +Reputation
  • Applause
Reactions: Behold Eck, Rengar, harlan4096 and 4 others

Similar threads

lokamoka820
    • Like
    • +Reputation
Security News Microsoft Office Apps Provide a New Path for Hackers
Replies
0
Views
2,132
Security News
lokamoka820
lokamoka820
nicolaasjan
    • Like
    • +Reputation
    • Applause
Hot Take Mozilla will extend support for Firefox for Windows 7 and Windows 8
Replies
2
Views
506
Firefox
silversurfer
silversurfer
Bot
End-of-Life announcement for Norton security software on Windows XP, Windows Vista, and Windows 7 (SP0)
Replies
1
Views
667
Norton
Bot
Bot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top