Advice Request What would be the Best Browser Anti-Exploitation App?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

SearchLight

Level 13
Thread author
Verified
Top Poster
Well-known
Jul 3, 2017
625
I have been using Google Chrome for some time, and now the latest version 68 because it is said that Chrome is a secure browser.

That said to prevent Browser Exploitation, what app would you recommend?

I know there are apps like NoScript available but they can break websites, and one must be a savvy user to use them properly.

BTW, I am currently using Eset IS and ZAL as my base protection.

Suggestions?
 
  • Like
Reactions: JB007

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
Well, let's put the AV out of the equation for the moment. :) I don't see any reason not to run MB anti-exploit with voodoo, if you think that MBAE will help you. Personally, I think its power is limited, and it may not be worth the troubles it causes. I think that voodoo has you pretty well covered, even without MBAE. Just my personal opinion. If I was looking for a little extra protection, and I didn't want to use a sandboxing or isolation solution, then I would run OSArmor at max settings, rather than MBAE.

If you want a strong anti-exploit, it is called HitmanPro.Alert. It does a lot more than MBAE.
Sorry i forgot to mention i have;
- kaspersky free
- voodooshield
- syshardener

I dont really like use sandboxing tools and ive just heard its either osarmor or syshardener.
MBAE were taking around 10m of ram and i dont think it will conflict, so maybe its worth keeping as extra layer of security
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Sorry i forgot to mention i have;
- kaspersky free
- voodooshield
- syshardener

I dont really like use sandboxing tools and ive just heard its either osarmor or syshardener.
MBAE were taking around 10m of ram and i dont think it will conflict, so maybe its worth keeping as extra layer of security
RAM is usually not a problem, I don't worry about it unless there is a real RAM-hog on board. I don't know what Kaspersky Free does. Better to ask someone familiar with that product, I think @Evjl's Rain probably knows it.
 

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
RAM is usually not a problem, I don't worry about it unless there is a real RAM-hog on board. I don't know what Kaspersky Free does. Better to ask someone familiar with that product, I think @Evjl's Rain probably knows it.
KFA 2019 improved alot, i have to read myself what it actually contains nowadays. Thanks for post and maybe waiting for more opinions
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
RAM is usually not a problem, I don't worry about it unless there is a real RAM-hog on board. I don't know what Kaspersky Free does. Better to ask someone familiar with that product, I think @Evjl's Rain probably knows it.
kaspersky free HAS exploit protection (network attack blocker). It successfully prevented nonpetya infection before it touched the computer
ESET also did well
ETERNALBLUE vs Internet Security Suites and nextgen protections - MRG Effitas

other well-known dedicated anti-exploits such as malwarebytes and hitmanpro alert failed to block the exploit. HMPA released build 601 to patch it
MBAE by design can never ever block these kinds of exploit, comfirmed by the developers
Does Malwarebytes Premium detect Wannacry?

there is no best anti-exploit
something must be lacking. However, I believe post-exploit protection should do the job better than exploit mitigation (HMPA)
voodooshield, appguard, comodo firewall, NVT ERP can do that
OSArmor is also good but it can only shield exploitation from specific applications. Questionable
 
Last edited:

Sunshine-boy

Level 28
Verified
Top Poster
Well-known
Apr 1, 2017
1,759

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
OSArmor is also good but it can only shield exploitation from specific applications. Questionable
OSArmor at max settings blocks so many abusable processes, I don't know what is left for malware to use. With the exception of rundll32. There are rules blocking certain actions of rundll32, but it is not monitored as closely as with other anti-exe apps such as NVT ERP.
 

lowdetection

Level 7
Verified
Well-known
Jul 1, 2017
317
I agree with Umbra choice,

also they offer a nice kit, for testing it, included manual, https://dl.surfright.nl/Exploit Test Tool Manual.pdf

Being realistic, I think also knowing all the chrome://flags and how the browser work, could help in setting up a more safer environment, need a bit of time and patience to read, here there are some members that explained how to tweaks the chrome://flags

:)
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
OSArmor at max settings blocks so many abusable processes, I don't know what is left for malware to use. With the exception of rundll32. There are rules blocking certain actions of rundll32, but it is not monitored as closely as with other anti-exe apps such as NVT ERP.
Forgot to mention: I made for myself a custom block rule in OSA for rundll32, and I made the necessary exceptions of course, so as far as I can see, OSA is a very fine and customizable post-exploit tool. You can also make it into an anti-exe, if you add a few more custom block rules.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Yeah, the "Department of Chromeland Security" is doing a good job. Better to spend our time worrying about exploits on MS Office and Adobe products. That's where the action is.
Basically, if you use these or other vulnerable products, you can take one of two approaches: disable as much of Windows as you can (I would call that the @Lockdown approach), or sandbox/isolate as much as you can. Or do both, if you are uber-paranoid.
 

Peter Phillie

Level 1
Verified
Jul 12, 2018
40
Right now, I'm using Malwarebytes Anti-Exploit. This helps me protect my computer against all known and unknown vulnerability exploits and it works well in Internet Explorer, Firefox, Chrome, and Opera browsers. Also, it is compatible with most common anti-malware and antivirus products. So, try using this one.
 

lowdetection

Level 7
Verified
Well-known
Jul 1, 2017
317
1$, someone with enough skills to write a payload and specific module for Arduino, result: pwned

Instead, using Hitman.Pro Alert, with BADUSB enabled, will avoid this:

or this



Furthermore, there was a old comparison graphic showing how MalwareBytes antiexploit covered only some aspects, not sure if nowadays is different, as no one wanted get into competitions :D

But for final user making a choice, should be important to know... No?
 

SearchLight

Level 13
Thread author
Verified
Top Poster
Well-known
Jul 3, 2017
625
Based on the all the advice here, I installed OSA out of the box set and forget running with ESET IS.

What are the Max settings?


Could I just set them and forget it or would OSA become more talkative, and I need to have a good understanding of my running processes in Windows 10?
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Based on the all the advice here, I installed OSA out of the box set and forget running with ESET IS.

What are the Max settings?


Could I just set them and forget it or would OSA become more talkative, and I need to have a good understanding of my running processes in Windows 10?
Max settings means going to the advanced tab and ticking everything or almost everything.
You will likely get a few prompts, but it's pretty easy to make the needed exceptions for your regular, installed programs, just catch the prompt while it is showing, and it will make an exclude rule for you, with minimum effort on your part. If you miss the prompt, and you have to make the exclude rule on your own, it is more work. Sometimes, if there is a recurring command line with a random string of characters, you will need to replace that string of characters with *.

At max settings, you will probably need to temporarily disable OSA when installing or uninstalling software.
 

SearchLight

Level 13
Thread author
Verified
Top Poster
Well-known
Jul 3, 2017
625
Max settings means going to the advanced tab and ticking everything or almost everything.
You will likely get a few prompts, but it's pretty easy to make the needed exceptions for your regular, installed programs, just catch the prompt while it is showing, and it will make an exclude rule for you, with minimum effort on your part. If you miss the prompt, and you have to make the exclude rule on your own, it is more work. Sometimes, if there is a recurring command line with a random string of characters, you will need to replace that string of characters with *.

At max settings, you will probably need to temporarily disable OSA when installing or uninstalling software.

What settings are at Max for you?

All? If not, what did you leave unchecked?
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
What settings are at Max for you?

All? If not, what did you leave unchecked?
I don't actually have OSA installed right now on my main computer, but when I do, I just go and put a check in every possible box, and it works fine for me. If a certain rule is giving you grief, and you can't make exceptions for it, just leave it unchecked.
I also made some custom block rules to tweak it even further, but that is another story...
 
  • Like
Reactions: oldschool

SearchLight

Level 13
Thread author
Verified
Top Poster
Well-known
Jul 3, 2017
625
Just out of curiosity, is anyone using anything else similar to or other than OSA to supplement their AV?

If so, what is it, and how did it have to be configured or just set and forget? Thanks.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Just out of curiosity, is anyone using anything else similar to or other than OSA to supplement their AV?

If so, what is it, and how did it have to be configured or just set and forget? Thanks.
I am using Software Restriction Policy, configured by Andy Ful's Hard_Configurator.
It takes a bit of skill to understand what it does, and set it up right, but it packs a very big punch, for zero money and no impact on system performance. Malware is not going to get past it.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
The satiric view on Comodo Firewall (CS settings), Hard_Configurator, OSArmor, ReHIPS, and VoodooShield (autopilot).
.
Comodo Firewall (CS settings)
You can eat at home the meals which you have eaten before or everything you want in 5-star restaurants. In other cases, you do not really eat meals but only smell them to grasp the taste. You can also ask your favorite expert, but he is not so good at modern meals.
.
Hard_Configurator
You can eat only at home and only those products which you have eaten before. Ask the expert for the permission, if you want to eat something new (do not ignore the advice). You can eat the risky meals without risky ingredients.
.
OSArmor
You can eat anything you want at any location, except for a long list of forbidden meals and unsafe places.
.
ReHIPS
You can eat anything you want at any location, but in the restaurant think 5 minutes before eating to decide if the chosen meal will not harm your stomach. Furthermore, you can safely eat some predefined risky meals together with the medicine, that will neutralize the bad side-effects.
.
VoodooShield
You can eat anything you want at any location, but in the restaurant think 5 minutes before eating to decide if the chosen meal will not harm your stomach. Alternatively, make a group call to 60 wise friends and ask what they think about the meal.
 
Last edited:
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top