Battle Which Anti-Exploit software should I use?

RXZ6Q

Level 4
Thread author
Verified
Mar 30, 2016
169
I just reinstalled my computer and found out that Malwarebytes Anti-Exploit has been discontinued (probably?) and is only available now as a beta. I am looking for product that could replace this software. I am mainly looking for low resources usage! Malwarebytes Anti-Exploit only used a few megabytes of RAM. I use Avira Antivirus Free and Comodo Firewall Free.
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,814
If you're only looking to protect your browsers, MBAE Free works well. If you're willing to pay for the MBAE Premium then you'll get protection for some of the most targeted programs out there.

EMET works too but I've personally had some compatibility issues with wrapping its protection around certain programs in the past. Also Microsoft are dropping support for it in July 2018. (Huge mistake in my opinion. Businesses especially will suffer for this.)

Never tried HMPA so I can't comment on it, but I know a good amount of people hold it in high regard.
 
Last edited:

RXZ6Q

Level 4
Thread author
Verified
Mar 30, 2016
169
Sorry, guys, I forgot to mention that I was using paid version of Malwarebytes :D So I misled you. Feel free to offer any paid solution, I am not looking for free software :)

The Comodo protecting against exploits is really interesting, does anyone else knows more?

I am running Windows 10 and already using SumatraPDF

I try to update my software as much as I can, but I still have to use Microsoft Office and Flash.

As a gamer, running Linux is not a option for me.

HitmanPro.Alert seems to be really interesting, do any of you guys have information about resorce usage and compatibility with my soft? BadUSB protection is amazing.

How good is EMET compared to HMP.A and MBAE in terms of performance and zero-day protection?

So if I decide to continue using MBAE - should I run the old version or the new beta version?
 
W

Wave

Sorry, guys, I forgot to mention that I was using paid version of Malwarebytes :D So I misled you. Feel free to offer any paid solution, I am not looking for free software :)
HitmanPro.Alert IMO.

How good is EMET compared to HMP.A and MBAE in terms of performance and zero-day protection?
HMP.A works differently but it is the most powerful in terms of capabilities, but either EMET or MBAE is fine too.

So if I decide to continue using MBAE - should I run the old version or the new beta version?
MBAE stable version not beta unless you don't mind occasional bugs it might bring. Stable can have bugs too but there won't be as many...
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
HMPA is a powerful software, it does not impact system performance, it uses 0% CPU or close to it, it uses about 12 MB RAM.

But... it is famous for conflicting with software and hardware (certain USB peripherals)
You just have to try it and see if it works with your config, and if not, maybe their beta version (they always are pushing out another beta version) solves your conflict.

It's good enough to make it worth the hassle.
 
W

Wave

HMPA is a powerful software, it does not impact system performance, it uses 0% CPU or close to it, it uses about 12 MB RAM.
It does impact system performance, the same way everything which behaves like HitmanPro.Alert will impact on system performance. The 0% CPU doesn't mean it doesn't use any CPU usage, every running program uses the CPU because it'll be running in the background, I don't know how Task Manager works with it myself...

HitmanPro.Alert works with process injection which means the memory of other running programs will increase; the memory usage of the monitored programs won't use a lot of additional memory since HMP.A is genuinely light but it depends.

Since it injects into processes, there must be a reason to need to do this... Hooks! Hooks will allow them to log the behavior of the running program. This means when the hooked (or "detoured" is a more professional term for it) functions are triggered (so when the targeted functions are called and it leads to the custom code written by HMP.A alert before Windows processes the API call properly), they log this information which will be beneficial in identifying certain behavior.

:)
 

Rolo

Level 18
Verified
Jun 14, 2015
857
EMET works too but I've personally had some compatibility issues with wrapping its protection around certain programs in the past. Also Microsoft are dropping support for it in July 2018. (Huge mistake in my opinion. Businesses especially will suffer for this.)
Not a mistake: it's because they've been incorporating these capabilities in Windows; EMET was just a gap-filler.
cf. Moving Beyond EMET


To not use software "because it's targeted more frequently" is like saying "don't have money or buy stuff--you'll get targeted more frequently". Instead, use what you need, don't have extra, keep it up to date (Secunia PSI has problems and SUMo/DUMo does a far better job).
 

Handsome Recluse

Level 23
Verified
Top Poster
Well-known
Nov 17, 2016
1,242
Yeah. Updates are your best bet in exploit protection. It's in the mandatory section in asd.gov.au . You also already have both Comodo Firewall for a usable whitelist and a good antivirus to deal with anything extra. Adding more will just bog down your system or possibly lead to incompatibilities. More chances to fail. You just need that little extra self-control to not download that extra soft.
 
  • Like
Reactions: RXZ6Q

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
It does impact system performance, the same way everything which behaves like HitmanPro.Alert will impact on system performance. The 0% CPU doesn't mean it doesn't use any CPU usage, every running program uses the CPU because it'll be running in the background, I don't know how Task Manager works with it myself...

HitmanPro.Alert works with process injection which means the memory of other running programs will increase; the memory usage of the monitored programs won't use a lot of additional memory since HMP.A is genuinely light but it depends.

Since it injects into processes, there must be a reason to need to do this... Hooks! Hooks will allow them to log the behavior of the running program. This means when the hooked (or "detoured" is a more professional term for it) functions are triggered (so when the targeted functions are called and it leads to the custom code written by HMP.A alert before Windows processes the API call properly), they log this information which will be beneficial in identifying certain behavior.

:)
The Wave knows about a million times better than me how these apps actually work, but as a user, I don't feel that HMPA makes my system slower or less responsive.

Caveat: if you start piling on the security softs, one on top of another, then it is likely that you will start to feel a general slowdown in system responsiveness.

Radical idea: if the OP is serious about exploit protection, he should dump COMODO and switch to ReHIPS, which allows one to elegantly isolate all vulnerable programs, as well as control system processes.
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,814
Not a mistake: it's because they've been incorporating these capabilities in Windows; EMET was just a gap-filler.
cf. Moving Beyond EMET


To not use software "because it's targeted more frequently" is like saying "don't have money or buy stuff--you'll get targeted more frequently". Instead, use what you need, don't have extra, keep it up to date (Secunia PSI has problems and SUMo/DUMo does a far better job).
Don't get me wrong, implementing the protections afforded by EMET into Windows itself can only be a good thing but I think Microsoft is forgetting that Windows 7 still holds a market share majority by almost 50%. It isn't such a big deal with consumers; I'm betting most people haven't even heard of EMET, but when it comes to businesses it's a whole different story. With the amount of time it takes a large business to migrate to an entirely new OS I feel Microsoft's being a little premature on ending support for it. (Although to their credit, they did extend the end-of-life time by 18 months but only because they were put under so much pressure.)

You're right about Secunia. Ran a scan with both Secunia and SUMo; Secunia found no updates, SUMo found 6. Guess I'm switching update software. Thanks. :)
 
Last edited:

giants8058

Level 4
Verified
Jan 26, 2016
150
They do analyse the behavior of programs and if I recall correctly they also have the ability to identify when the browser has become compromised (e.g. formgrabber through injection & API hooking), and in this case they would alert you to run a scan - I don't know of any other anti-exploit which does this? Even full AV/IS suite products these days would miss such a thing as I've seen from personal testing.

*could be wrong if I recalled incorrectly but I think what I said above is right.

They inject into processes and monitor from user-mode via hooks I believe.

Even Sophos liked it enough to integrate their technology into their endpoint protection for enterprises.
It definitely does. I've received a handful or more browser intruder alerts from HMP.alert, in which my AV missed. And doing a good amount of online banking/commerce, this is extremely important to me. Personally I think your best bet is going with HMP.alert and keeping your apps up to date. I've used Secunia in the past, but felt it can slow down your system a bit. In my case, I feel no slow downs with HMP.alert. As you can see, it offers more exploit mitigation than the competition.
 

Attachments

  • hmp.alert.png
    hmp.alert.png
    1.9 MB · Views: 420
Last edited:
  • Like
Reactions: Wave
5

509322

I've received a handful or more browser intruder alerts from HMP.alert, in which my AV missed.

If those browser intrusion alerts are legitimate, then that means that there is an active infection already on your system... ;)

Banking trojans and other financial malware just don't run from a webpage inside your browser without touching your system - they're actually installed onto your system.

You better get someone to either check out those HMP.A alerts or take a look at your system.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top